VAR-201705-3789
Vulnerability from variot - Updated: 2023-12-18 11:37In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions extract_l3_ipv6, extract_l4_tcp, and extract_l4_udp that can be triggered remotely. Open vSwitch (OvS) Contains a buffer error vulnerability.Information is acquired, information is acquired, information is altered, and service operation is interrupted (DoS) There is a possibility of being put into a state. Open vSwitch is prone to the following multiple security vulnerabilities:
1. Multiple buffer-overflow vulnerabilities
2. A denial-of-service vulnerability
An attacker can exploit these issues to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in denial-of-service conditions. Open vSwitch (OvS) is a multi-layer virtual switch product based on open source technology (according to the Apache2.0 license). It supports large-scale network automation, standard management interfaces and protocols, etc. through programming extensions. The 'extract_l3_ipv6', 'extract_l4_tcp' and 'extract_l4_udp' functions of the lib/conntrack.c file in the firewall implementation process of OvS 2.6.1 version have security vulnerabilities. ==========================================================================
Ubuntu Security Notice USN-3450-1
October 11, 2017
openvswitch vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Open vSwitch.
Software Description: - openvswitch: Ethernet virtual switch
Details:
Bhargava Shastry discovered that Open vSwitch incorrectly handled certain OFP messages. (CVE-2017-9214)
It was discovered that Open vSwitch incorrectly handled certain OpenFlow role messages. (CVE-2017-9263)
It was discovered that Open vSwitch incorrectly handled certain malformed packets. This issue only affected Ubuntu 17.04. (CVE-2017-9265)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.04: openvswitch-common 2.6.1-0ubuntu5.1
Ubuntu 16.04 LTS: openvswitch-common 2.5.2-0ubuntu0.16.04.2
In general, a standard system update will make all the necessary changes. 1473735 - ovs-vswitchd crashes with SIGSEGV randomly when adding/removing interfaces
- X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Thu, 03 Aug 2017 12:39:24 +0000 (UTC)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: openvswitch security, bug fix, and enhancement update Advisory ID: RHSA-2017:2418-01 Product: Fast Datapath Advisory URL: https://access.redhat.com/errata/RHSA-2017:2418 Issue date: 2017-08-03 CVE Names: CVE-2017-9214 CVE-2017-9263 CVE-2017-9264 CVE-2017-9265 =====================================================================
- Summary:
An update for openvswitch is now available for Fast Datapath for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Channel to provide early releases to layered products - noarch, x86_64
- Description:
Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
The following packages have been upgraded to a later upstream version: openvswitch (2.7.2). (BZ#1472854)
Security Fix(es):
-
An unsigned int wrap around leading to a buffer over-read was found when parsing OFPT_QUEUE_GET_CONFIG_REPLY messages in Open vSwitch (OvS). An attacker could use this flaw to cause a remote DoS. (CVE-2017-9214)
-
In Open vSwitch (OvS), while parsing an OpenFlow role status message there is a call to the abort() function for undefined role status reasons in the function
ofp_print_role_status_messageinlib/ofp-print.cthat may be leveraged toward a remote DoS attack by a malicious switch. A remote attack could use this flaw to cause a Denial of Service (DoS). (CVE-2017-9264) -
A buffer over-read flaw was found in Open vSwitch (OvS) while parsing the group mod OpenFlow messages sent from the controller. An attacker could use this flaw to cause a Denial of Service (DoS). (CVE-2017-9265)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Channel to provide early releases to layered products:
Source: openvswitch-2.7.2-1.git20170719.el7fdp.src.rpm
noarch: openvswitch-test-2.7.2-1.git20170719.el7fdp.noarch.rpm python-openvswitch-2.7.2-1.git20170719.el7fdp.noarch.rpm
x86_64: openvswitch-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-debuginfo-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-devel-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-ovn-central-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-ovn-common-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-ovn-docker-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-ovn-host-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-ovn-vtep-2.7.2-1.git20170719.el7fdp.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-9214 https://access.redhat.com/security/cve/CVE-2017-9263 https://access.redhat.com/security/cve/CVE-2017-9264 https://access.redhat.com/security/cve/CVE-2017-9265 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFZgxmYXlSAg2UNWIIRAuzuAJ9Dngapo5j66itwFnpsvl92GKMAywCfb2Ah V7og7GgSn4a1oFzQjIZHeXk= =qOi+ -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3789",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openvswitch",
"scope": "eq",
"trust": 1.6,
"vendor": "openvswitch",
"version": "2.6.1"
},
{
"model": "open vswitch",
"scope": "eq",
"trust": 0.8,
"vendor": "open vswitch",
"version": "2.6.1"
},
{
"model": "rhev-m",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "openstack platform",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "openstack platform",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "11"
},
{
"model": "openstack platform",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "10"
},
{
"model": "enterprise linux openstack platform for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.07"
},
{
"model": "enterprise linux openstack platform for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.07"
},
{
"model": "enterprise linux openstack platform for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5.06"
},
{
"model": "vswitch open vswitch",
"scope": "eq",
"trust": 0.3,
"vendor": "open",
"version": "2.7"
},
{
"model": "powerkvm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
}
],
"sources": [
{
"db": "BID",
"id": "102342"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004542"
},
{
"db": "NVD",
"id": "CVE-2017-9264"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1372"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openvswitch:openvswitch:2.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9264"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported these issues.",
"sources": [
{
"db": "BID",
"id": "102342"
}
],
"trust": 0.3
},
"cve": "CVE-2017-9264",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-9264",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-117467",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-9264",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-9264",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-1372",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-117467",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-117467"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004542"
},
{
"db": "NVD",
"id": "CVE-2017-9264"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1372"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extract_l4_tcp`, and `extract_l4_udp` that can be triggered remotely. Open vSwitch (OvS) Contains a buffer error vulnerability.Information is acquired, information is acquired, information is altered, and service operation is interrupted (DoS) There is a possibility of being put into a state. Open vSwitch is prone to the following multiple security vulnerabilities:\n1. Multiple buffer-overflow vulnerabilities\n2. A denial-of-service vulnerability\nAn attacker can exploit these issues to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in denial-of-service conditions. Open vSwitch (OvS) is a multi-layer virtual switch product based on open source technology (according to the Apache2.0 license). It supports large-scale network automation, standard management interfaces and protocols, etc. through programming extensions. The \u0027extract_l3_ipv6\u0027, \u0027extract_l4_tcp\u0027 and \u0027extract_l4_udp\u0027 functions of the lib/conntrack.c file in the firewall implementation process of OvS 2.6.1 version have security vulnerabilities. ==========================================================================\nUbuntu Security Notice USN-3450-1\nOctober 11, 2017\n\nopenvswitch vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 17.04\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Open vSwitch. \n\nSoftware Description:\n- openvswitch: Ethernet virtual switch\n\nDetails:\n\nBhargava Shastry discovered that Open vSwitch incorrectly handled certain\nOFP messages. (CVE-2017-9214)\n\nIt was discovered that Open vSwitch incorrectly handled certain OpenFlow\nrole messages. (CVE-2017-9263)\n\nIt was discovered that Open vSwitch incorrectly handled certain malformed\npackets. This issue only\naffected Ubuntu 17.04. (CVE-2017-9265)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 17.04:\n openvswitch-common 2.6.1-0ubuntu5.1\n\nUbuntu 16.04 LTS:\n openvswitch-common 2.5.2-0ubuntu0.16.04.2\n\nIn general, a standard system update will make all the necessary changes. \n1473735 - ovs-vswitchd crashes with SIGSEGV randomly when adding/removing interfaces\n\n6. X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11\nX-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Thu, 03 Aug 2017 12:39:24 +0000 (UTC)\n\n\n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: openvswitch security, bug fix, and enhancement update\nAdvisory ID: RHSA-2017:2418-01\nProduct: Fast Datapath\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:2418\nIssue date: 2017-08-03\nCVE Names: CVE-2017-9214 CVE-2017-9263 CVE-2017-9264 \n CVE-2017-9265 \n=====================================================================\n\n1. Summary:\n\nAn update for openvswitch is now available for Fast Datapath for Red Hat\nEnterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nChannel to provide early releases to layered products - noarch, x86_64\n\n3. Description:\n\nOpen vSwitch provides standard network bridging functions and support for\nthe OpenFlow protocol for remote per-flow control of traffic. \n\nThe following packages have been upgraded to a later upstream version:\nopenvswitch (2.7.2). (BZ#1472854)\n\nSecurity Fix(es):\n\n* An unsigned int wrap around leading to a buffer over-read was found when\nparsing OFPT_QUEUE_GET_CONFIG_REPLY messages in Open vSwitch (OvS). An\nattacker could use this flaw to cause a remote DoS. (CVE-2017-9214)\n\n* In Open vSwitch (OvS), while parsing an OpenFlow role status message\nthere is a call to the abort() function for undefined role status reasons\nin the function `ofp_print_role_status_message` in `lib/ofp-print.c` that\nmay be leveraged toward a remote DoS attack by a malicious switch. A remote attack could use this flaw to cause a\nDenial of Service (DoS). (CVE-2017-9264)\n\n* A buffer over-read flaw was found in Open vSwitch (OvS) while parsing the\ngroup mod OpenFlow messages sent from the controller. An attacker could use\nthis flaw to cause a Denial of Service (DoS). (CVE-2017-9265)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nChannel to provide early releases to layered products:\n\nSource:\nopenvswitch-2.7.2-1.git20170719.el7fdp.src.rpm\n\nnoarch:\nopenvswitch-test-2.7.2-1.git20170719.el7fdp.noarch.rpm\npython-openvswitch-2.7.2-1.git20170719.el7fdp.noarch.rpm\n\nx86_64:\nopenvswitch-2.7.2-1.git20170719.el7fdp.x86_64.rpm\nopenvswitch-debuginfo-2.7.2-1.git20170719.el7fdp.x86_64.rpm\nopenvswitch-devel-2.7.2-1.git20170719.el7fdp.x86_64.rpm\nopenvswitch-ovn-central-2.7.2-1.git20170719.el7fdp.x86_64.rpm\nopenvswitch-ovn-common-2.7.2-1.git20170719.el7fdp.x86_64.rpm\nopenvswitch-ovn-docker-2.7.2-1.git20170719.el7fdp.x86_64.rpm\nopenvswitch-ovn-host-2.7.2-1.git20170719.el7fdp.x86_64.rpm\nopenvswitch-ovn-vtep-2.7.2-1.git20170719.el7fdp.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-9214\nhttps://access.redhat.com/security/cve/CVE-2017-9263\nhttps://access.redhat.com/security/cve/CVE-2017-9264\nhttps://access.redhat.com/security/cve/CVE-2017-9265\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFZgxmYXlSAg2UNWIIRAuzuAJ9Dngapo5j66itwFnpsvl92GKMAywCfb2Ah\nV7og7GgSn4a1oFzQjIZHeXk=\n=qOi+\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9264"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004542"
},
{
"db": "BID",
"id": "102342"
},
{
"db": "VULHUB",
"id": "VHN-117467"
},
{
"db": "PACKETSTORM",
"id": "144576"
},
{
"db": "PACKETSTORM",
"id": "144137"
},
{
"db": "PACKETSTORM",
"id": "144026"
},
{
"db": "PACKETSTORM",
"id": "143646"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9264",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004542",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1372",
"trust": 0.7
},
{
"db": "BID",
"id": "102342",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-117467",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144576",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144137",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144026",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143646",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-117467"
},
{
"db": "BID",
"id": "102342"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004542"
},
{
"db": "PACKETSTORM",
"id": "144576"
},
{
"db": "PACKETSTORM",
"id": "144137"
},
{
"db": "PACKETSTORM",
"id": "144026"
},
{
"db": "PACKETSTORM",
"id": "143646"
},
{
"db": "NVD",
"id": "CVE-2017-9264"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1372"
}
]
},
"id": "VAR-201705-3789",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-117467"
}
],
"trust": 0.725
},
"last_update_date": "2023-12-18T11:37:29.597000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "[ovs-dev] [PATCH] conntrack: Fix checks for TCP, UDP, and IPv6 header sizes.",
"trust": 0.8,
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-march/329323.html"
},
{
"title": "Open vSwitch Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70638"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004542"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1372"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-117467"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004542"
},
{
"db": "NVD",
"id": "CVE-2017-9264"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:2418"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:2648"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:2727"
},
{
"trust": 1.7,
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-march/329323.html"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9264"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9264"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2017-9263"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2017-9264"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2017-9265"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9265"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9214"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9263"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1457327"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1457335"
},
{
"trust": 0.3,
"url": "http://www.ibm.com"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1457329"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1026032"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2017-9214"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://www.ubuntu.com/usn/usn-3450-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openvswitch/2.6.1-0ubuntu5.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openvswitch/2.5.2-0ubuntu0.16.04.2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-117467"
},
{
"db": "BID",
"id": "102342"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004542"
},
{
"db": "PACKETSTORM",
"id": "144576"
},
{
"db": "PACKETSTORM",
"id": "144137"
},
{
"db": "PACKETSTORM",
"id": "144026"
},
{
"db": "PACKETSTORM",
"id": "143646"
},
{
"db": "NVD",
"id": "CVE-2017-9264"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1372"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-117467"
},
{
"db": "BID",
"id": "102342"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004542"
},
{
"db": "PACKETSTORM",
"id": "144576"
},
{
"db": "PACKETSTORM",
"id": "144137"
},
{
"db": "PACKETSTORM",
"id": "144026"
},
{
"db": "PACKETSTORM",
"id": "143646"
},
{
"db": "NVD",
"id": "CVE-2017-9264"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1372"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-29T00:00:00",
"db": "VULHUB",
"id": "VHN-117467"
},
{
"date": "2017-05-26T00:00:00",
"db": "BID",
"id": "102342"
},
{
"date": "2017-06-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004542"
},
{
"date": "2017-10-12T13:40:31",
"db": "PACKETSTORM",
"id": "144576"
},
{
"date": "2017-09-14T19:51:05",
"db": "PACKETSTORM",
"id": "144137"
},
{
"date": "2017-09-06T17:18:00",
"db": "PACKETSTORM",
"id": "144026"
},
{
"date": "2017-08-04T05:19:21",
"db": "PACKETSTORM",
"id": "143646"
},
{
"date": "2017-05-29T04:29:00.400000",
"db": "NVD",
"id": "CVE-2017-9264"
},
{
"date": "2017-05-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-1372"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-117467"
},
{
"date": "2017-05-26T00:00:00",
"db": "BID",
"id": "102342"
},
{
"date": "2017-06-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004542"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-9264"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-1372"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "144576"
},
{
"db": "PACKETSTORM",
"id": "144137"
},
{
"db": "PACKETSTORM",
"id": "144026"
},
{
"db": "PACKETSTORM",
"id": "143646"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1372"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Open vSwitch Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004542"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-1372"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.