var-201705-3873
Vulnerability from variot
In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function ofputil_pull_queue_get_config_reply10 in lib/ofp-util.c. Open vSwitch (OvS) Contains an integer underflow vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Open vSwitch (OVS) is a multi-layer virtual switch product based on open source technology (following the Apache2.0 license). It supports large-scale network automation, standard management interfaces and protocols, etc. through programming extensions. There is an integer overflow vulnerability in the 'ofputil_pull_queue_get_config_reply10' function of lib/ofp-util.c file in OvS 2.7.0 version.
1473735 - ovs-vswitchd crashes with SIGSEGV randomly when adding/removing interfaces
- X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Thu, 03 Aug 2017 12:39:24 +0000 (UTC)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: openvswitch security, bug fix, and enhancement update Advisory ID: RHSA-2017:2418-01 Product: Fast Datapath Advisory URL: https://access.redhat.com/errata/RHSA-2017:2418 Issue date: 2017-08-03 CVE Names: CVE-2017-9214 CVE-2017-9263 CVE-2017-9264 CVE-2017-9265 =====================================================================
- Summary:
An update for openvswitch is now available for Fast Datapath for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Channel to provide early releases to layered products - noarch, x86_64
- Description:
Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
The following packages have been upgraded to a later upstream version: openvswitch (2.7.2). An attacker could use this flaw to cause a remote DoS. (CVE-2017-9214)
-
In Open vSwitch (OvS), while parsing an OpenFlow role status message there is a call to the abort() function for undefined role status reasons in the function
ofp_print_role_status_messageinlib/ofp-print.cthat may be leveraged toward a remote DoS attack by a malicious switch. (CVE-2017-9263) -
A buffer over-read was found in the Open vSwitch (OvS) firewall implementation. This flaw can be triggered by parsing a specially crafted TCP, UDP, or IPv6 packet. A remote attack could use this flaw to cause a Denial of Service (DoS). An attacker could use this flaw to cause a Denial of Service (DoS). (CVE-2017-9265)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Channel to provide early releases to layered products:
Source: openvswitch-2.7.2-1.git20170719.el7fdp.src.rpm
noarch: openvswitch-test-2.7.2-1.git20170719.el7fdp.noarch.rpm python-openvswitch-2.7.2-1.git20170719.el7fdp.noarch.rpm
x86_64: openvswitch-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-debuginfo-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-devel-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-ovn-central-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-ovn-common-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-ovn-docker-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-ovn-host-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-ovn-vtep-2.7.2-1.git20170719.el7fdp.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-9214 https://access.redhat.com/security/cve/CVE-2017-9263 https://access.redhat.com/security/cve/CVE-2017-9264 https://access.redhat.com/security/cve/CVE-2017-9265 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFZgxmYXlSAg2UNWIIRAuzuAJ9Dngapo5j66itwFnpsvl92GKMAywCfb2Ah V7og7GgSn4a1oFzQjIZHeXk= =qOi+ -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3873",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "11"
},
{
"model": "openvswitch",
"scope": "eq",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.7.0"
},
{
"model": "openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "9"
},
{
"model": "openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "10"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "virtualization manager",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.1"
},
{
"model": "openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "virtualization",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8"
},
{
"model": "virtualization",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.1"
},
{
"model": "openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "open vswitch",
"scope": "eq",
"trust": 0.8,
"vendor": "open vswitch",
"version": "2.7.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004434"
},
{
"db": "NVD",
"id": "CVE-2017-9214"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openvswitch:openvswitch:2.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:virtualization:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:virtualization_manager:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9214"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "143959"
},
{
"db": "PACKETSTORM",
"id": "144028"
},
{
"db": "PACKETSTORM",
"id": "144137"
},
{
"db": "PACKETSTORM",
"id": "144026"
},
{
"db": "PACKETSTORM",
"id": "144124"
},
{
"db": "PACKETSTORM",
"id": "143646"
},
{
"db": "PACKETSTORM",
"id": "144115"
}
],
"trust": 0.7
},
"cve": "CVE-2017-9214",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-9214",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-117417",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-9214",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-9214",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-117417",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-117417"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004434"
},
{
"db": "NVD",
"id": "CVE-2017-9214"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`. Open vSwitch (OvS) Contains an integer underflow vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Open vSwitch (OVS) is a multi-layer virtual switch product based on open source technology (following the Apache2.0 license). It supports large-scale network automation, standard management interfaces and protocols, etc. through programming extensions. There is an integer overflow vulnerability in the \u0027ofputil_pull_queue_get_config_reply10\u0027 function of lib/ofp-util.c file in OvS 2.7.0 version. \n1473735 - ovs-vswitchd crashes with SIGSEGV randomly when adding/removing interfaces\n\n6. X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11\nX-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Thu, 03 Aug 2017 12:39:24 +0000 (UTC)\n\n\n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: openvswitch security, bug fix, and enhancement update\nAdvisory ID: RHSA-2017:2418-01\nProduct: Fast Datapath\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:2418\nIssue date: 2017-08-03\nCVE Names: CVE-2017-9214 CVE-2017-9263 CVE-2017-9264 \n CVE-2017-9265 \n=====================================================================\n\n1. Summary:\n\nAn update for openvswitch is now available for Fast Datapath for Red Hat\nEnterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nChannel to provide early releases to layered products - noarch, x86_64\n\n3. Description:\n\nOpen vSwitch provides standard network bridging functions and support for\nthe OpenFlow protocol for remote per-flow control of traffic. \n\nThe following packages have been upgraded to a later upstream version:\nopenvswitch (2.7.2). An\nattacker could use this flaw to cause a remote DoS. (CVE-2017-9214)\n\n* In Open vSwitch (OvS), while parsing an OpenFlow role status message\nthere is a call to the abort() function for undefined role status reasons\nin the function `ofp_print_role_status_message` in `lib/ofp-print.c` that\nmay be leveraged toward a remote DoS attack by a malicious switch. \n(CVE-2017-9263)\n\n* A buffer over-read was found in the Open vSwitch (OvS) firewall\nimplementation. This flaw can be triggered by parsing a specially crafted\nTCP, UDP, or IPv6 packet. A remote attack could use this flaw to cause a\nDenial of Service (DoS). An attacker could use\nthis flaw to cause a Denial of Service (DoS). (CVE-2017-9265)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nChannel to provide early releases to layered products:\n\nSource:\nopenvswitch-2.7.2-1.git20170719.el7fdp.src.rpm\n\nnoarch:\nopenvswitch-test-2.7.2-1.git20170719.el7fdp.noarch.rpm\npython-openvswitch-2.7.2-1.git20170719.el7fdp.noarch.rpm\n\nx86_64:\nopenvswitch-2.7.2-1.git20170719.el7fdp.x86_64.rpm\nopenvswitch-debuginfo-2.7.2-1.git20170719.el7fdp.x86_64.rpm\nopenvswitch-devel-2.7.2-1.git20170719.el7fdp.x86_64.rpm\nopenvswitch-ovn-central-2.7.2-1.git20170719.el7fdp.x86_64.rpm\nopenvswitch-ovn-common-2.7.2-1.git20170719.el7fdp.x86_64.rpm\nopenvswitch-ovn-docker-2.7.2-1.git20170719.el7fdp.x86_64.rpm\nopenvswitch-ovn-host-2.7.2-1.git20170719.el7fdp.x86_64.rpm\nopenvswitch-ovn-vtep-2.7.2-1.git20170719.el7fdp.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-9214\nhttps://access.redhat.com/security/cve/CVE-2017-9263\nhttps://access.redhat.com/security/cve/CVE-2017-9264\nhttps://access.redhat.com/security/cve/CVE-2017-9265\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFZgxmYXlSAg2UNWIIRAuzuAJ9Dngapo5j66itwFnpsvl92GKMAywCfb2Ah\nV7og7GgSn4a1oFzQjIZHeXk=\n=qOi+\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9214"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004434"
},
{
"db": "VULHUB",
"id": "VHN-117417"
},
{
"db": "PACKETSTORM",
"id": "143959"
},
{
"db": "PACKETSTORM",
"id": "144028"
},
{
"db": "PACKETSTORM",
"id": "144137"
},
{
"db": "PACKETSTORM",
"id": "144026"
},
{
"db": "PACKETSTORM",
"id": "144124"
},
{
"db": "PACKETSTORM",
"id": "143646"
},
{
"db": "PACKETSTORM",
"id": "144115"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9214",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004434",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "144028",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "143959",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "144137",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "144115",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "144124",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "144026",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "143646",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "144576",
"trust": 0.1
},
{
"db": "BID",
"id": "98625",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1093",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-117417",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-117417"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004434"
},
{
"db": "PACKETSTORM",
"id": "143959"
},
{
"db": "PACKETSTORM",
"id": "144028"
},
{
"db": "PACKETSTORM",
"id": "144137"
},
{
"db": "PACKETSTORM",
"id": "144026"
},
{
"db": "PACKETSTORM",
"id": "144124"
},
{
"db": "PACKETSTORM",
"id": "143646"
},
{
"db": "PACKETSTORM",
"id": "144115"
},
{
"db": "NVD",
"id": "CVE-2017-9214"
}
]
},
"id": "VAR-201705-3873",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-117417"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T20:17:09.711000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "[ovs-dev] [PATCH] ofp-util: Fix buffer overrread in ofputil_pull_queue_get_config_reply10().",
"trust": 0.8,
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-may/332711.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004434"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-191",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-117417"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004434"
},
{
"db": "NVD",
"id": "CVE-2017-9214"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9214"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:2418"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:2553"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:2648"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:2665"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:2692"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:2698"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:2727"
},
{
"trust": 1.1,
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-may/332711.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9214"
},
{
"trust": 0.7,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9263"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2017-9265"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9265"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2017-9263"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2017-9214"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9264"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2017-9264"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-117417"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004434"
},
{
"db": "PACKETSTORM",
"id": "143959"
},
{
"db": "PACKETSTORM",
"id": "144028"
},
{
"db": "PACKETSTORM",
"id": "144137"
},
{
"db": "PACKETSTORM",
"id": "144026"
},
{
"db": "PACKETSTORM",
"id": "144124"
},
{
"db": "PACKETSTORM",
"id": "143646"
},
{
"db": "PACKETSTORM",
"id": "144115"
},
{
"db": "NVD",
"id": "CVE-2017-9214"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-117417"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004434"
},
{
"db": "PACKETSTORM",
"id": "143959"
},
{
"db": "PACKETSTORM",
"id": "144028"
},
{
"db": "PACKETSTORM",
"id": "144137"
},
{
"db": "PACKETSTORM",
"id": "144026"
},
{
"db": "PACKETSTORM",
"id": "144124"
},
{
"db": "PACKETSTORM",
"id": "143646"
},
{
"db": "PACKETSTORM",
"id": "144115"
},
{
"db": "NVD",
"id": "CVE-2017-9214"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-23T00:00:00",
"db": "VULHUB",
"id": "VHN-117417"
},
{
"date": "2017-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004434"
},
{
"date": "2017-08-30T10:11:00",
"db": "PACKETSTORM",
"id": "143959"
},
{
"date": "2017-09-06T17:22:00",
"db": "PACKETSTORM",
"id": "144028"
},
{
"date": "2017-09-14T19:51:05",
"db": "PACKETSTORM",
"id": "144137"
},
{
"date": "2017-09-06T17:18:00",
"db": "PACKETSTORM",
"id": "144026"
},
{
"date": "2017-09-13T05:13:56",
"db": "PACKETSTORM",
"id": "144124"
},
{
"date": "2017-08-04T05:19:21",
"db": "PACKETSTORM",
"id": "143646"
},
{
"date": "2017-09-13T05:11:26",
"db": "PACKETSTORM",
"id": "144115"
},
{
"date": "2017-05-23T17:29:00.257000",
"db": "NVD",
"id": "CVE-2017-9214"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-117417"
},
{
"date": "2017-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004434"
},
{
"date": "2021-08-04T17:15:17.903000",
"db": "NVD",
"id": "CVE-2017-9214"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "143959"
},
{
"db": "PACKETSTORM",
"id": "144028"
},
{
"db": "PACKETSTORM",
"id": "144137"
},
{
"db": "PACKETSTORM",
"id": "144026"
},
{
"db": "PACKETSTORM",
"id": "144124"
},
{
"db": "PACKETSTORM",
"id": "143646"
},
{
"db": "PACKETSTORM",
"id": "144115"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Open vSwitch Vulnerable to integer underflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004434"
}
],
"trust": 0.8
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.