var-201710-0983
Vulnerability from variot
In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table.". Open vSwitch (OvS) Contains a resource exhaustion vulnerability. Vendors are contesting this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-14970Service operation interruption (DoS) There is a possibility of being put into a state. OpenvSwitch (OvS) is a multi-layer virtual switch product based on open source technology (subject to Apache 2.0 license). It supports large-scale network automation, standard management interfaces and protocols through programming extensions. A security vulnerability exists in the lib/ofp-util.c file in versions prior to OvS 2.8.1. A remote attacker could exploit the vulnerability to cause a denial of service. through programming extensions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-0983",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openvswitch",
"scope": "lte",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.8.0"
},
{
"model": "open vswitch",
"scope": "lt",
"trust": 0.8,
"vendor": "open vswitch",
"version": "2.8.1"
},
{
"model": "vswitch open vswitch",
"scope": "lt",
"trust": 0.6,
"vendor": "open",
"version": "2.8.1"
},
{
"model": "openvswitch",
"scope": "eq",
"trust": 0.6,
"vendor": "openvswitch",
"version": "2.8.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32356"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008466"
},
{
"db": "NVD",
"id": "CVE-2017-14970"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-454"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.8.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14970"
}
]
},
"cve": "CVE-2017-14970",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-14970",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-32356",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-105746",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-14970",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14970",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-14970",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-32356",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201710-454",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-105746",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32356"
},
{
"db": "VULHUB",
"id": "VHN-105746"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008466"
},
{
"db": "NVD",
"id": "CVE-2017-14970"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-454"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating \"it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table.\". Open vSwitch (OvS) Contains a resource exhaustion vulnerability. Vendors are contesting this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-14970Service operation interruption (DoS) There is a possibility of being put into a state. OpenvSwitch (OvS) is a multi-layer virtual switch product based on open source technology (subject to Apache 2.0 license). It supports large-scale network automation, standard management interfaces and protocols through programming extensions. A security vulnerability exists in the lib/ofp-util.c file in versions prior to OvS 2.8.1. A remote attacker could exploit the vulnerability to cause a denial of service. through programming extensions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14970"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008466"
},
{
"db": "CNVD",
"id": "CNVD-2017-32356"
},
{
"db": "VULHUB",
"id": "VHN-105746"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14970",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008466",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201710-454",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-32356",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-105746",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32356"
},
{
"db": "VULHUB",
"id": "VHN-105746"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008466"
},
{
"db": "NVD",
"id": "CVE-2017-14970"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-454"
}
]
},
"id": "VAR-201710-0983",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32356"
},
{
"db": "VULHUB",
"id": "VHN-105746"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32356"
}
]
},
"last_update_date": "2023-12-18T13:02:52.595000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "[ovs-dev] [PATCH v4 3/3] ofp-util: Fix memory leaks when parsing OF1.5 group properties.",
"trust": 0.8,
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-september/339086.html"
},
{
"title": "[ovs-dev] [PATCH v4 2/3] ofp-util: Fix memory leaks on error cases in ofputil_decode_group_mod().",
"trust": 0.8,
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-september/339085.html"
},
{
"title": "OpenvSwitch denial of service vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/104742"
},
{
"title": "Open vSwitch Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=75533"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32356"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008466"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-454"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-772",
"trust": 1.1
},
{
"problemtype": "CWE-400",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105746"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008466"
},
{
"db": "NVD",
"id": "CVE-2017-14970"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-september/339085.html"
},
{
"trust": 1.7,
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-september/339086.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14970"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14970"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32356"
},
{
"db": "VULHUB",
"id": "VHN-105746"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008466"
},
{
"db": "NVD",
"id": "CVE-2017-14970"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-454"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-32356"
},
{
"db": "VULHUB",
"id": "VHN-105746"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008466"
},
{
"db": "NVD",
"id": "CVE-2017-14970"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-454"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-32356"
},
{
"date": "2017-10-02T00:00:00",
"db": "VULHUB",
"id": "VHN-105746"
},
{
"date": "2017-10-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008466"
},
{
"date": "2017-10-02T01:29:00.517000",
"db": "NVD",
"id": "CVE-2017-14970"
},
{
"date": "2017-10-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-454"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-32356"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-105746"
},
{
"date": "2017-10-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008466"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-14970"
},
{
"date": "2019-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-454"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-454"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Open vSwitch Vulnerable to resource exhaustion",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008466"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-454"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.