Skip to main content

Openvswitch

15 CVEs product

Monthly

CVE-2024-22563 HIGH This Week

openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openvswitch
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-5366 MEDIUM PATCH This Month

A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Openvswitch Openshift Container Platform Virtualization Enterprise Linux +1
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-0669 MEDIUM PATCH This Month

A flaw was found in dpdk. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Data Plane Development Kit Openvswitch Openshift Container Platform
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2021-36980 MEDIUM PATCH This Month

Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Openvswitch
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2018-17206 MEDIUM PATCH This Month

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Openvswitch Openstack Ubuntu Linux +1
NVD GitHub
CVSS 3.1
4.9
EPSS
2.0%
CVE-2018-17205 HIGH POC PATCH This Week

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Openvswitch Openstack Ubuntu Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
2.5%
CVE-2018-17204 MEDIUM PATCH This Month

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Openvswitch Openstack Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
4.3
EPSS
1.9%
CVE-2017-14970 MEDIUM PATCH This Month

In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Openvswitch
NVD
CVSS 3.0
5.9
EPSS
0.5%
CVE-2017-9265 CRITICAL PATCH Act Now

In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Openvswitch
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2017-9264 CRITICAL PATCH Act Now

In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Openvswitch
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2017-9263 MEDIUM PATCH This Month

In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message`. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Openvswitch
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2016-10377 HIGH PATCH This Week

In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in `lib/flow.c` in the function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Openvswitch
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-9214 CRITICAL PATCH Act Now

In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Information Disclosure Openvswitch Debian Linux Openstack +2
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2016-2074 CRITICAL PATCH Act Now

Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Buffer Overflow Openvswitch Openshift
NVD
CVSS 3.0
9.8
EPSS
7.5%
CVE-2012-3449 LOW Monitor

Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/openvswitch/pki/controllerca/incoming/ and (2) /var/lib/openvswitch/pki/switchca/incoming/, which allows local users to delete and. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Openvswitch
NVD
CVSS 2.0
3.6
EPSS
0.0%
EPSS 1% CVSS 7.5
HIGH This Week

openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openvswitch
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Openvswitch Openshift Container Platform +3
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in dpdk. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Data Plane Development Kit Openvswitch +1
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure +1
NVD GitHub
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Openvswitch +3
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Openvswitch Openstack +1
NVD GitHub
EPSS 2% CVSS 4.3
MEDIUM PATCH This Month

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Openvswitch Openstack +2
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Openvswitch
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Openvswitch
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Openvswitch
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message`. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Openvswitch
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in `lib/flow.c` in the function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Openvswitch
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Information Disclosure Openvswitch +4
NVD
EPSS 8% CVSS 9.8
CRITICAL PATCH Act Now

Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Buffer Overflow Openvswitch +1
NVD
EPSS 0% CVSS 3.6
LOW Monitor

Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/openvswitch/pki/controllerca/incoming/ and (2) /var/lib/openvswitch/pki/switchca/incoming/, which allows local users to delete and. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Openvswitch
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy