Openvswitch : Security Vulnerabilities, CVEs, (Overflow)
In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in `lib/flow.c` in the function `miniflow_extract`, permitting remote bypass of the access control list enforced by the switch.
Max CVSS
8.8
EPSS Score
0.09%
Published
2017-05-29
Updated
2017-06-08
Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command.
Max CVSS
9.8
EPSS Score
25.03%
Published
2016-07-03
Updated
2018-03-23
2 vulnerabilities found