Vulnerability Details : CVE-2017-9263
In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2017-9263
- cpe:2.3:a:openvswitch:openvswitch:2.7.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-9263
0.26%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 65 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-9263
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.3
|
LOW | AV:A/AC:L/Au:N/C:N/I:N/A:P |
6.5
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2017-9263
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-9263
-
https://access.redhat.com/errata/RHSA-2017:2648
RHSA-2017:2648 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2017:2698
RHSA-2017:2698 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2017:2727
RHSA-2017:2727 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2017:2665
RHSA-2017:2665 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2017:2692
RHSA-2017:2692 - Security Advisory - Red Hat Customer Portal
-
https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332966.html
[ovs-dev] [PATCH] ofp-print: Don't abort on unknown reason in role status message.Mailing List;Patch;Vendor Advisory
-
https://access.redhat.com/errata/RHSA-2017:2553
RHSA-2017:2553 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2017:2418
RHSA-2017:2418 - Security Advisory - Red Hat Customer Portal
Jump to