Vulnerability Details : CVE-2017-9264
In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extract_l4_tcp`, and `extract_l4_udp` that can be triggered remotely.
Products affected by CVE-2017-9264
- cpe:2.3:a:openvswitch:openvswitch:2.6.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-9264
0.43%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 71 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-9264
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2017-9264
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-9264
-
https://access.redhat.com/errata/RHSA-2017:2648
RHSA-2017:2648 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2017:2727
RHSA-2017:2727 - Security Advisory - Red Hat Customer Portal
-
https://mail.openvswitch.org/pipermail/ovs-dev/2017-March/329323.html
[ovs-dev] [PATCH] conntrack: Fix checks for TCP, UDP, and IPv6 header sizes.Mailing List;Patch;Vendor Advisory
-
https://access.redhat.com/errata/RHSA-2017:2418
RHSA-2017:2418 - Security Advisory - Red Hat Customer Portal
Jump to