Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2017-14970

Published: 02/10/2017 Updated: 03/10/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Openvswitch

Vulnerability Summary

In lib/ofp-util.c in Open vSwitch (OvS) prior to 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openvswitch openvswitch

Vendor Advisories

Debian CVElist Bug Report Logs: openvswtich: CVE-2017-9214
Debian Bug report logs - #863228 openvswtich: CVE-2017-9214 Package: openvswitch; Maintainer for openvswitch is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 24 May 2017 05:51:01 UTC Severity: important Tags: patch, security, upstream Found in ...
Debian CVElist Bug Report Logs: openvswitch: CVE-2017-9264
Debian Bug report logs - #863661 openvswitch: CVE-2017-9264 Package: src:openvswitch; Maintainer for src:openvswitch is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 29 May 2017 20:15:54 UTC Severity: normal Tags: patch, security, upstream Foun ...
Debian CVElist Bug Report Logs: CVE-2017-14970
Debian Bug report logs - #877543 CVE-2017-14970 Package: src:openvswitch; Maintainer for src:openvswitch is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Mon, 2 Oct 2017 17:21:01 UTC Severity: important Tags: security, upstream Found in version openvswi ...
Debian CVElist Bug Report Logs: openvswitch: CVE-2017-9263
Debian Bug report logs - #863655 openvswitch: CVE-2017-9263 Package: src:openvswitch; Maintainer for src:openvswitch is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 29 May 2017 19:48:01 UTC Severity: normal Tags: patch, security, upstream Foun ...

References

CWE-772https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339086.htmlhttps://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339085.htmlhttps://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863228
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946CVE-2024-30309CVE-2024-4761CVE-2024-30051type confusionmemory leakCVE-2024-30293reflected XSSCVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook