Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2017-9214

Published: 23/05/2017 Updated: 04/08/2021
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Openvswitch

Vulnerability Summary

In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openvswitch openvswitch 2.7.0

debian debian linux 9.0

redhat openstack 6.0

redhat openstack 7.0

redhat openstack 8

redhat openstack 9

redhat openstack 10

redhat openstack 11

redhat virtualization 4.1

redhat virtualization manager 4.1

redhat virtualization 4.0

Vendor Advisories

Red Hat: Moderate: openvswitch security update
Synopsis Moderate: openvswitch security update Type/Severity Security Advisory: Moderate Topic An update for openvswitch is now available for Red Hat OpenStack Platform 110 (Ocata)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...
Ubuntu Security Notice: openvswitch vulnerabilities
Several security issues were fixed in Open vSwitch ...
Debian CVElist Bug Report Logs: openvswtich: CVE-2017-9214
Debian Bug report logs - #863228 openvswtich: CVE-2017-9214 Package: openvswitch; Maintainer for openvswitch is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 24 May 2017 05:51:01 UTC Severity: important Tags: patch, security, upstream Found in ...
Debian CVElist Bug Report Logs: openvswitch: CVE-2017-9264
Debian Bug report logs - #863661 openvswitch: CVE-2017-9264 Package: src:openvswitch; Maintainer for src:openvswitch is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 29 May 2017 20:15:54 UTC Severity: normal Tags: patch, security, upstream Foun ...
Debian CVElist Bug Report Logs: CVE-2017-14970
Debian Bug report logs - #877543 CVE-2017-14970 Package: src:openvswitch; Maintainer for src:openvswitch is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Mon, 2 Oct 2017 17:21:01 UTC Severity: important Tags: security, upstream Found in version openvswi ...
Debian CVElist Bug Report Logs: openvswitch: CVE-2017-9263
Debian Bug report logs - #863655 openvswitch: CVE-2017-9263 Package: src:openvswitch; Maintainer for src:openvswitch is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 29 May 2017 19:48:01 UTC Severity: normal Tags: patch, security, upstream Foun ...

References

CWE-191https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332711.htmlhttps://access.redhat.com/errata/RHSA-2017:2727https://access.redhat.com/errata/RHSA-2017:2698https://access.redhat.com/errata/RHSA-2017:2692https://access.redhat.com/errata/RHSA-2017:2665https://access.redhat.com/errata/RHSA-2017:2648https://access.redhat.com/errata/RHSA-2017:2553https://access.redhat.com/errata/RHSA-2017:2418https://lists.debian.org/debian-lts-announce/2021/02/msg00032.htmlhttps://access.redhat.com/errata/RHSA-2017:2727https://usn.ubuntu.com/3450-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook