Vulnerability CVE-2017-9265: Information

Description

In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-9265
Published: May 29, 2017
Modified: Oct. 3, 2019
Error type identifier: CWE-125

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
openvswitchsisyphus2.7.1-alt13.3.0-alt1ALT-PU-2017-1874-1185385Fixed
openvswitchp102.7.1-alt12.17.9-alt1ALT-PU-2017-1874-1185385Fixed
openvswitchp92.7.1-alt12.14.2-alt0.p9ALT-PU-2017-1874-1185385Fixed
openvswitchp82.7.1-alt0.M80P.12.7.2-alt1.M80P.1ALT-PU-2017-1878-1185389Fixed
openvswitchc10f12.7.1-alt12.17.6-alt1ALT-PU-2017-1874-1185385Fixed
openvswitchc9f22.7.1-alt12.14.2-alt0.p9ALT-PU-2017-1874-1185385Fixed
openvswitchp112.7.1-alt13.3.0-alt1ALT-PU-2017-1874-1185385Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332965.html
  • Mailing List
  • Vendor Advisory
  • Patch
RHSA-2017:2727
    RHSA-2017:2698
      RHSA-2017:2692
        RHSA-2017:2665
          RHSA-2017:2648
            RHSA-2017:2553
              RHSA-2017:2418

                  1. Configuration 1

                    cpe:2.3:a:openvswitch:openvswitch:2.7.0:*:*:*:*:*:*:*
                VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                Version: v24.5.3
                Back to top