Vulnerability CVE-2016-2074: Information

Description

Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2016-2074
Published: July 4, 2016
Modified: March 23, 2018
Error type identifier: CWE-119

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
openvswitchsisyphus2.5.1-alt13.3.0-alt1ALT-PU-2016-2105-1170962Fixed
openvswitchp102.5.1-alt12.17.9-alt1ALT-PU-2016-2105-1170962Fixed
openvswitchp92.5.1-alt12.14.2-alt0.p9ALT-PU-2016-2105-1170962Fixed
openvswitchp82.5.2-alt1.M80P.12.7.2-alt1.M80P.1ALT-PU-2017-1535-1182235Fixed
openvswitchc10f12.5.1-alt12.17.6-alt1ALT-PU-2016-2105-1170962Fixed
openvswitchc9f22.5.1-alt12.14.2-alt0.p9ALT-PU-2016-2105-1170962Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
[ovs-announce] 20160328 CVE-2016-2074: MPLS buffer overflow vulnerabilities in Open vSwitch
  • Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1318553
    https://security-tracker.debian.org/tracker/CVE-2016-2074
      [ovs-announce] 20160328 Open vSwitch 2.4.1 and 2.3.3 Available
      • Patch
      RHSA-2016:0615
        85700
          GLSA-201701-07
            DSA-3533
              RHSA-2016:0537
                RHSA-2016:0524
                  RHSA-2016:0523
                    https://support.citrix.com/article/CTX232655

                        1. Configuration 1

                          cpe:2.3:a:openvswitch:openvswitch:2.2.0:*:*:*:*:*:*:*
                          cpe:2.3:a:openvswitch:openvswitch:2.3.0:*:*:*:*:*:*:*
                          cpe:2.3:a:openvswitch:openvswitch:2.3.2:*:*:*:*:*:*:*
                          cpe:2.3:a:openvswitch:openvswitch:2.4.0:*:*:*:*:*:*:*
                          cpe:2.3:a:openvswitch:openvswitch:2.3.1:*:*:*:*:*:*:*

                          Configuration 2

                          cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*
                      VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                      Version: v24.4.2
                      Back to top