Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-17204

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. This causes an assertion failure (via OVS_NOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default.

Published

2018-09-19T16:29:00.897

Last Modified

2024-11-21T03:54:05.327

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-617

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	openvswitch	openvswitch	≤ 2.7.6	Yes
Application	redhat	openstack	10	Yes
Application	redhat	openstack	13	Yes
Operating System	canonical	ubuntu_linux	16.04	Yes
Operating System	canonical	ubuntu_linux	18.04	Yes
Operating System	debian	debian_linux	9.0	Yes

References

https://access.redhat.com/errata/RHSA-2018:3500 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2019:0053 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2019:0081 Third Party Advisory ([email protected])
https://github.com/openvswitch/ovs/commit/4af6da3b275b764b1afe194df6499b33d2bf4cde Patch, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html Mailing List, Third Party Advisory ([email protected])
https://usn.ubuntu.com/3873-1/ Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2018:3500 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:0053 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:0081 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/openvswitch/ovs/commit/4af6da3b275b764b1afe194df6499b33d2bf4cde Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3873-1/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)