Wind River Support Network

HomeDefectsLIN8-8011
Fixed

LIN8-8011 : Security Advisory - openvswitch - CVE-2017-14970

Created: Oct 16, 2017    Updated: Dec 3, 2018
Resolved Date: Nov 23, 2017
Found In Version: 8.0.0.22
Fix Version: 8.0.0.24
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Userspace

Description

In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table.

https://nvd.nist.gov/vuln/detail/CVE-2017-14970

Other Downloads


CVEs


Live chat
Online