5.9

CVE-2017-14970

EPSS 0.65%
Veröffentlicht 02.10.2017 01:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table."

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openvswitch ≫ Openvswitch Version <= 2.8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.65%	0.684

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-772 Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339085.html

Patch

Vendor Advisory

Mailing List

https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339086.html

Patch

Vendor Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2017-14970

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-14970

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-14970

EUVD