5.9

CVE-2017-14970

EPSS 0.65%
Published 02.10.2017 01:29:00
Last modified 20.04.2025 01:37:25
Source cve@mitre.org
Teams watchlist Login
Open Login

In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table."

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Openvswitch ≫ Openvswitch Version <= 2.8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.65%	0.684

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-772 Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339085.html

Patch

Vendor Advisory

Mailing List

https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339086.html

Patch

Vendor Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2017-14970

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-14970

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-14970

EUVD