9.8

CVE-2017-9264

In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extract_l4_tcp`, and `extract_l4_udp` that can be triggered remotely.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenvswitchOpenvswitch Version2.6.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.42% 0.82
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://access.redhat.com/errata/RHSA-2017:2418
https://access.redhat.com/errata/RHSA-2017:2648
https://access.redhat.com/errata/RHSA-2017:2727
https://mail.openvswitch.org/pipermail/ovs-dev/2017-March/329323.html
Patch
Vendor Advisory
Mailing List