4.9
CVE-2018-17206
- EPSS 2.05%
- Veröffentlicht 19.09.2018 16:29:01
- Zuletzt bearbeitet 21.11.2024 03:54:05
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Openvswitch ≫ Openvswitch Version >= 2.7.0 <= 2.7.6
Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts
Debian ≫ Debian Linux Version9.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.05% | 0.787 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:N/A:P
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html
https://access.redhat.com/errata/RHSA-2018:3500
https://access.redhat.com/errata/RHSA-2019:0053
https://access.redhat.com/errata/RHSA-2019:0081
https://usn.ubuntu.com/3873-1/
https://github.com/openvswitch/ovs/commit/9237a63c47bd314b807cda0bd2216264e82edbe8