7.5

CVE-2020-27827

A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Lldpd ProjectLldpd Version < 1.0.8
OpenvswitchOpenvswitch Version >= 2.6.0 < 2.6.9
OpenvswitchOpenvswitch Version >= 2.7.0 < 2.7.12
OpenvswitchOpenvswitch Version >= 2.8.0 < 2.8.10
OpenvswitchOpenvswitch Version >= 2.9.0 < 2.9.8
OpenvswitchOpenvswitch Version >= 2.10.0 < 2.10.6
OpenvswitchOpenvswitch Version >= 2.11.0 < 2.11.5
OpenvswitchOpenvswitch Version >= 2.12.0 < 2.12.2
OpenvswitchOpenvswitch Version >= 2.13.0 < 2.13.2
OpenvswitchOpenvswitch Version >= 2.14.0 < 2.14.1
RedhatOpenstack Version10
RedhatOpenstack Version13
RedhatVirtualization Version4.0
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version8.0
FedoraprojectFedora Version33
SiemensTim 1531 Irc Firmware Version < 2.2
   SiemensTim 1531 Irc Version-
SiemensSinumerik One Firmware Version < 2.0.1
   SiemensSinumerik One Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.24% 0.866
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 7.1 8.6 6.9
AV:N/AC:M/Au:N/C:N/I:N/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf
Patch
Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07
Third Party Advisory
US Government Resource
https://security.gentoo.org/glsa/202311-16
https://bugzilla.redhat.com/show_bug.cgi?id=1921438
Patch
Third Party Advisory
Issue Tracking
Mitigation
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D/
https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html
Vendor Advisory
Mailing List
Mitigation