7.5

CVE-2021-3905

Exploit
A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenvswitchOpenvswitch Version < 2.17.0
CanonicalUbuntu Linux Version21.10
FedoraprojectFedora Version35
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.58% 0.723
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://security.gentoo.org/glsa/202311-16
https://access.redhat.com/security/cve/CVE-2021-3905
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2019692
Patch
Third Party Advisory
Issue Tracking
https://github.com/openvswitch/ovs-issues/issues/226
Patch
Third Party Advisory
Exploit
Issue Tracking
https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349
Patch
Third Party Advisory
https://ubuntu.com/security/CVE-2021-3905
Patch
Third Party Advisory