7.5
CVE-2021-3905
- EPSS 1.58%
- Veröffentlicht 23.08.2022 16:15:10
- Zuletzt bearbeitet 21.11.2024 06:22:44
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Openvswitch ≫ Openvswitch Version < 2.17.0
Redhat ≫ Enterprise Linux Fast Datapath Version7.0
Redhat ≫ Enterprise Linux Fast Datapath Version8.0
Canonical ≫ Ubuntu Linux Version21.10
Fedoraproject ≫ Fedora Version35
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.58% | 0.723 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://security.gentoo.org/glsa/202311-16
https://access.redhat.com/security/cve/CVE-2021-3905
https://bugzilla.redhat.com/show_bug.cgi?id=2019692
https://github.com/openvswitch/ovs-issues/issues/226
https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349
https://ubuntu.com/security/CVE-2021-3905