Vulnerability Details CVE-2016-10377
In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in `lib/flow.c` in the function `miniflow_extract`, permitting remote bypass of the access control list enforced by the switch.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.4%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 5.8
References
Products affected by CVE-2016-10377
-
cpe:2.3:a:openvswitch:openvswitch:2.5.0