Vulnerability Details CVE-2017-9265
In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.015
EPSS Ranking 80.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://access.redhat.com/errata/RHSA-2017:2418
- https://access.redhat.com/errata/RHSA-2017:2553
- https://access.redhat.com/errata/RHSA-2017:2648
- https://access.redhat.com/errata/RHSA-2017:2665
- https://access.redhat.com/errata/RHSA-2017:2692
- https://access.redhat.com/errata/RHSA-2017:2698
- https://access.redhat.com/errata/RHSA-2017:2727
- https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332965.html
- https://access.redhat.com/errata/RHSA-2017:2418
- https://access.redhat.com/errata/RHSA-2017:2553
- https://access.redhat.com/errata/RHSA-2017:2648
- https://access.redhat.com/errata/RHSA-2017:2665
- https://access.redhat.com/errata/RHSA-2017:2692
- https://access.redhat.com/errata/RHSA-2017:2698
- https://access.redhat.com/errata/RHSA-2017:2727
- https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332965.html
Products affected by CVE-2017-9265
-
cpe:2.3:a:openvswitch:openvswitch:2.7.0