Openvswitch: >> Openvswitch Security Vulnerabilities
Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command.
CVSS Score
9.8
EPSS Score
0.086
Published
2016-07-03
Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/openvswitch/pki/controllerca/incoming/ and (2) /var/lib/openvswitch/pki/switchca/incoming/, which allows local users to delete and overwrite arbitrary files.
CVSS Score
3.6
EPSS Score
0.0
Published
2012-08-07
Page 3