Vulnerability Description
In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openvswitch | Openvswitch | <= 2.8.0 |
Related Weaknesses (CWE)
References
- https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339085.htmlMailing ListPatchVendor Advisory
- https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339086.htmlMailing ListPatchVendor Advisory
- https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339085.htmlMailing ListPatchVendor Advisory
- https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339086.htmlMailing ListPatchVendor Advisory
FAQ
What is CVE-2017-14970?
CVE-2017-14970 is a vulnerability with a CVSS score of 5.9 (MEDIUM). In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stati...
How severe is CVE-2017-14970?
CVE-2017-14970 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-14970?
Check the references section above for vendor advisories and patch information. Affected products include: Openvswitch Openvswitch.