Vulnerability Description
A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lldpd Project | Lldpd | < 1.0.8 |
| Openvswitch | Openvswitch | >= 2.6.0, < 2.6.9 |
| Redhat | Openshift Container Platform | 4.0 |
| Redhat | Openstack | 10 |
| Redhat | Virtualization | 4.0 |
| Redhat | Enterprise Linux | 7.0 |
| Fedoraproject | Fedora | 33 |
| Siemens | Simatic Hmi Unified Comfort Panels Firmware | < 17 |
| Siemens | Simatic Hmi Unified Comfort Panels | - |
| Siemens | Simatic Net Cp 1243-1 Firmware | - |
| Siemens | Simatic Net Cp 1243-1 | - |
| Siemens | Simatic Net Cp 1243-8 Irc Firmware | - |
| Siemens | Simatic Net Cp 1243-8 Irc | - |
| Siemens | Simatic Net Cp 1542Sp-1 Firmware | - |
| Siemens | Simatic Net Cp 1542Sp-1 | - |
| Siemens | Simatic Net Cp 1542Sp-1 Irc Firmware | - |
| Siemens | Simatic Net Cp 1542Sp-1 Irc | - |
| Siemens | Simatic Net Cp 1543-1 Firmware | - |
| Siemens | Simatic Net Cp 1543-1 | - |
| Siemens | Simatic Net Cp 1543Sp-1 Firmware | - |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1921438Issue TrackingMitigationPatch
- https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdfPatchThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.htmlMailing ListMitigationVendor Advisory
- https://security.gentoo.org/glsa/202311-16
- https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07Third Party AdvisoryUS Government Resource
- https://bugzilla.redhat.com/show_bug.cgi?id=1921438Issue TrackingMitigationPatch
- https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdfPatchThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.htmlMailing ListMitigationVendor Advisory
- https://security.gentoo.org/glsa/202311-16
FAQ
What is CVE-2020-27827?
CVE-2020-27827 is a vulnerability with a CVSS score of 7.5 (HIGH). A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of ...
How severe is CVE-2020-27827?
CVE-2020-27827 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-27827?
Check the references section above for vendor advisories and patch information. Affected products include: Lldpd Project Lldpd, Openvswitch Openvswitch, Redhat Openshift Container Platform, Redhat Openstack, Redhat Virtualization.