CVE-2017-14970
Summary
| CVE | CVE-2017-14970 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-10-02 01:29:00 UTC |
| Updated | 2019-10-03 00:03:00 UTC |
| Description | In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table." |
Risk And Classification
Problem Types: CWE-772
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Openvswitch | Openvswitch | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [ovs-dev] [PATCH v4 3/3] ofp-util: Fix memory leaks when parsing OF1.5 group properties. | CONFIRM | mail.openvswitch.org | Mailing List, Patch, Vendor Advisory |
| [ovs-dev] [PATCH v4 2/3] ofp-util: Fix memory leaks on error cases in ofputil_decode_group_mod(). | CONFIRM | mail.openvswitch.org | Mailing List, Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.