Open vSwitch CVE-2018-17206 Remote Denial of Service Vulnerability
BID:106675
Info
Open vSwitch CVE-2018-17206 Remote Denial of Service Vulnerability
| Bugtraq ID: | 106675 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2018-17206 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 25 2018 12:00AM |
| Updated: | Sep 25 2018 12:00AM |
| Credit: | ClusterFuzz-External |
| Vulnerable: |
Redhat Virtualization Manager 4.2 Redhat Virtualization for IBM Power LE 4 Redhat Virtualization 4 Redhat OpenStack Platform 9.0 Redhat OpenStack Platform 8.0 Redhat OpenStack Platform 13 Redhat OpenStack Platform 12 Redhat OpenStack Platform 10 Redhat OpenStack for IBM Power 13 Redhat OpenStack 9.0 Director for RHEL 7 0 Redhat OpenStack 8.0 Director for RHEL 7 0 Redhat Enterprise Linux Fast Datapath 7 Openvswitch Openvswitch 2.9.2 Openvswitch Openvswitch 2.9 Openvswitch Openvswitch 2.8.4 Openvswitch Openvswitch 2.8 Openvswitch Openvswitch 2.7.6 Openvswitch Openvswitch 2.7 Openvswitch Openvswitch 2.6.3 Openvswitch Openvswitch 2.6 Openvswitch Openvswitch 2.5.5 Openvswitch Openvswitch 2.5 |
| Not Vulnerable: | |
Discussion
Open vSwitch CVE-2018-17206 Remote Denial of Service Vulnerability
Open vSwitch is prone to a remote denial-of-service vulnerability.
Attackers can exploit this issue to crash the affected application, denying service to legitimate users.
Open vSwitch 2.5.x through 2.5.5, 2.6.x through 2.6.3, 2.7.x through 2.7.6, 2.8.x through 2.8.4, and 2.9.x through 2.9.2 are vulnerable.
Open vSwitch is prone to a remote denial-of-service vulnerability.
Attackers can exploit this issue to crash the affected application, denying service to legitimate users.
Open vSwitch 2.5.x through 2.5.5, 2.6.x through 2.6.3, 2.7.x through 2.7.6, 2.8.x through 2.8.4, and 2.9.x through 2.9.2 are vulnerable.
Exploit / POC
Open vSwitch CVE-2018-17206 Remote Denial of Service Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Open vSwitch CVE-2018-17206 Remote Denial of Service Vulnerability
References:
References:
- ofp-actions: Avoid buffer overread in BUNDLE action decoding. (Open vSwitch)
- Open vSwitch Homepage (Open vSwitch)
- openvswitch/ofp_print_fuzzer: Heap-buffer-overflow in decode_bundle (Chromium)
- Bug 1632528 CVE-2018-17206 openvswitch: Buffer over-read in lib/ofp-actions.c (Redhat)
- CVE-2018-17206 (Redhat)
- RHSA-2018:3500 - Security Advisory (Redhat)
- RHSA-2019:0053 - Security Advisory (Redhat)
- RHSA-2019:0081 - Security Advisory (Redhat)