Known Vulnerabilities for products from Openvswitch
Listed below are 15 of the newest known vulnerabilities associated with the vendor "Openvswitch".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-36980 | Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decod... | 5.5 - MEDIUM | 2021-07-20 | 2023-11-26 |
| CVE-2021-3905 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-08-23 | 2023-11-26 |
| CVE-2020-35498 | A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a maliciou... | 7.5 - HIGH | 2021-02-11 | 2023-11-26 |
| CVE-2020-27827 | A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocat... | 7.5 - HIGH | 2021-03-18 | 2023-11-26 |
| CVE-2018-17206 | An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is aff... | 4.9 - MEDIUM | 2018-09-19 | 2021-08-04 |
| CVE-2018-17205 | An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. Duri... | 7.5 - HIGH | 2018-09-19 | 2021-08-04 |
| CVE-2018-17204 | An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp... | 4.3 - MEDIUM | 2018-09-19 | 2021-08-04 |
| CVE-2017-14970 | In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group ... | 5.9 - MEDIUM | 2017-10-02 | 2019-10-03 |
| CVE-2017-9265 | In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controll... | 9.8 - CRITICAL | 2017-05-29 | 2019-10-03 |
| CVE-2017-9264 | In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malf... | 9.8 - CRITICAL | 2017-05-29 | 2019-10-03 |
| CVE-2017-9263 | In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undef... | 6.5 - MEDIUM | 2017-05-29 | 2018-01-05 |
| CVE-2017-9214 | In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read t... | 9.8 - CRITICAL | 2017-05-23 | 2021-08-04 |
| CVE-2016-10377 | In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an u... | 8.8 - HIGH | 2017-05-29 | 2017-06-08 |
| CVE-2016-2074 | Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remo... | 9.8 - CRITICAL | 2016-07-03 | 2018-03-23 |
| CVE-2012-3449 | Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/openvswitch/pki/controllerca/incoming/ and (2) /var/lib/o... | 3.6 - LOW | 2012-08-07 | 2017-08-29 |
Known software with vulnerabilities from Openvswitch
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Openvswitch | Openvswitch | 1.0.1 |