Debian: DLA-2571-1 Moderate: Openvswitch Denial Of Service Attacks
debian lts
February 19, 2021
Several issues have been found in openvswitch, a production quality, multilayer, software-based, Ethernet virtual switch
Summary
Several issues have been found in openvswitch, a production quality,
multilayer, software-based, Ethernet virtual switch.
CVE-2020-35498
Denial of service attacks, in which crafted network packets
could cause the packet lookup to ignore network header fields
from layers 3 and 4. The crafted network packet is an ordinary
IPv4 or IPv6 packet with Ethernet padding length above 255 bytes.
This causes the packet sanity check to abort parsing header
fields after layer 2.
CVE-2020-27827
Denial of service attacks using crafted LLDP packets.
CVE-2018-17206
Buffer over-read issue during BUNDLE action decoding.
CVE-2018-17204
Assertion failure due to not validating information (group type
and command) in OF1.5 decoder.
CVE-2017-9214
Buffer over-read that is caused by an unsigned integer underflow.
CVE-2015-8011
Buffer overflow in the lldp_decode function in
daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote
PREVIOUS
NEXT
Package: openvswitch
Version: 2.6.10-0+deb9u1
CVE ID: CVE-2015-8011 CVE-2017-9214 CVE-2018-17204 CVE-2018-17206
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!