CVE-2018-17204

Source
https://nvd.nist.gov/vuln/detail/CVE-2018-17204
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-17204.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-17204
Related
Published
2018-09-19T16:29:00Z
Modified
2024-10-12T03:16:49.713272Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parsegrouppropntrselectionmethod in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. This causes an assertion failure (via OVSNOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default.

References

Affected packages

Debian:11 / openvswitch

Package

Name
openvswitch
Purl
pkg:deb/debian/openvswitch?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.10.0+2018.08.28+git.8ca7c82b7d+ds1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / openvswitch

Package

Name
openvswitch
Purl
pkg:deb/debian/openvswitch?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.10.0+2018.08.28+git.8ca7c82b7d+ds1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / openvswitch

Package

Name
openvswitch
Purl
pkg:deb/debian/openvswitch?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.10.0+2018.08.28+git.8ca7c82b7d+ds1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/openvswitch/ovs

Affected ranges

Type
GIT
Repo
https://github.com/openvswitch/ovs
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v0.*

v0.90.0
v0.90.1
v0.90.2
v0.90.3
v0.90.4
v0.90.6
v0.90.7
v0.99.0
v0.99.1
v0.99.2

v1.*

v1.0.0
v1.0.1
v1.1.0pre1
v1.1.0pre2

v2.*

v2.7.0
v2.7.1
v2.7.2
v2.7.3
v2.7.4
v2.7.5
v2.7.6