CVE-2020-35498

A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.

References

Affected packages

Git / github.com/openvswitch/ovs

Affected ranges

Type

GIT

Repo

https://github.com/openvswitch/ovs

Events

Introduced

22d4614ddf83988a3771fb379ea029e663b4455a

Fixed

3fbe4e9e8ba20ab1c7e2fe3804cb4e1f64c63e2c

Introduced

7a0f907b2393626dac1387617355990eab69aef7

Fixed

8717cd3d9b2347da025aad32d306f6f8d52d777f

Introduced

c298ef781c2d35d939fe163cbc2f41ea7b1cb8d1

Fixed

db92fd7e5b4a469a63d7f9a411c094409d0c0895

Introduced

4fbe77d8deebd8e98953cd2c74051bb23a19af72

Fixed

cadf7794dd3f4442597c5095491f55d6ea3baed5

Introduced

bd916d13dbb845746983a6780da772154df647ba

Fixed

58b2a17bafb6a3048371627a0bb19172782b0aa0

Introduced

5563e309b80bbea9bff538e71ecfd7e5e538bab9

Fixed

11b4c6e17f894dac4fd98facf4be01cdfb531bfb

Introduced

997f2b583f49d1a52b41958b88acf4f23a49eba6

Fixed

5d07b5da2e7c8aa5c32b8c1279966e5e065c50e8

Introduced

6beb94976e2b3e0c51430b63214de14186d8db39

Fixed

db922b3e0995c5d01437fff617921495bbb41fbb

Introduced

71d553b995d0bd527d3ab1e9fbaf5a2ae34de2f3

Fixed

f25820bf556c6881a83207166508463d75c7f134

Introduced

29c7b4518fb5834e3f432f1c8864df8e95e1506c

Fixed

c35b8c02e564df00fdbc68472820b4a85f96c758

Database specific

{
    "versions": [
        {
            "introduced": "2.5.0"
        },
        {
            "fixed": "2.5.12"
        },
        {
            "introduced": "2.6.0"
        },
        {
            "fixed": "2.6.10"
        },
        {
            "introduced": "2.7.0"
        },
        {
            "fixed": "2.7.13"
        },
        {
            "introduced": "2.8.0"
        },
        {
            "fixed": "2.8.11"
        },
        {
            "introduced": "2.9.0"
        },
        {
            "fixed": "2.9.9"
        },
        {
            "introduced": "2.10.0"
        },
        {
            "fixed": "2.10.7"
        },
        {
            "introduced": "2.11.0"
        },
        {
            "fixed": "2.11.6"
        },
        {
            "introduced": "2.12.0"
        },
        {
            "fixed": "2.12.3"
        },
        {
            "introduced": "2.13.0"
        },
        {
            "fixed": "2.13.3"
        },
        {
            "introduced": "2.14.0"
        },
        {
            "fixed": "2.14.2"
        }
    ]
}

Affected versions

v2.*

v2.10.0

v2.10.1

v2.10.2

v2.10.3

v2.10.4

v2.10.5

v2.10.6

v2.11.0

v2.11.1

v2.11.2

v2.11.3

v2.11.4

v2.11.5

v2.12.0

v2.12.1

v2.12.2

v2.13.0

v2.13.1

v2.13.2

v2.14.0

v2.14.1

v2.5.0

v2.5.1

v2.5.10

v2.5.11

v2.5.2

v2.5.3

v2.5.4

v2.5.5

v2.5.6

v2.5.7

v2.5.8

v2.5.9

v2.6.0

v2.6.1

v2.6.2

v2.6.3

v2.6.4

v2.6.5

v2.6.6

v2.6.7

v2.6.8

v2.6.9

v2.7.0

v2.7.1

v2.7.10

v2.7.11

v2.7.12

v2.7.2

v2.7.3

v2.7.4

v2.7.5

v2.7.6

v2.7.7

v2.7.8

v2.7.9

v2.8.0

v2.8.1

v2.8.10

v2.8.2

v2.8.3

v2.8.4

v2.8.5

v2.8.6

v2.8.7

v2.8.8

v2.8.9

v2.9.0

v2.9.1

v2.9.2

v2.9.3

v2.9.4

v2.9.5

v2.9.6

v2.9.7

v2.9.8

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "33"
            }
        ]
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-35498.json"