OESA-2021-1179

A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.(CVE-2020-35498)

A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.(CVE-2020-27827)

Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries.(CVE-2015-8011)

Database specific

{
    "severity": "Critical"
}

References

Affected packages

openEuler:20.03-LTS-SP1 / openvswitch

Package

Name: openvswitch
Purl: pkg:rpm/openEuler/openvswitch&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.12.0-11.oe1

Ecosystem specific

{
    "aarch64": [
        "openvswitch-help-2.12.0-11.oe1.aarch64.rpm",
        "openvswitch-devel-2.12.0-11.oe1.aarch64.rpm",
        "openvswitch-debuginfo-2.12.0-11.oe1.aarch64.rpm",
        "openvswitch-2.12.0-11.oe1.aarch64.rpm",
        "openvswitch-debugsource-2.12.0-11.oe1.aarch64.rpm"
    ],
    "src": [
        "openvswitch-2.12.0-11.oe1.src.rpm"
    ],
    "x86_64": [
        "openvswitch-devel-2.12.0-11.oe1.x86_64.rpm",
        "openvswitch-debuginfo-2.12.0-11.oe1.x86_64.rpm",
        "openvswitch-help-2.12.0-11.oe1.x86_64.rpm",
        "openvswitch-2.12.0-11.oe1.x86_64.rpm",
        "openvswitch-debugsource-2.12.0-11.oe1.x86_64.rpm"
    ]
}