CVE-2017-14970

{"id": "CVE-2017-14970", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2017-10-02T01:29:00.517", "references": [{"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339085.html", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339086.html", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339085.html", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339086.html", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-772"}]}], "descriptions": [{"lang": "en", "value": "In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating \"it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table.\""}, {"lang": "es", "value": "En lib/ofp-util.c en Open vSwitch (OvS) en versiones anteriores a 2.8.1, hay m\u00faltiples fugas de memoria al analizar sint\u00e1cticamente mensajes mod grupales OpenFlow malformados. NOTA: El proveedor discute la relevancia de este informe, diciendo que \"solo puede ser iniciado mediante un controlador OpenFlow, pero los controladores OpenFlow tienen formas mucho m\u00e1s directas y poderosas para forzar a Open vSwitch a asignar memoria, como insertando flujos en la tabla de flujo\"."}], "lastModified": "2024-11-21T03:13:52.130", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D9C4206-5C67-41FD-BEF0-80EFBF9A18D2", "versionEndIncluding": "2.8.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}