A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/CVE-2021-3905 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2019692 | Issue Tracking Patch Third Party Advisory |
https://github.com/openvswitch/ovs-issues/issues/226 | Exploit Issue Tracking Patch Third Party Advisory |
https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349 | Patch Third Party Advisory |
https://security.gentoo.org/glsa/202311-16 | |
https://ubuntu.com/security/CVE-2021-3905 | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
26 Nov 2023, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2022-08-23 16:15
Updated : 2024-02-28 19:29
NVD link : CVE-2021-3905
Mitre link : CVE-2021-3905
CVE.ORG link : CVE-2021-3905
JSON object : View
Products Affected
fedoraproject
- fedora
canonical
- ubuntu_linux
openvswitch
- openvswitch
redhat
- enterprise_linux_fast_datapath
CWE
CWE-401
Missing Release of Memory after Effective Lifetime