var-202102-0421
Vulnerability from variot
A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. openvswitch Is vulnerable to a resource exhaustion.Denial of service (DoS) It may be put into a state.
Bug Fix(es):
-
[RFE] Add auto load balance params (BZ#1920121)
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: openvswitch2.11 security update Advisory ID: RHSA-2021:1050-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2021:1050 Issue date: 2021-03-31 CVE Names: CVE-2020-27827 CVE-2020-35498 ==================================================================== 1. Summary:
An update for openvswitch2.11 is now available in Red Hat Virtualization.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts - ppc64le, x86_64
- Description:
Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Security Fix(es):
-
openvswitch: limitation in the OVS packet parsing in userspace leads to DoS (CVE-2020-35498)
-
lldp/openvswitch: denial of service via externally triggered memory leak (CVE-2020-27827)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/2974891
- Package List:
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts:
Source: openvswitch2.11-2.11.3-86.el7fdp.src.rpm ovn2.11-2.11.1-57.el7fdp.src.rpm
ppc64le: openvswitch2.11-2.11.3-86.el7fdp.ppc64le.rpm openvswitch2.11-debuginfo-2.11.3-86.el7fdp.ppc64le.rpm openvswitch2.11-devel-2.11.3-86.el7fdp.ppc64le.rpm ovn2.11-2.11.1-57.el7fdp.ppc64le.rpm ovn2.11-debuginfo-2.11.1-57.el7fdp.ppc64le.rpm ovn2.11-host-2.11.1-57.el7fdp.ppc64le.rpm ovn2.11-vtep-2.11.1-57.el7fdp.ppc64le.rpm python-openvswitch2.11-2.11.3-86.el7fdp.ppc64le.rpm
x86_64: openvswitch2.11-2.11.3-86.el7fdp.x86_64.rpm openvswitch2.11-debuginfo-2.11.3-86.el7fdp.x86_64.rpm openvswitch2.11-devel-2.11.3-86.el7fdp.x86_64.rpm ovn2.11-2.11.1-57.el7fdp.x86_64.rpm ovn2.11-debuginfo-2.11.1-57.el7fdp.x86_64.rpm ovn2.11-host-2.11.1-57.el7fdp.x86_64.rpm ovn2.11-vtep-2.11.1-57.el7fdp.x86_64.rpm python-openvswitch2.11-2.11.3-86.el7fdp.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-27827 https://access.redhat.com/security/cve/CVE-2020-35498 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYGRyQ9zjgjWX9erEAQhrShAAoeVmG1YdiiU+KFMdloJYVujUHAfasBEU Lh4XW/2T4R+kLbrG+cNu6Whm5JrNMNHxcr7VCBzBxMH2BdmhbBc+UhxEVIAmq9Kd BvOQykUW++052BkY4Iqm7q9viXkZNR4SK9fN2PKwK2yPezslta+AMQfnRhNzHU2a zv2uMt+198ALo/NriH4E5MFX4L8J7gvI+w1M6WsTXET9PJ3okANav+3E6gtwgheq gC0B3z7pzBDlSCIGXAi4lZjjtOd+jrZaxie6ltuQ0GPvEBLZXr+w8g9Q9SFhoBLE nN2UuWzhAq66rFPCan5YHn41AUNtwvfu5MAWOwk3KDFXznS9exXsBBQjN25y4jcO xl8cFSkJRghyJE1V5N2F52I9rTtqCysOyyLhoMWuNcYn7oU+rcQ/WAonrheYtZqk t+iRwOf04o9Zt9ns9Q5iHG5aQwXq0rB+HAeGfb0+4izqUF43HWj2pyxtaPq2jQfa iph0VN0x2M4ENXpjtO8vctu8Q1SKk0exiIou2d1EI0Dt4INZs67ewJyi1XoZP8Uu xRUWSPDMaWHKYCXzBkVD6nJQNmLT2usb4rfc3SkqG1Wjr2ieiiQC6k1Z/wi+RKfW lRK6WqHZTaAf0mG3QIjqmXa1IbF9CcGzoCtpfitPiWL0l2aewVSiDjXRsCVBorkX O5fT6yRvUC8=XI93 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202311-16
https://security.gentoo.org/
Severity: Low Title: Open vSwitch: Multiple Vulnerabilities Date: November 26, 2023 Bugs: #765346, #769995, #803107, #887561 ID: 202311-16
Synopsis
Multiple denial of service vulnerabilites have been found in Open vSwitch.
Background
Open vSwitch is a production quality multilayer virtual switch.
Affected packages
Package Vulnerable Unaffected
net-misc/openvswitch < 2.17.6 >= 2.17.6
Description
Multiple vulnerabilities have been discovered in Open vSwitch. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Open vSwitch users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/openvswitch-2.17.6"
References
[ 1 ] CVE-2020-27827 https://nvd.nist.gov/vuln/detail/CVE-2020-27827 [ 2 ] CVE-2020-35498 https://nvd.nist.gov/vuln/detail/CVE-2020-35498 [ 3 ] CVE-2021-3905 https://nvd.nist.gov/vuln/detail/CVE-2021-3905 [ 4 ] CVE-2021-36980 https://nvd.nist.gov/vuln/detail/CVE-2021-36980 [ 5 ] CVE-2022-4337 https://nvd.nist.gov/vuln/detail/CVE-2022-4337 [ 6 ] CVE-2022-4338 https://nvd.nist.gov/vuln/detail/CVE-2022-4338 [ 7 ] CVE-2023-1668 https://nvd.nist.gov/vuln/detail/CVE-2023-1668
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202311-16
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-0421",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openvswitch",
"scope": "gte",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.5.0"
},
{
"model": "openvswitch",
"scope": "lt",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.8.11"
},
{
"model": "openvswitch",
"scope": "gte",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.12.0"
},
{
"model": "openvswitch",
"scope": "gte",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.11.0"
},
{
"model": "openvswitch",
"scope": "gte",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.8.0"
},
{
"model": "openvswitch",
"scope": "gte",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.6.0"
},
{
"model": "openvswitch",
"scope": "gte",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.9.0"
},
{
"model": "openvswitch",
"scope": "lt",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.14.2"
},
{
"model": "openvswitch",
"scope": "lt",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.10.7"
},
{
"model": "openvswitch",
"scope": "lt",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.11.6"
},
{
"model": "openvswitch",
"scope": "lt",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.9.9"
},
{
"model": "openvswitch",
"scope": "gte",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "openvswitch",
"scope": "lt",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.7.13"
},
{
"model": "openvswitch",
"scope": "gte",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.14.0"
},
{
"model": "openvswitch",
"scope": "gte",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.7.0"
},
{
"model": "openvswitch",
"scope": "gte",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.13.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "openvswitch",
"scope": "lt",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.12.3"
},
{
"model": "openvswitch",
"scope": "lt",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.13.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "openvswitch",
"scope": "lt",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.6.10"
},
{
"model": "openvswitch",
"scope": "lt",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.5.12"
},
{
"model": "open vswitch",
"scope": null,
"trust": 0.8,
"vendor": "open vswitch",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016051"
},
{
"db": "NVD",
"id": "CVE-2020-35498"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "162733"
},
{
"db": "PACKETSTORM",
"id": "163180"
},
{
"db": "PACKETSTORM",
"id": "161391"
},
{
"db": "PACKETSTORM",
"id": "161785"
},
{
"db": "PACKETSTORM",
"id": "162044"
},
{
"db": "PACKETSTORM",
"id": "161781"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1013"
}
],
"trust": 1.2
},
"cve": "CVE-2020-35498",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-35498",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-377694",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-35498",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-35498",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-35498",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-35498",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-1013",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-377694",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-35498",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377694"
},
{
"db": "VULMON",
"id": "CVE-2020-35498"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016051"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1013"
},
{
"db": "NVD",
"id": "CVE-2020-35498"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. openvswitch Is vulnerable to a resource exhaustion.Denial of service (DoS) It may be put into a state. \n\nBug Fix(es):\n\n* [RFE] Add auto load balance params (BZ#1920121)\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: openvswitch2.11 security update\nAdvisory ID: RHSA-2021:1050-01\nProduct: Red Hat Virtualization\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1050\nIssue date: 2021-03-31\nCVE Names: CVE-2020-27827 CVE-2020-35498\n====================================================================\n1. Summary:\n\nAn update for openvswitch2.11 is now available in Red Hat Virtualization. \n\nRed Hat Product Security has rated this update as having a security impact\nof\nModerate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Virtualization 4 Management Agent for RHEL 7 Hosts - ppc64le, x86_64\n\n3. Description:\n\nOpen vSwitch provides standard network bridging functions and support for\nthe OpenFlow protocol for remote per-flow control of traffic. \n\nSecurity Fix(es):\n\n* openvswitch: limitation in the OVS packet parsing in userspace leads to\nDoS (CVE-2020-35498)\n\n* lldp/openvswitch: denial of service via externally triggered memory leak\n(CVE-2020-27827)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2974891\n\n5. Package List:\n\nRed Hat Virtualization 4 Management Agent for RHEL 7 Hosts:\n\nSource:\nopenvswitch2.11-2.11.3-86.el7fdp.src.rpm\novn2.11-2.11.1-57.el7fdp.src.rpm\n\nppc64le:\nopenvswitch2.11-2.11.3-86.el7fdp.ppc64le.rpm\nopenvswitch2.11-debuginfo-2.11.3-86.el7fdp.ppc64le.rpm\nopenvswitch2.11-devel-2.11.3-86.el7fdp.ppc64le.rpm\novn2.11-2.11.1-57.el7fdp.ppc64le.rpm\novn2.11-debuginfo-2.11.1-57.el7fdp.ppc64le.rpm\novn2.11-host-2.11.1-57.el7fdp.ppc64le.rpm\novn2.11-vtep-2.11.1-57.el7fdp.ppc64le.rpm\npython-openvswitch2.11-2.11.3-86.el7fdp.ppc64le.rpm\n\nx86_64:\nopenvswitch2.11-2.11.3-86.el7fdp.x86_64.rpm\nopenvswitch2.11-debuginfo-2.11.3-86.el7fdp.x86_64.rpm\nopenvswitch2.11-devel-2.11.3-86.el7fdp.x86_64.rpm\novn2.11-2.11.1-57.el7fdp.x86_64.rpm\novn2.11-debuginfo-2.11.1-57.el7fdp.x86_64.rpm\novn2.11-host-2.11.1-57.el7fdp.x86_64.rpm\novn2.11-vtep-2.11.1-57.el7fdp.x86_64.rpm\npython-openvswitch2.11-2.11.3-86.el7fdp.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-27827\nhttps://access.redhat.com/security/cve/CVE-2020-35498\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYGRyQ9zjgjWX9erEAQhrShAAoeVmG1YdiiU+KFMdloJYVujUHAfasBEU\nLh4XW/2T4R+kLbrG+cNu6Whm5JrNMNHxcr7VCBzBxMH2BdmhbBc+UhxEVIAmq9Kd\nBvOQykUW++052BkY4Iqm7q9viXkZNR4SK9fN2PKwK2yPezslta+AMQfnRhNzHU2a\nzv2uMt+198ALo/NriH4E5MFX4L8J7gvI+w1M6WsTXET9PJ3okANav+3E6gtwgheq\ngC0B3z7pzBDlSCIGXAi4lZjjtOd+jrZaxie6ltuQ0GPvEBLZXr+w8g9Q9SFhoBLE\nnN2UuWzhAq66rFPCan5YHn41AUNtwvfu5MAWOwk3KDFXznS9exXsBBQjN25y4jcO\nxl8cFSkJRghyJE1V5N2F52I9rTtqCysOyyLhoMWuNcYn7oU+rcQ/WAonrheYtZqk\nt+iRwOf04o9Zt9ns9Q5iHG5aQwXq0rB+HAeGfb0+4izqUF43HWj2pyxtaPq2jQfa\niph0VN0x2M4ENXpjtO8vctu8Q1SKk0exiIou2d1EI0Dt4INZs67ewJyi1XoZP8Uu\nxRUWSPDMaWHKYCXzBkVD6nJQNmLT2usb4rfc3SkqG1Wjr2ieiiQC6k1Z/wi+RKfW\nlRK6WqHZTaAf0mG3QIjqmXa1IbF9CcGzoCtpfitPiWL0l2aewVSiDjXRsCVBorkX\nO5fT6yRvUC8=XI93\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202311-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Open vSwitch: Multiple Vulnerabilities\n Date: November 26, 2023\n Bugs: #765346, #769995, #803107, #887561\n ID: 202311-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple denial of service vulnerabilites have been found in Open\nvSwitch. \n\nBackground\n=========\nOpen vSwitch is a production quality multilayer virtual switch. \n\nAffected packages\n================\nPackage Vulnerable Unaffected\n-------------------- ------------ ------------\nnet-misc/openvswitch \u003c 2.17.6 \u003e= 2.17.6\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Open vSwitch. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Open vSwitch users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/openvswitch-2.17.6\"\n\nReferences\n=========\n[ 1 ] CVE-2020-27827\n https://nvd.nist.gov/vuln/detail/CVE-2020-27827\n[ 2 ] CVE-2020-35498\n https://nvd.nist.gov/vuln/detail/CVE-2020-35498\n[ 3 ] CVE-2021-3905\n https://nvd.nist.gov/vuln/detail/CVE-2021-3905\n[ 4 ] CVE-2021-36980\n https://nvd.nist.gov/vuln/detail/CVE-2021-36980\n[ 5 ] CVE-2022-4337\n https://nvd.nist.gov/vuln/detail/CVE-2022-4337\n[ 6 ] CVE-2022-4338\n https://nvd.nist.gov/vuln/detail/CVE-2022-4338\n[ 7 ] CVE-2023-1668\n https://nvd.nist.gov/vuln/detail/CVE-2023-1668\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202311-16\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2023 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-35498"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016051"
},
{
"db": "VULHUB",
"id": "VHN-377694"
},
{
"db": "VULMON",
"id": "CVE-2020-35498"
},
{
"db": "PACKETSTORM",
"id": "162733"
},
{
"db": "PACKETSTORM",
"id": "163180"
},
{
"db": "PACKETSTORM",
"id": "161391"
},
{
"db": "PACKETSTORM",
"id": "161785"
},
{
"db": "PACKETSTORM",
"id": "162044"
},
{
"db": "PACKETSTORM",
"id": "161781"
},
{
"db": "PACKETSTORM",
"id": "175917"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-35498",
"trust": 3.3
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/02/10/4",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "162733",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "161781",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162044",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016051",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "161369",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162017",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.1086",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1780",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1109",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0639",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0558",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0907",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052513",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1013",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "163180",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161391",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161785",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161789",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-377694",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-35498",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175917",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377694"
},
{
"db": "VULMON",
"id": "CVE-2020-35498"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016051"
},
{
"db": "PACKETSTORM",
"id": "162733"
},
{
"db": "PACKETSTORM",
"id": "163180"
},
{
"db": "PACKETSTORM",
"id": "161391"
},
{
"db": "PACKETSTORM",
"id": "161785"
},
{
"db": "PACKETSTORM",
"id": "162044"
},
{
"db": "PACKETSTORM",
"id": "161781"
},
{
"db": "PACKETSTORM",
"id": "175917"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1013"
},
{
"db": "NVD",
"id": "CVE-2020-35498"
}
]
},
"id": "VAR-202102-0421",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-377694"
}
],
"trust": 0.01
},
"last_update_date": "2024-09-19T21:23:36.816000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Support\u00a0extra\u00a0padding\u00a0length.",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html"
},
{
"title": "Openvswitch Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=141425"
},
{
"title": "Red Hat: Moderate: openvswitch2.13 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210497 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: openvswitch: CVE-2020-35498",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=a554431bcc9407eef1a141b6e575cb4e"
},
{
"title": "Debian Security Advisories: DSA-4852-1 openvswitch -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=c9bcacbfe71a4f464b907181265aa5c1"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-35498 log"
},
{
"title": "Citrix Security Bulletins: Citrix Hypervisor Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=8e2fb4ccf2485f0ebad63c7a058cb7a3"
},
{
"title": "cve-2020-35498-flag",
"trust": 0.1,
"url": "https://github.com/freddierice/cve-2020-35498-flag "
},
{
"title": "PoC",
"trust": 0.1,
"url": "https://github.com/Jonathan-Elias/PoC "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/developer3000S/PoC-in-GitHub "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-35498"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016051"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1013"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "Resource exhaustion (CWE-400) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377694"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016051"
},
{
"db": "NVD",
"id": "CVE-2020-35498"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908845"
},
{
"trust": 1.9,
"url": "https://www.debian.org/security/2021/dsa-4852"
},
{
"trust": 1.8,
"url": "https://www.openwall.com/lists/oss-security/2021/02/10/4"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35498"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35498"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202311-16"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/uj4dxfjwmz325eczxpzosk7boedjzhpr/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/uj4dxfjwmz325eczxpzosk7boedjzhpr/"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27827"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-27827"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162733/red-hat-security-advisory-2021-2077-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0639"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0907"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052513"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0558"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162017/red-hat-security-advisory-2021-0957-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161781/red-hat-security-advisory-2021-0834-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1109"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1780"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1086"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/open-vswitch-denial-of-service-via-ip-with-ethernet-padding-34548"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161369/ubuntu-security-notice-usn-4729-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162044/red-hat-security-advisory-2021-1050-01.html"
},
{
"trust": 0.5,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2021:0497"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 0.1,
"url": "https://github.com/freddierice/cve-2020-35498-flag"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8011"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-8011"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2077"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2456"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0837"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/2974891"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1050"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0834"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3905"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4337"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4338"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-1668"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36980"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377694"
},
{
"db": "VULMON",
"id": "CVE-2020-35498"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016051"
},
{
"db": "PACKETSTORM",
"id": "162733"
},
{
"db": "PACKETSTORM",
"id": "163180"
},
{
"db": "PACKETSTORM",
"id": "161391"
},
{
"db": "PACKETSTORM",
"id": "161785"
},
{
"db": "PACKETSTORM",
"id": "162044"
},
{
"db": "PACKETSTORM",
"id": "161781"
},
{
"db": "PACKETSTORM",
"id": "175917"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1013"
},
{
"db": "NVD",
"id": "CVE-2020-35498"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-377694"
},
{
"db": "VULMON",
"id": "CVE-2020-35498"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016051"
},
{
"db": "PACKETSTORM",
"id": "162733"
},
{
"db": "PACKETSTORM",
"id": "163180"
},
{
"db": "PACKETSTORM",
"id": "161391"
},
{
"db": "PACKETSTORM",
"id": "161785"
},
{
"db": "PACKETSTORM",
"id": "162044"
},
{
"db": "PACKETSTORM",
"id": "161781"
},
{
"db": "PACKETSTORM",
"id": "175917"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1013"
},
{
"db": "NVD",
"id": "CVE-2020-35498"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-11T00:00:00",
"db": "VULHUB",
"id": "VHN-377694"
},
{
"date": "2021-02-11T00:00:00",
"db": "VULMON",
"id": "CVE-2020-35498"
},
{
"date": "2021-11-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-016051"
},
{
"date": "2021-05-20T22:17:24",
"db": "PACKETSTORM",
"id": "162733"
},
{
"date": "2021-06-17T17:37:26",
"db": "PACKETSTORM",
"id": "163180"
},
{
"date": "2021-02-11T15:26:10",
"db": "PACKETSTORM",
"id": "161391"
},
{
"date": "2021-03-15T19:01:34",
"db": "PACKETSTORM",
"id": "161785"
},
{
"date": "2021-03-31T14:36:24",
"db": "PACKETSTORM",
"id": "162044"
},
{
"date": "2021-03-15T17:26:06",
"db": "PACKETSTORM",
"id": "161781"
},
{
"date": "2023-11-27T15:42:18",
"db": "PACKETSTORM",
"id": "175917"
},
{
"date": "2021-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-1013"
},
{
"date": "2021-02-11T18:15:15.677000",
"db": "NVD",
"id": "CVE-2020-35498"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-17T00:00:00",
"db": "VULHUB",
"id": "VHN-377694"
},
{
"date": "2021-03-17T00:00:00",
"db": "VULMON",
"id": "CVE-2020-35498"
},
{
"date": "2021-11-02T08:58:00",
"db": "JVNDB",
"id": "JVNDB-2020-016051"
},
{
"date": "2021-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-1013"
},
{
"date": "2023-11-26T11:15:07.937000",
"db": "NVD",
"id": "CVE-2020-35498"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "162733"
},
{
"db": "PACKETSTORM",
"id": "163180"
},
{
"db": "PACKETSTORM",
"id": "161391"
},
{
"db": "PACKETSTORM",
"id": "161785"
},
{
"db": "PACKETSTORM",
"id": "162044"
},
{
"db": "PACKETSTORM",
"id": "161781"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1013"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "openvswitch\u00a0 Resource Depletion Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016051"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-1013"
}
],
"trust": 0.6
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.