CVE Tools

openvswitch

Networking Infrastructureoss-project

9

Cumulative CVEs

3

Monthly snapshots

#73

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting openvswitch.

CVE-2023-3966Openvswsitch: ovs-vswitch fails to recover after malformed geneve metadata packet7.5Feb 22, 2024
CVE-2024-22563openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c.7.5Jan 19, 2024
CVE-2023-5366Openvswitch don't match packets on nd_target field7.1Oct 6, 2023
CVE-2022-4337An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.9.8Jan 10, 2023
CVE-2022-4338An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.9.8Jan 10, 2023
CVE-2019-25076The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data that ...5.8Sep 8, 2022
CVE-2022-0669A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages ...6.5Aug 29, 2022
CVE-2021-3905A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.7.5Aug 23, 2022
CVE-2021-36980Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action.5.5Jul 20, 2021
CVE-2020-27827A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial ...7.5Mar 18, 2021
CVE-2020-35498A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow...7.5Feb 11, 2021
CVE-2018-17206An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding.4.9Sep 19, 2018
CVE-2018-17204An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and comm...4.3Sep 19, 2018
CVE-2018-17205An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofprot...7.5Sep 19, 2018
CVE-2017-14970In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, st...5.9Oct 1, 2017