ALT-PU-2017-1535-1
Package openvswitch updated to version 2.5.2-alt1.M80P.1 for branch p8 in task 182235.
Closed vulnerabilities
Published: 2016-07-03
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2016-2074
Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command.
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- http://openvswitch.org/pipermail/announce/2016-March/000082.html
- http://openvswitch.org/pipermail/announce/2016-March/000083.html
- http://rhn.redhat.com/errata/RHSA-2016-0523.html
- http://rhn.redhat.com/errata/RHSA-2016-0524.html
- http://rhn.redhat.com/errata/RHSA-2016-0537.html
- http://www.debian.org/security/2016/dsa-3533
- http://www.securityfocus.com/bid/85700
- https://access.redhat.com/errata/RHSA-2016:0615
- https://bugzilla.redhat.com/show_bug.cgi?id=1318553
- https://security-tracker.debian.org/tracker/CVE-2016-2074
- https://security.gentoo.org/glsa/201701-07
- https://support.citrix.com/article/CTX232655
- http://openvswitch.org/pipermail/announce/2016-March/000082.html
- http://openvswitch.org/pipermail/announce/2016-March/000083.html
- http://rhn.redhat.com/errata/RHSA-2016-0523.html
- http://rhn.redhat.com/errata/RHSA-2016-0524.html
- http://rhn.redhat.com/errata/RHSA-2016-0537.html
- http://www.debian.org/security/2016/dsa-3533
- http://www.securityfocus.com/bid/85700
- https://access.redhat.com/errata/RHSA-2016:0615
- https://bugzilla.redhat.com/show_bug.cgi?id=1318553
- https://security-tracker.debian.org/tracker/CVE-2016-2074
- https://security.gentoo.org/glsa/201701-07
- https://support.citrix.com/article/CTX232655
Published: 2022-09-28
Modified: 2025-05-21
Modified: 2025-05-21
CVE-2022-32166
In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.
Severity: MEDIUM (6.1)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
References:
- https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73
- https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html
- https://www.mend.io/vulnerability-database/CVE-2022-32166
- https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73
- https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html
- https://www.mend.io/vulnerability-database/CVE-2022-32166