Openvswitch
By the Year
In 2024 there have been 1 vulnerability in Openvswitch with an average score of 7.5 out of ten. Last year Openvswitch had 3 security vulnerabilities published. At the current rates, it appears that the number of vulnerabilities last year and this year may equal out. Last year, the average CVE base score was greater by 0.87
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 1 | 7.50 |
| 2023 | 3 | 8.37 |
| 2022 | 3 | 6.60 |
| 2021 | 3 | 6.83 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 3 | 5.57 |
It may take a day or so for new Openvswitch vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Openvswitch Security Vulnerabilities
openvswitch 2.17.8 was discovered to contain a memory leak
CVE-2024-22563
7.5 - High
- January 19, 2024
openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c.
Memory Leak
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules
CVE-2023-5366
5.5 - Medium
- October 06, 2023
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.
Insufficient Verification of Data Authenticity
An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.
CVE-2022-4338
9.8 - Critical
- January 10, 2023
An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.
Out-of-bounds Read
An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.
CVE-2022-4337
9.8 - Critical
- January 10, 2023
An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.
Out-of-bounds Read
The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data
CVE-2019-25076
5.8 - Medium
- September 08, 2022
The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache, aka a Tuple Space Explosion (TSE) attack.
A flaw was found in dpdk
CVE-2022-0669
6.5 - Medium
- August 29, 2022
A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.
A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing
CVE-2021-3905
7.5 - High
- August 23, 2022
A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.
Memory Leak
Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called
CVE-2021-36980
5.5 - Medium
- July 20, 2021
Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action.
Dangling pointer
A flaw was found in multiple versions of OpenvSwitch
CVE-2020-27827
7.5 - High
- March 18, 2021
A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.
Resource Exhaustion
A vulnerability was found in openvswitch
CVE-2020-35498
7.5 - High
- February 11, 2021
A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.
Resource Exhaustion
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c
CVE-2018-17204
4.3 - Medium
- September 19, 2018
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. This causes an assertion failure (via OVS_NOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default.
assertion failure
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c
CVE-2018-17205
7.5 - High
- September 19, 2018
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group id that does not exist), OvS tries to revert back all previous flows that were successfully applied from the same bundle. This is possible since OvS maintains list of old flows that were replaced by flows from the bundle. While reinserting old flows, OvS has an assertion failure due to a check on rule state != RULE_INITIALIZED. This would work for new flows, but for an old flow the rule state is RULE_REMOVED. The assertion failure causes an OvS crash.
assertion failure
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6
CVE-2018-17206
4.9 - Medium
- September 19, 2018
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding.
Out-of-bounds Read
In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read
CVE-2017-9214
9.8 - Critical
- May 23, 2017
In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.
Integer underflow
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Debian Linux or by Openvswitch? Click the Watch button to subscribe.
