CVE-2016-10377

Published: 29 May 2017

In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in `lib/flow.c` in the function `miniflow_extract`, permitting remote bypass of the access control list enforced by the switch.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
openvswitch
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.1+git20161123-1)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(2.5.2-0ubuntu0.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not present])