CVE-2017-9214

Published: 23 May 2017

In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
openvswitch
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 LTS (Xenial Xerus)
Released (2.5.2-0ubuntu0.16.04.2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not present])
Patches:
Upstream: https://github.com/openvswitch/ovs/commit/fafbfa6ea46911aeb0083f166fed215ca71e22b6