CVE-2017-9263

Published: 29 May 2017

In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
openvswitch
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 LTS (Xenial Xerus)
Released (2.5.2-0ubuntu0.16.04.2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not present])
Ubuntu 12.04 ESM (Precise Pangolin) Does not exist

Patches:
Upstream: https://github.com/openvswitch/ovs/commit/b76d4a81b8fbbc339d33b767e141c473ba350678