CVE-2017-9265

Published: 29 May 2017

In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
openvswitch
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 LTS (Xenial Xerus)
Released (2.5.2-0ubuntu0.16.04.2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not present])
Patches:
Upstream: https://github.com/openvswitch/ovs/commit/1752ea92dc11935e0595d208fdfe8203baf5b55c