Your submission was sent successfully! Close

CVE-2021-3905

Published: 8 November 2021

A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.

Notes

AuthorNote
mdeslaur
introduced by https://github.com/openvswitch/ovs/commit/640d4db788eda96bb904abcfc7de2327107bafe1
Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
openvswitch
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(2.9.8-0ubuntu0.18.04.2)
focal Not vulnerable
(2.13.3-0ubuntu0.20.04.2)
hirsute Not vulnerable
(2.15.0-0ubuntu3.1)
impish
Released (2.16.0-0ubuntu2.1)
jammy Not vulnerable
(2.17.0~git20220105.0d1ffb7-0ubuntu1)
trusty Ignored
(out of standard support)
upstream Needs triage

xenial Not vulnerable
(code not present)
Patches:
upstream: https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349