CVE-2018-17204

EUVD-2018-8966
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. This causes an assertion failure (via OVS_NOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
Affected Products (NVD)
VendorProductVersion
openvswitchopenvswitch
2.7.0 ≤
𝑥
≤ 2.7.6
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openvswitch
bookworm
3.1.0-2+deb12u1
fixed
bookworm (security)
3.1.0-2+deb12u1
fixed
bullseye
2.15.0+ds1-2+deb11u5
fixed
bullseye (security)
2.15.0+ds1-2+deb11u5
fixed
jessie
not-affected
sid
3.4.0-1
fixed
trixie
3.4.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openvswitch
bionic
Fixed 2.9.2-0ubuntu0.18.04.3
released
cosmic
not-affected
trusty
dne
xenial
Fixed 2.5.5-0ubuntu0.16.04.2
released
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2018:3500
https://access.redhat.com/errata/RHSA-2019:0053
https://access.redhat.com/errata/RHSA-2019:0081
https://github.com/openvswitch/ovs/commit/4af6da3b275b764b1afe194df6499b33d2bf4cde
https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html
https://usn.ubuntu.com/3873-1/
https://access.redhat.com/errata/RHSA-2018:3500
https://access.redhat.com/errata/RHSA-2019:0053
https://access.redhat.com/errata/RHSA-2019:0081
https://github.com/openvswitch/ovs/commit/4af6da3b275b764b1afe194df6499b33d2bf4cde
https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html
https://usn.ubuntu.com/3873-1/