CVE-2021-3905

A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
VendorProductVersion
openvswitchopenvswitch
𝑥
< 2.17.0
redhatenterprise_linux_fast_datapath
7.0
redhatenterprise_linux_fast_datapath
8.0
canonicalubuntu_linux
21.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openvswitch
bullseye (security)
2.15.0+ds1-2+deb11u5
fixed
bullseye
2.15.0+ds1-2+deb11u5
fixed
bookworm
3.1.0-2+deb12u1
fixed
bookworm (security)
3.1.0-2+deb12u1
fixed
sid
3.4.0-1
fixed
trixie
3.4.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openvswitch
jammy
not-affected
impish
Fixed 2.16.0-0ubuntu2.1
released
hirsute
not-affected
focal
not-affected
bionic
not-affected
xenial
not-affected
trusty
ignored
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2021-3905
https://bugzilla.redhat.com/show_bug.cgi?id=2019692
https://github.com/openvswitch/ovs-issues/issues/226
https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349
https://security.gentoo.org/glsa/202311-16
https://ubuntu.com/security/CVE-2021-3905
https://access.redhat.com/security/cve/CVE-2021-3905
https://bugzilla.redhat.com/show_bug.cgi?id=2019692
https://github.com/openvswitch/ovs-issues/issues/226
https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349
https://security.gentoo.org/glsa/202311-16
https://ubuntu.com/security/CVE-2021-3905