CVE-2018-17204

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-17204

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-17204.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-17204

Related

Published

2018-09-19T16:29:00Z

Modified

2024-09-18T02:12:40.674942Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parsegrouppropntrselectionmethod in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. This causes an assertion failure (via OVSNOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default.

References

Affected packages

Debian:11 / openvswitch

Package

Name: openvswitch
Purl: pkg:deb/debian/openvswitch?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.10.0+2018.08.28+git.8ca7c82b7d+ds1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / openvswitch

Package

Name: openvswitch
Purl: pkg:deb/debian/openvswitch?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.10.0+2018.08.28+git.8ca7c82b7d+ds1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / openvswitch

Package

Name: openvswitch
Purl: pkg:deb/debian/openvswitch?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.10.0+2018.08.28+git.8ca7c82b7d+ds1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/openvswitch/ovs

Affected ranges

Type: GIT
Repo: https://github.com/openvswitch/ovs
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4af6da3b275b764b1afe194df6499b33d2bf4cde

Affected versions

v0.*

v0.90.0

v0.90.1

v0.90.2

v0.90.3

v0.90.4

v0.90.6

v0.90.7

v0.99.0

v0.99.1

v0.99.2

v1.*

v1.0.0

v1.0.1

v1.1.0pre1

v1.1.0pre2

v2.*

v2.7.0

v2.7.1

v2.7.2

v2.7.3

v2.7.4

v2.7.5

v2.7.6