Vulnerabilities > Openvswitch > Openvswitch > 2.7.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-05-29 | CVE-2017-9265 | Out-of-bounds Read vulnerability in Openvswitch 2.7.0 In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`. | 7.5 |
2017-05-29 | CVE-2017-9263 | Improper Input Validation vulnerability in Openvswitch 2.7.0 In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch. | 3.3 |
2017-05-23 | CVE-2017-9214 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`. | 7.5 |