ovs 2.6.0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the ovs package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
C Denial of Service (DoS) `ovs` is Open vSwitch library. Affected versions of the package are vulnerable to Denial of Service (DoS). In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extract_l4_tcp`, and `extract_l4_udp` that can be triggered remotely. How to fix Denial of Service (DoS)? Upgrade `ovs` to version 2.7.2 or higher.	[,2.7.2)
C Denial of Service (DoS) `ovs` is Open vSwitch library. Affected versions of the package are vulnerable to Denial of Service (DoS). In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`. How to fix Denial of Service (DoS)? Upgrade `ovs` to version 2.7.1 or higher.	[,2.7.1)
C Denial of Service (DoS) `ovs` is Open vSwitch library. Affected versions of the package are vulnerable to Denial of Service (DoS). In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`. How to fix Denial of Service (DoS)? Upgrade `ovs` to version 2.7.2 or higher.	[,2.7.2)

Vulnerability

Vulnerable Version

Denial of Service (DoS)

ovs is Open vSwitch library.

Affected versions of the package are vulnerable to Denial of Service (DoS). In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions extract_l3_ipv6, extract_l4_tcp, and extract_l4_udp that can be triggered remotely.

How to fix Denial of Service (DoS)?

Upgrade ovs to version 2.7.2 or higher.

[,2.7.2)

Denial of Service (DoS)

ovs is Open vSwitch library.

Affected versions of the package are vulnerable to Denial of Service (DoS). In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function ofputil_pull_queue_get_config_reply10 in lib/ofp-util.c.

How to fix Denial of Service (DoS)?

Upgrade ovs to version 2.7.1 or higher.

[,2.7.1)

Denial of Service (DoS)

ovs is Open vSwitch library.

Affected versions of the package are vulnerable to Denial of Service (DoS). In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in lib/ofp-util.c in the function ofputil_pull_ofp15_group_mod.

How to fix Denial of Service (DoS)?

Upgrade ovs to version 2.7.2 or higher.

[,2.7.2)

ovs@2.6.0 vulnerabilities

Open vSwitch library

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically