CVE-2017-9214
Severity CVSS v4.0:
Pending analysis
Type:
CWE-191
Integer Underflow (Wrap or Wraparound)
Publication date:
23/05/2017
Last modified:
20/04/2025
Description
In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:openvswitch:openvswitch:2.7.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:virtualization:4.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:virtualization_manager:4.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://access.redhat.com/errata/RHSA-2017:2418
- https://access.redhat.com/errata/RHSA-2017:2553
- https://access.redhat.com/errata/RHSA-2017:2648
- https://access.redhat.com/errata/RHSA-2017:2665
- https://access.redhat.com/errata/RHSA-2017:2692
- https://access.redhat.com/errata/RHSA-2017:2698
- https://access.redhat.com/errata/RHSA-2017:2727
- https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html
- https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332711.html
- https://access.redhat.com/errata/RHSA-2017:2418
- https://access.redhat.com/errata/RHSA-2017:2553
- https://access.redhat.com/errata/RHSA-2017:2648
- https://access.redhat.com/errata/RHSA-2017:2665
- https://access.redhat.com/errata/RHSA-2017:2692
- https://access.redhat.com/errata/RHSA-2017:2698
- https://access.redhat.com/errata/RHSA-2017:2727
- https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html
- https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332711.html