[ovs-dev] Bug#863661: openvswitch: CVE-2017-9264

Ben Pfaff blp at ovn.org
Mon May 29 23:35:30 UTC 2017


severity 863661 normal
thanks

On Mon, May 29, 2017 at 10:14:49PM +0200, Salvatore Bonaccorso wrote:
> Source: openvswitch
> Version: 2.6.2~pre+git20161223-3
> Severity: important
> Tags: patch upstream security
> 
> Hi,
> 
> the following vulnerability was published for openvswitch.
> 
> CVE-2017-9264[0]:
> | In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS)
> | 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP,
> | and IPv6 packets in the functions `extract_l3_ipv6`, `extract_l4_tcp`,
> | and `extract_l4_udp` that can be triggered remotely.
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

This only affects the userspace datapath, most often used in the context
of DPDK, which isn't enabled in the Debian packaging.  In addition, the
fact that it's a buffer overread (which makes it difficult to use to
crash OVS or change its behavior) and the fact that end-to-end TCP
checksum verification would catch it leads me to believe that this is
only "normal" severity, so I'm updating it (with this email).

Thanks,

Ben.


More information about the dev mailing list