[ovs-dev] Bug#877543: CVE-2017-14970

Moritz Mühlenhoff jmm at inutil.org
Mon Oct 2 18:33:30 UTC 2017


On Mon, Oct 02, 2017 at 10:33:06AM -0700, Ben Pfaff wrote:
> On Mon, Oct 02, 2017 at 07:17:59PM +0200, Moritz Muehlenhoff wrote:
> > Source: openvswitch
> > Severity: important
> > Tags: security
> > 
> > Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14970
> 
> We don't think that these memory leaks are important because they can
> only come from the OpenFlow controller, which has more powerful ways to
> force memory allocations; for example, by inserting large numbers of
> flows.

Ok. We've only learned about this CVE ID from the daily feed updates
from MITRE. Since you're upstream, could you contact MITRE via
https://cveform.mitre.org (and selecting the "Request an update to an 
existing CVE Entry" option) to have them mark the CVE ID as disputed
or rejected?

Cheers,
        Moritz


More information about the dev mailing list