[ovs-dev] Bug#877543: CVE-2017-14970

Ben Pfaff blp at ovn.org
Mon Oct 2 19:03:14 UTC 2017


On Mon, Oct 02, 2017 at 08:33:30PM +0200, Moritz Mühlenhoff wrote:
> On Mon, Oct 02, 2017 at 10:33:06AM -0700, Ben Pfaff wrote:
> > On Mon, Oct 02, 2017 at 07:17:59PM +0200, Moritz Muehlenhoff wrote:
> > > Source: openvswitch
> > > Severity: important
> > > Tags: security
> > > 
> > > Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14970
> > 
> > We don't think that these memory leaks are important because they can
> > only come from the OpenFlow controller, which has more powerful ways to
> > force memory allocations; for example, by inserting large numbers of
> > flows.
> 
> Ok. We've only learned about this CVE ID from the daily feed updates
> from MITRE. Since you're upstream, could you contact MITRE via
> https://cveform.mitre.org (and selecting the "Request an update to an 
> existing CVE Entry" option) to have them mark the CVE ID as disputed
> or rejected?

OK, done.


More information about the dev mailing list