VDB
CVE-2018-17204
CVE-2018-17204
PUBLISHED
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. This causes an assertion failure (via OVS_NOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default.
EPSS 1.13% · 78.6th percentile
Risk Scores
EPSS Score
1.13%
78.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | openvswitch | 0, 2.8.1-0ubuntu2, 2.8.1-0ubuntu3 |
| Ubuntu:16.04:LTS | openvswitch | 2.5.2-0ubuntu0.16.04.2, 2.5.4-0ubuntu0.16.04.1, 2.5.5-0ubuntu0.16.04.1 |
Timeline
- Sep 19, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 25, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 27, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 2, 2022 EPSS Score
- Nov 5, 2022 EPSS Score
- Jan 7, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-17204 third-party-advisory
- https://ubuntu.com/security/notices/USN-3873-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-17204 third-party-advisory