VDB

CVE-2020-35498

CVE-2020-35498 PUBLISHED

A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.

EPSS 5.69% · 90.6th percentile

Risk Scores

EPSS Score
5.69%
90.6th percentile

Affected Products

VendorProductVersions
Ubuntu:16.04:LTSopenvswitch0, 2.4.0-0ubuntu5, 2.5.0~git20160129.46a88d9-0ubuntu1
Ubuntu:20.04:LTSopenvswitch2.12.0-0ubuntu1, 2.12.0-0ubuntu2, 2.12.1~git20191107.7accd1302-0ubuntu1
Ubuntu:18.04:LTSopenvswitch0, 2.8.0-0ubuntu2, 2.8.1-0ubuntu2

Timeline

  • Feb 10, 2021 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Apr 4, 2022 EPSS Score
  • Mar 17, 2025 EPSS Score
  • Mar 19, 2025 EPSS Score
  • Mar 25, 2025 EPSS Score
  • Mar 27, 2025 EPSS Score
  • Mar 29, 2025 EPSS Score
  • Mar 30, 2025 EPSS Score
  • Apr 3, 2025 PoC Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›