DEBIAN-CVE-2017-14970

DEBIAN-CVE-2017-14970 PUBLISHED CVSS 5.900000095367432 MEDIUM

In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table."

Risk Scores

CVSS v3.0

5.900000095367432

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:11	openvswitch	0, 0, 0
Debian:12	openvswitch	0, 0, 0
Debian:13	openvswitch	0, 0, 0
Debian:14	openvswitch	0, 0, 0

Timeline

Oct 2, 2017 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2017-14970 advisory

Open in Interactive Console →