DEBIAN-CVE-2018-17204

DEBIAN-CVE-2018-17204 PUBLISHED CVSS 4.300000190734863 MEDIUM

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. This causes an assertion failure (via OVS_NOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default.

Risk Scores

CVSS 3.1

4.300000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Affected Products

Vendor	Product	Versions
Debian	openvswitch
Debian:13	openvswitch	0, 0, 0
Debian:12	openvswitch	0, 0, 0
Debian:14	openvswitch	0, 0, 0
Debian:11	openvswitch	0, 0, 0

Timeline

Sep 19, 2018 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2018-17204 advisory

Open in Interactive Console →