CVE-2017-14970 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2017-14970 Interim 1 17 2022-11-30T02:19:06Z current 2021-05-30T14:02:37Z 2022-11-30T02:19:06Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2017-14970 In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table." The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2017-December/003478.html E-Mail link for SUSE-SU-2017:3232-1 https://lists.suse.com/pipermail/sle-security-updates/2018-January/003692.html E-Mail link for SUSE-SU-2018:0311-1 https://lists.suse.com/pipermail/sle-security-updates/2018-February/003744.html E-Mail link for SUSE-SU-2018:0505-1 https://lists.opensuse.org/opensuse-updates/2017-12/msg00029.html E-Mail link for openSUSE-SU-2017:3238-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4-ESPOS SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 15-ESPOS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 libopenvswitch-2_11-0 libopenvswitch-2_8-0 openvswitch openvswitch-2.5.1-25.12.7 openvswitch-2.5.1-6.4.7 openvswitch-2.7.0-3.10.1 openvswitch-devel openvswitch-dpdk-2.5.1-25.12.8 openvswitch-dpdk-switch-2.5.1-25.12.8 openvswitch-kmp-default-2.5.1_k3.12.74_60.64.69-6.4.7 openvswitch-kmp-xen-2.5.1_k3.12.74_60.64.69-6.4.7 openvswitch-switch openvswitch-switch-2.5.1-25.12.7 openvswitch-switch-2.5.1-6.4.7 openvswitch-2.5.1-25.12.7 as a component of SUSE Linux Enterprise Server 12 SP2 openvswitch-dpdk-2.5.1-25.12.8 as a component of SUSE Linux Enterprise Server 12 SP2 openvswitch-dpdk-switch-2.5.1-25.12.8 as a component of SUSE Linux Enterprise Server 12 SP2 openvswitch-switch-2.5.1-25.12.7 as a component of SUSE Linux Enterprise Server 12 SP2 openvswitch-2.7.0-3.10.1 as a component of SUSE Linux Enterprise Server 12 SP3 openvswitch-2.5.1-25.12.7 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 openvswitch-switch-2.5.1-25.12.7 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 openvswitch-2.5.1-25.12.7 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 openvswitch-dpdk-2.5.1-25.12.8 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 openvswitch-dpdk-switch-2.5.1-25.12.8 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 openvswitch-switch-2.5.1-25.12.7 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 openvswitch-2.7.0-3.10.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 openvswitch-2.5.1-6.4.7 as a component of SUSE OpenStack Cloud 6 openvswitch-kmp-default-2.5.1_k3.12.74_60.64.69-6.4.7 as a component of SUSE OpenStack Cloud 6 openvswitch-kmp-xen-2.5.1_k3.12.74_60.64.69-6.4.7 as a component of SUSE OpenStack Cloud 6 openvswitch-switch-2.5.1-6.4.7 as a component of SUSE OpenStack Cloud 6 libopenvswitch-2_11-0 as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS openvswitch as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS openvswitch-devel as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS openvswitch as a component of SUSE Linux Enterprise Server 12 SP2-BCL openvswitch-switch as a component of SUSE Linux Enterprise Server 12 SP2-BCL libopenvswitch-2_8-0 as a component of SUSE Linux Enterprise Server 12 SP4-ESPOS openvswitch as a component of SUSE Linux Enterprise Server 12 SP4-ESPOS libopenvswitch-2_8-0 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS openvswitch as a component of SUSE Linux Enterprise Server 12 SP4-LTSS openvswitch as a component of SUSE Linux Enterprise Server 15-ESPOS libopenvswitch-2_11-0 as a component of SUSE Linux Enterprise Server 15-LTSS openvswitch as a component of SUSE Linux Enterprise Server 15-LTSS openvswitch-devel as a component of SUSE Linux Enterprise Server 15-LTSS libopenvswitch-2_8-0 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 openvswitch as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 libopenvswitch-2_11-0 as a component of SUSE Linux Enterprise Server for SAP Applications 15 openvswitch as a component of SUSE Linux Enterprise Server for SAP Applications 15 openvswitch-devel as a component of SUSE Linux Enterprise Server for SAP Applications 15 libopenvswitch-2_8-0 as a component of SUSE OpenStack Cloud 9 openvswitch as a component of SUSE OpenStack Cloud 9 libopenvswitch-2_8-0 as a component of SUSE OpenStack Cloud Crowbar 9 openvswitch as a component of SUSE OpenStack Cloud Crowbar 9 In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table." CVE-2017-14970 SUSE Linux Enterprise Server 12 SP2:openvswitch-2.5.1-25.12.7 SUSE Linux Enterprise Server 12 SP2:openvswitch-dpdk-2.5.1-25.12.8 SUSE Linux Enterprise Server 12 SP2:openvswitch-dpdk-switch-2.5.1-25.12.8 SUSE Linux Enterprise Server 12 SP2:openvswitch-switch-2.5.1-25.12.7 SUSE Linux Enterprise Server 12 SP3:openvswitch-2.7.0-3.10.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvswitch-2.5.1-25.12.7 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvswitch-switch-2.5.1-25.12.7 SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvswitch-2.5.1-25.12.7 SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvswitch-dpdk-2.5.1-25.12.8 SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvswitch-dpdk-switch-2.5.1-25.12.8 SUSE Linux Enterprise Server for SAP Applications 12 SP2:openvswitch-switch-2.5.1-25.12.7 SUSE Linux Enterprise Server for SAP Applications 12 SP3:openvswitch-2.7.0-3.10.1 SUSE OpenStack Cloud 6:openvswitch-2.5.1-6.4.7 SUSE OpenStack Cloud 6:openvswitch-kmp-default-2.5.1_k3.12.74_60.64.69-6.4.7 SUSE OpenStack Cloud 6:openvswitch-kmp-xen-2.5.1_k3.12.74_60.64.69-6.4.7 SUSE OpenStack Cloud 6:openvswitch-switch-2.5.1-6.4.7 SUSE Linux Enterprise High Performance Computing 15-LTSS:libopenvswitch-2_11-0 SUSE Linux Enterprise High Performance Computing 15-LTSS:openvswitch SUSE Linux Enterprise High Performance Computing 15-LTSS:openvswitch-devel SUSE Linux Enterprise Server 12 SP4-ESPOS:libopenvswitch-2_8-0 SUSE Linux Enterprise Server 12 SP4-ESPOS:openvswitch SUSE Linux Enterprise Server 12 SP4-LTSS:libopenvswitch-2_8-0 SUSE Linux Enterprise Server 12 SP4-LTSS:openvswitch SUSE Linux Enterprise Server 15-ESPOS:openvswitch SUSE Linux Enterprise Server 15-LTSS:libopenvswitch-2_11-0 SUSE Linux Enterprise Server 15-LTSS:openvswitch SUSE Linux Enterprise Server 15-LTSS:openvswitch-devel SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenvswitch-2_8-0 SUSE Linux Enterprise Server for SAP Applications 12 SP4:openvswitch SUSE Linux Enterprise Server for SAP Applications 15:libopenvswitch-2_11-0 SUSE Linux Enterprise Server for SAP Applications 15:openvswitch SUSE Linux Enterprise Server for SAP Applications 15:openvswitch-devel SUSE OpenStack Cloud 9:libopenvswitch-2_8-0 SUSE OpenStack Cloud 9:openvswitch SUSE OpenStack Cloud Crowbar 9:libopenvswitch-2_8-0 SUSE OpenStack Cloud Crowbar 9:openvswitch SUSE Linux Enterprise Server 12 SP2-BCL:openvswitch SUSE Linux Enterprise Server 12 SP2-BCL:openvswitch-switch moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L