Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2018-17205
Analyzed
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-19 Sep, 2018 | 16:29
Updated At-04 Aug, 2021 | 17:14

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group id that does not exist), OvS tries to revert back all previous flows that were successfully applied from the same bundle. This is possible since OvS maintains list of old flows that were replaced by flows from the bundle. While reinserting old flows, OvS has an assertion failure due to a check on rule state != RULE_INITIALIZED. This would work for new flows, but for an old flow the rule state is RULE_REMOVED. The assertion failure causes an OvS crash.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.5HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
openvswitch
openvswitch
>>openvswitch>>Versions from 2.7.0(inclusive) to 2.7.6(inclusive)
cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>openstack>>10
cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>openstack>>13
cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>16.04
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>18.04
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Weaknesses
CWE IDTypeSource
CWE-617Primarynvd@nist.gov
CWE ID: CWE-617
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://access.redhat.com/errata/RHSA-2018:3500cve@mitre.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0053cve@mitre.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0081cve@mitre.org
Third Party Advisory
https://github.com/openvswitch/ovs/commit/0befd1f3745055c32940f5faf9559be6a14395e6cve@mitre.org
Exploit
Patch
Third Party Advisory
https://usn.ubuntu.com/3873-1/cve@mitre.org
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2018:3500
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:0053
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:0081
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://github.com/openvswitch/ovs/commit/0befd1f3745055c32940f5faf9559be6a14395e6
Source: cve@mitre.org
Resource:
Exploit
Patch
Third Party Advisory
Hyperlink: https://usn.ubuntu.com/3873-1/
Source: cve@mitre.org
Resource:
Third Party Advisory
Change History
0Changes found
Details not found