CVE-2020-35498

Published: Feb 11, 2021Modified: Apr 23, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.

Affected (13)

Products: Openvswitch: Openvswitch · Debian: Debian Linux · Fedoraproject: Fedora

1 product

1 product

1 product

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Openvswitch Openvswitch	From 2.10.0 to 2.10.7
Openvswitch Openvswitch	From 2.11.0 to 2.11.6
Openvswitch Openvswitch	From 2.12.0 to 2.12.3
Openvswitch Openvswitch	From 2.13.0 to 2.13.3
Openvswitch Openvswitch	From 2.14.0 to 2.14.2
Openvswitch Openvswitch	From 2.5.0 to 2.5.12
Openvswitch Openvswitch	From 2.6.0 to 2.6.10
Openvswitch Openvswitch	From 2.7.0 to 2.7.13
Openvswitch Openvswitch	From 2.8.0 to 2.8.11
Openvswitch Openvswitch	From 2.9.0 to 2.9.9

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 9.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 33

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (12)

https://bugzilla.redhat.com/show_bug.cgi?id=1908845

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJ4DXFJWMZ325ECZXPZOSK7BOEDJZHPR/

Source: secalert@redhat.com

https://security.gentoo.org/glsa/202311-16

Source: secalert@redhat.com

https://www.debian.org/security/2021/dsa-4852

Source: secalert@redhat.com

Third Party Advisory

https://www.openwall.com/lists/oss-security/2021/02/10/4

Source: secalert@redhat.com

Mailing ListPatchThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1908845

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJ4DXFJWMZ325ECZXPZOSK7BOEDJZHPR/

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/202311-16

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.debian.org/security/2021/dsa-4852

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.openwall.com/lists/oss-security/2021/02/10/4

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

Timeline

No history available yet.