← Back

CVE-2021-3905

nvd nist
Published: Aug 23, 2022Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.

Affected (5)

Show all products
Openvswitch: Openvswitch · Canonical: Ubuntu Linux · Fedoraproject: Fedora · Redhat: Enterprise Linux Fast Datapath
Openvswitch
1 product
Openvswitch
Canonical
1 product
Ubuntu Linux
Fedoraproject
1 product
Fedora
Redhat
1 product
Enterprise Linux Fast Datapath
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Openvswitch
Before 2.17.0
Configuration B
4 vulnerable
Vulnerable SoftwareAffected Versions
Ubuntu Linux
Version 21.10
Fedora
Version 35
Redhat
Enterprise Linux Fast Datapath
Version 7.0
Enterprise Linux Fast Datapath
Version 8.0

Related CWEs

CWE-401
Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (12)

Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Issue TrackingPatchThird Party Advisory
Source: secalert@redhat.com
ExploitIssue TrackingPatchThird Party Advisory
Source: secalert@redhat.com
PatchThird Party Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory

Timeline

No history available yet.