CVE-2026-36499

Published: Jun 4, 2026Modified: Jun 5, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

A missing upper-bound check in the udpif_set_threads() function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads. This can cause a denial of service (DoS) via resource exhaustion.

Related CWEs

CWE-770

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (3)

http://open.com

Source: cve@mitre.org

https://github.com/majdlatah/OVS-Other-Config-Bug

Source: cve@mitre.org

https://github.com/majdlatah/OVS-Other-Config-Bug

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Timeline

No history available yet.