openvswitch

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	Production Quality, Multilayer Open Virtual Switch
Version	3.5.1-1 [extra]

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-2516	2.16.0-1	2.16.1-1	Medium	Fixed
AVG-2177	2.14.2-1	2.15.1-1	Medium	Fixed
AVG-1564	2.14.1-1	2.14.2-1	Medium	Fixed
AVG-1456	2.14.0-1	2.14.1-1	Medium	Fixed

Issue	Group	Severity	Remote	Type	Description
CVE-2021-36980	AVG-2177	Medium	No	Arbitrary code execution	Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after- free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during...
CVE-2021-3905	AVG-2516	Medium	Yes	Information disclosure	A vulnerability was found in Openvswitch before version 2.16.1 where a memory leak exists during userspace ip fragmentation processing which causes...
CVE-2020-35498	AVG-1564	Medium	Yes	Incorrect calculation	Multiple versions of Open vSwitch are vulnerable to potential problems like denial of service attacks, in which crafted network packets could cause the...
CVE-2020-27827	AVG-1456	Medium	Yes	Information disclosure	A security issue was found in lldpd before version 1.0.8. A packet that contains multiple instances of certain TLVs will cause lldpd to continually allocate...
CVE-2015-8011	AVG-1456	Medium	Yes	Arbitrary code execution	A buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon...

Advisories

Date	Advisory	Group	Severity	Type
20 Jul 2021	ASA-202107-40	AVG-2177	Medium	arbitrary code execution
20 Jan 2021	ASA-202101-28	AVG-1456	Medium	multiple issues