9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
60.0%
A vulnerability in the Open vSwitch software tiered switch is related to loss of integer significance when parsing Auto Attach TLVs.
integer when parsing Auto Attach TLVs. Exploitation of the vulnerability could allow an attacker acting remotely to send specially crafted LLDP messages.
remotely, send specially crafted LLDP messages to a vulnerable system, trigger an integer
loss of significance and execute arbitrary code on the target system
The Open vSwitch software tiered switch vulnerability is related to boundary conditions in the
Auto Attach TLV parsing. Exploitation of the vulnerability could allow an attacker acting remotely,
send specially crafted LLDP messages to a vulnerable system, cause a read error outside of the
boundaries, and read the contents of memory on the system to perform a denial of service (DoS) attack
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
redos | 7.3 | x86_64 | openvswitch | <= 2.16.0-3 | UNKNOWN |