Vulnerability CVE-2020-35498

Vulnerability Name:

CVE-2020-35498 (CCN-196600)

Assigned:

2020-12-17

Published:

2021-02-10

Updated:

2021-03-17

Summary:

A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-400

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2020-35498

Source: MISC
Type: Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1908845

Source: XF
Type: UNKNOWN
openvswitch-cve202035498-dos(196600)

Source: CCN
Type: Open vSwitch GIT Repository
flow: Support extra padding length.

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20210219 [SECURITY] [DLA 2571-1] openvswitch security update

Source: FEDORA
Type: Third Party Advisory
FEDORA-2021-fba11d37ee

Source: CCN
Type: oss-sec Mailing List, Wed, 10 Feb 2021 11:53:47 -0300
CVE-2020-35498: Open vSwitch: Packet parsing vulnerability

Source: DEBIAN
Type: Third Party Advisory
DSA-4852

Source: MISC
Type: Mailing List, Patch, Third Party Advisory
https://www.openwall.com/lists/oss-security/2021/02/10/4

Vulnerable Configuration:

Configuration 1:

cpe:/a:openvswitch:openvswitch:*:*:*:*:*:*:*:* (Version >= 2.5.0 and < 2.5.12)

OR cpe:/a:openvswitch:openvswitch:*:*:*:*:*:*:*:* (Version >= 2.6.0 and < 2.6.10)

OR cpe:/a:openvswitch:openvswitch:*:*:*:*:*:*:*:* (Version >= 2.7.0 and < 2.7.13)

OR cpe:/a:openvswitch:openvswitch:*:*:*:*:*:*:*:* (Version >= 2.8.0 and < 2.8.11)

OR cpe:/a:openvswitch:openvswitch:*:*:*:*:*:*:*:* (Version >= 2.9.0 and < 2.9.9)

OR cpe:/a:openvswitch:openvswitch:*:*:*:*:*:*:*:* (Version >= 2.10.0 and < 2.10.7)

OR cpe:/a:openvswitch:openvswitch:*:*:*:*:*:*:*:* (Version >= 2.11.0 and < 2.11.6)

OR cpe:/a:openvswitch:openvswitch:*:*:*:*:*:*:*:* (Version >= 2.12.0 and < 2.12.3)

OR cpe:/a:openvswitch:openvswitch:*:*:*:*:*:*:*:* (Version >= 2.13.0 and < 2.13.3)

OR cpe:/a:openvswitch:openvswitch:*:*:*:*:*:*:*:* (Version >= 2.14.0 and < 2.14.2)

Configuration 2:

cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:openvswitch:openvswitch:2.7.0:*:*:*:*:*:*:*

OR cpe:/a:openvswitch:openvswitch:2.5.0:*:*:*:*:*:*:*

OR cpe:/a:openvswitch:openvswitch:2.8.0:*:*:*:*:*:*:*

OR cpe:/a:openvswitch:openvswitch:2.6.0:*:*:*:*:*:*:*

OR cpe:/a:openvswitch:openvswitch:2.9.0:*:*:*:*:*:*:*

OR cpe:/a:openvswitch:openvswitch:2.10.0:*:*:*:*:*:*:*

OR cpe:/a:openvswitch:openvswitch:2.11.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:8011	P	gmp-devel-32bit-6.1.2-4.9.1 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:8085	P	libopenvswitch-2_14-0-2.14.2-150400.24.3.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7457	P	bzip2-1.0.8-150400.1.122 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7456	P	busybox-1.35.0-150500.8.2 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:52005	P	Security update for python-future (Moderate)	2023-01-12
oval:org.opensuse.security:def:93149	P	(Moderate)	2022-07-06
oval:org.opensuse.security:def:3492	P	fuse-2.9.3-6.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:95122	P	libopenvswitch-2_14-0-2.14.2-150400.22.23 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:93302	P	(Important)	2022-06-10
oval:org.opensuse.security:def:99194	P	(Moderate)	2022-03-30
oval:org.opensuse.security:def:100098	P	(Important)	2022-03-15
oval:org.opensuse.security:def:5936	P	Security update for xorg-x11-server (Important)	2021-12-14
oval:org.opensuse.security:def:2254	P	libopenvswitch-2_14-0-2.14.2-17.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2426	P	python2-ovs-2.11.5-3.15.3 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63343	P	libopenvswitch-2_14-0-2.14.2-17.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63515	P	python2-ovs-2.11.5-3.15.3 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:102197	P	Security update for mariadb (Important)	2021-08-04
oval:org.opensuse.security:def:99389	P	(Important)	2021-06-22
oval:org.opensuse.security:def:59587	P	Security update for openvswitch (Important)	2021-02-15
oval:org.opensuse.security:def:88560	P	Security update for openvswitch (Important)	2021-02-15
oval:org.opensuse.security:def:24017	P	Security update for openvswitch (Important)	2021-02-15
oval:org.opensuse.security:def:125650	P	Security update for openvswitch (Important)	2021-02-15
oval:org.opensuse.security:def:59845	P	Security update for openvswitch (Important)	2021-02-15
oval:org.opensuse.security:def:33764	P	Security update for openvswitch (Important)	2021-02-15
oval:org.opensuse.security:def:89242	P	Security update for openvswitch (Important)	2021-02-15
oval:org.opensuse.security:def:126818	P	Security update for openvswitch (Important)	2021-02-15
oval:org.opensuse.security:def:34022	P	Security update for openvswitch (Important)	2021-02-15
oval:org.opensuse.security:def:89500	P	Security update for openvswitch (Important)	2021-02-15
oval:org.opensuse.security:def:127215	P	Security update for openvswitch (Important)	2021-02-15
oval:org.opensuse.security:def:88243	P	Security update for openvswitch (Important)	2021-02-15
oval:org.opensuse.security:def:111220	P	Security update for openvswitch (Important)	2021-02-13
oval:org.opensuse.security:def:30022	P	Security update for openvswitch (Important)	2021-02-12
oval:org.opensuse.security:def:86189	P	Security update for openvswitch (Important)	2021-02-12
oval:org.opensuse.security:def:54757	P	Security update for openvswitch (Important)	2021-02-12
oval:org.opensuse.security:def:81099	P	Security update for openvswitch (Important)	2021-02-12
oval:org.opensuse.security:def:33072	P	Security update for openvswitch (Important)	2021-02-12
oval:org.opensuse.security:def:57548	P	Security update for openvswitch (Important)	2021-02-12
oval:org.opensuse.security:def:84260	P	Security update for openvswitch (Important)	2021-02-12
oval:org.opensuse.security:def:51160	P	Security update for openvswitch (Important)	2021-02-12
oval:org.opensuse.security:def:31338	P	Security update for openvswitch (Important)	2021-02-12
oval:org.opensuse.security:def:86718	P	Security update for openvswitch (Important)	2021-02-12
oval:org.opensuse.security:def:21407	P	Security update for openvswitch (Important)	2021-02-12
oval:org.opensuse.security:def:55290	P	Security update for openvswitch (Important)	2021-02-12
oval:org.opensuse.security:def:82141	P	Security update for openvswitch (Important)	2021-02-12
oval:org.opensuse.security:def:28934	P	Security update for openvswitch (Important)	2021-02-12
oval:org.opensuse.security:def:58077	P	Security update for openvswitch (Important)	2021-02-12
oval:org.opensuse.security:def:84718	P	Security update for openvswitch (Important)	2021-02-12
oval:org.opensuse.security:def:51728	P	Security update for openvswitch (Important)	2021-02-12
oval:org.opensuse.security:def:31725	P	Security update for openvswitch (Important)	2021-02-12
oval:org.opensuse.security:def:87536	P	Security update for openvswitch (Important)	2021-02-12
oval:org.opensuse.security:def:23172	P	Security update for openvswitch (Important)	2021-02-12
oval:org.opensuse.security:def:55845	P	Security update for openvswitch (Important)	2021-02-12
oval:org.opensuse.security:def:82674	P	Security update for openvswitch (Important)	2021-02-12
oval:org.opensuse.security:def:29467	P	Security update for openvswitch (Important)	2021-02-12
oval:org.opensuse.security:def:58895	P	Security update for openvswitch (Important)	2021-02-12
oval:org.opensuse.security:def:85802	P	Security update for openvswitch (Important)	2021-02-12
oval:org.opensuse.security:def:32254	P	Security update for openvswitch (Important)	2021-02-12
oval:org.opensuse.security:def:23740	P	Security update for openvswitch (Important)	2021-02-12
oval:org.opensuse.security:def:57161	P	Security update for openvswitch (Important)	2021-02-12
oval:org.opensuse.security:def:83229	P	Security update for openvswitch (Important)	2021-02-12
oval:org.opensuse.security:def:69100	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:98999	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:109448	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:97213	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:9838	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:92996	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:70339	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:99787	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:67025	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:108863	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:95881	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:9083	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:92439	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:102595	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:69585	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:97215	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:10199	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:118345	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:70529	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:68545	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:109260	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:95882	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:9445	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:92638	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:102782	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:69779	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:97216	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:10389	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:118346	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:8698	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:92049	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:68546	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:109261	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:96092	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:9639	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:92837	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:69978	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:99588	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:76093	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:95484	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:118544	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:8888	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:92244	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:102594	P	Security update for openvswitch (Important)	2021-02-11

BACK