#VU16578 Assertion failure in Open vSwitch
Vulnerability identifier: #VU16578
Vulnerability risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-617
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Open vSwitch
Hardware solutions /
Firmware
Vendor: openvswitch.org
Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in parse_group_prop_ntr_selection_method in lib/ofp-util.c due to validation of the group type and command after the whole group mod has been decoded. A remote attacker can trigger an an assertion failure via OVS_NOT_REACHED when the OF1.5 decoder tries to use the type and command earlier, when it might still be invalid.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Open vSwitch: 2.7.0 - 2.7.6
External links
http://github.com/openvswitch/ovs/commit/4af6da3b275b764b1afe194df6499b33d2bf4cde
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
