CVE-2016-2074 - OpenCVE

Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Openvswitch	Openvswitch
Redhat	Openshift

Configuration 1 [-]

OR	cpe:2.3:a:openvswitch:openvswitch:2.2.0:::::::*
	cpe:2.3:a:openvswitch:openvswitch:2.3.0:::::::*
	cpe:2.3:a:openvswitch:openvswitch:2.3.1:::::::*
	cpe:2.3:a:openvswitch:openvswitch:2.3.2:::::::*
	cpe:2.3:a:openvswitch:openvswitch:2.4.0:::::::*

Configuration 2 [-]

cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*

References

Link	Resource
http://openvswitch.org/pipermail/announce/2016-March/000082.html	Vendor Advisory
http://openvswitch.org/pipermail/announce/2016-March/000083.html	Patch
http://rhn.redhat.com/errata/RHSA-2016-0523.html
http://rhn.redhat.com/errata/RHSA-2016-0524.html
http://rhn.redhat.com/errata/RHSA-2016-0537.html
http://www.debian.org/security/2016/dsa-3533
http://www.securityfocus.com/bid/85700
https://access.redhat.com/errata/RHSA-2016:0615
https://bugzilla.redhat.com/show_bug.cgi?id=1318553
https://security-tracker.debian.org/tracker/CVE-2016-2074
https://security.gentoo.org/glsa/201701-07
https://support.citrix.com/article/CTX232655

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2016-07-03T21:00:00

Updated: 2018-03-22T09:57:01

Reserved: 2016-01-26T00:00:00

Link: CVE-2016-2074

JSON object: View

NVD Information

Status : Modified

Published: 2016-07-03T21:59:10.837

Modified: 2018-03-23T01:29:00.523

Link: CVE-2016-2074

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-03-28T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-03-22T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[ovs-announce] 20160328 CVE-2016-2074: MPLS buffer overflow vulnerabilities in Open vSwitch", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openvswitch.org/pipermail/announce/2016-March/000082.html"}, {"name": "RHSA-2016:0537", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0537.html"}, {"name": "RHSA-2016:0524", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0524.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1318553"}, {"name": "DSA-3533", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3533"}, {"name": "RHSA-2016:0615", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2016:0615"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security-tracker.debian.org/tracker/CVE-2016-2074"}, {"name": "GLSA-201701-07", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201701-07"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.citrix.com/article/CTX232655"}, {"name": "RHSA-2016:0523", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0523.html"}, {"name": "[ovs-announce] 20160328 Open vSwitch 2.4.1 and 2.3.3 Available", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openvswitch.org/pipermail/announce/2016-March/000083.html"}, {"name": "85700", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/85700"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-2074", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[ovs-announce] 20160328 CVE-2016-2074: MPLS buffer overflow vulnerabilities in Open vSwitch", "refsource": "MLIST", "url": "http://openvswitch.org/pipermail/announce/2016-March/000082.html"}, {"name": "RHSA-2016:0537", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0537.html"}, {"name": "RHSA-2016:0524", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0524.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1318553", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1318553"}, {"name": "DSA-3533", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3533"}, {"name": "RHSA-2016:0615", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2016:0615"}, {"name": "https://security-tracker.debian.org/tracker/CVE-2016-2074", "refsource": "CONFIRM", "url": "https://security-tracker.debian.org/tracker/CVE-2016-2074"}, {"name": "GLSA-201701-07", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201701-07"}, {"name": "https://support.citrix.com/article/CTX232655", "refsource": "CONFIRM", "url": "https://support.citrix.com/article/CTX232655"}, {"name": "RHSA-2016:0523", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0523.html"}, {"name": "[ovs-announce] 20160328 Open vSwitch 2.4.1 and 2.3.3 Available", "refsource": "MLIST", "url": "http://openvswitch.org/pipermail/announce/2016-March/000083.html"}, {"name": "85700", "refsource": "BID", "url": "http://www.securityfocus.com/bid/85700"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-2074", "datePublished": "2016-07-03T21:00:00", "dateReserved": "2016-01-26T00:00:00", "dateUpdated": "2018-03-22T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openvswitch:openvswitch:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4A796838-9780-419B-9EAD-2360626C4695", "vulnerable": true}, {"criteria": "cpe:2.3:a:openvswitch:openvswitch:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "B37942A8-CBC2-4750-9299-E39076F1D6F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:openvswitch:openvswitch:2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "30BB36D5-5E72-40BC-8C38-1804F48E0D30", "vulnerable": true}, {"criteria": "cpe:2.3:a:openvswitch:openvswitch:2.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "8D03F8D4-40DA-4B83-8C5A-571DF817081D", "vulnerable": true}, {"criteria": "cpe:2.3:a:openvswitch:openvswitch:2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "166C64EF-1F33-4257-AA88-83B37C128B9D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*", "matchCriteriaId": "F8E35FAB-695F-44DA-945D-60B47C1F200B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command."}, {"lang": "es", "value": "Desbordamiento de buffer en lib/flow.c en ovs-vswitchd en Open vSwitch 2.2.x y 2.3.x en versiones anteriores a 2.3.3 y 2.4.x en versiones anteriores a 2.4.1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de paquetes MPLS manipulados, seg\u00fan lo demostrado por una cadena larga en un comando ovs-appctl."}], "id": "CVE-2016-2074", "lastModified": "2018-03-23T01:29:00.523", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-07-03T21:59:10.837", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://openvswitch.org/pipermail/announce/2016-March/000082.html"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://openvswitch.org/pipermail/announce/2016-March/000083.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2016-0523.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2016-0524.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2016-0537.html"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2016/dsa-3533"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/85700"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2016:0615"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1318553"}, {"source": "cve@mitre.org", "url": "https://security-tracker.debian.org/tracker/CVE-2016-2074"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201701-07"}, {"source": "cve@mitre.org", "url": "https://support.citrix.com/article/CTX232655"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}