A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:M/Au:N/C:N/I:N/A:C
Vendors Products
Lldpd Project
  • Lldpd
Redhat
  • Enterprise Linux
  • Openshift Container Platform
  • Virtualization
  • Openstack
Siemens
  • Simatic Net Cp 1545-1
  • Simatic Net Cp 1243-8 Irc
  • Simatic Net Cp 1543sp-1 Firmware
  • Simatic Net Cp 1543sp-1
  • Sinumerik One Firmware
  • Simatic Hmi Unified Comfort Panels
  • Simatic Net Cp 1542sp-1 Irc Firmware
  • Simatic Net Cp 1243-1
  • Simatic Net Cp 1542sp-1 Irc
  • Simatic Net Cp 1542sp-1 Firmware
  • Tim 1531 Irc Firmware
  • Simatic Net Cp 1243-8 Irc Firmware
  • Simatic Net Cp 1543-1
  • Simatic Net Cp 1543-1 Firmware
  • Tim 1531 Irc
  • Sinumerik One
  • Simatic Hmi Unified Comfort Panels Firmware
  • Simatic Net Cp 1542sp-1
  • Simatic Net Cp 1545-1 Firmware
  • Simatic Net Cp 1243-1 Firmware
Openvswitch
  • Openvswitch
Fedoraproject
  • Fedora

Configuration 1 [-]

OR cpe:2.3:a:lldpd_project:lldpd:*:*:*:*:*:*:*:*
cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*
cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*
cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*
cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*
cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*
cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*
cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*
cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*
cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:h:siemens:simatic_hmi_unified_comfort_panels:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_hmi_unified_comfort_panels_firmware:*:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:h:siemens:simatic_net_cp_1243-1:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_net_cp_1243-1_firmware:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:h:siemens:simatic_net_cp_1243-8_irc:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_net_cp_1243-8_irc_firmware:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:h:siemens:simatic_net_cp_1542sp-1:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_net_cp_1542sp-1_firmware:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:h:siemens:simatic_net_cp_1542sp-1_irc:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_net_cp_1542sp-1_irc_firmware:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:h:siemens:simatic_net_cp_1543-1:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_net_cp_1543-1_firmware:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:h:siemens:simatic_net_cp_1543sp-1:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_net_cp_1543sp-1_firmware:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:siemens:simatic_net_cp_1545-1_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_net_cp_1545-1:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:siemens:tim_1531_irc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:tim_1531_irc:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:siemens:sinumerik_one_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sinumerik_one:-:*:*:*:*:*:*:*
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1921438 Issue Tracking Mitigation Patch Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf Patch Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D/
https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html Mailing List Mitigation Vendor Advisory
https://security.gentoo.org/glsa/202311-16
https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07 Third Party Advisory US Government Resource
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2021-03-18T00:00:00

Updated: 2023-11-26T11:06:15.202997

Reserved: 2020-10-27T00:00:00

Link: CVE-2020-27827

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2021-03-18T17:15:13.510

Modified: 2023-11-26T11:15:07.307

Link: CVE-2020-27827

JSON object: View

cve-icon Redhat Information

No data.

CWE