| Title | Open vSwitch におけるリソースの枯渇に関する脆弱性 |
|---|---|
| Summary | Open vSwitch には、リソースの枯渇に関する脆弱性が存在します。 |
| Possible impacts | サービス運用妨害 (DoS) 状態にされる可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | Sept. 22, 2020, midnight |
| Registration Date | Nov. 30, 2021, 3:47 p.m. |
| Last Update | Nov. 30, 2021, 3:47 p.m. |
| CVSS3.0 : 重要 | |
| Score | 7.5 |
|---|---|
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| CVSS2.0 : 危険 | |
| Score | 7.1 |
|---|---|
| Vector | AV:N/AC:M/Au:N/C:N/I:N/A:C |
| lldpd project |
| lldpd |
| レッドハット |
| Red Hat Enterprise Linux |
| Red Hat OpenShift Container Platform |
| Red Hat OpenStack |
| Red Hat Virtualization |
| Fedora Project |
| Fedora |
| Open vSwitch |
| Open vSwitch |
| No | Changed Details | Date of change |
|---|---|---|
| 1 | [2021年11月30日] 掲載 |
Nov. 30, 2021, 3:47 p.m. |
| Summary | A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. |
|---|---|
| Publication Date | March 19, 2021, 2:15 a.m. |
| Registration Date | March 19, 2021, 10:01 a.m. |
| Last Update | Nov. 21, 2024, 2:21 p.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:lldpd_project:lldpd:*:*:*:*:*:*:*:* | 1.0.8 | ||||
| cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:* | 2.6.0 | 2.6.9 | |||
| cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:* | 2.7.0 | 2.7.12 | |||
| cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:* | 2.8.0 | 2.8.10 | |||
| cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:* | 2.9.0 | 2.9.8 | |||
| cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:* | 2.10.0 | 2.10.6 | |||
| cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:* | 2.11.0 | 2.11.5 | |||
| cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:* | 2.12.0 | 2.12.2 | |||
| cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:* | 2.13.0 | 2.13.2 | |||
| cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:* | 2.14.0 | 2.14.1 | |||
| Configuration2 | or higher | or less | more than | less than | |
| cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:* | |||||
| Configuration3 | or higher | or less | more than | less than | |
| cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* | |||||
| Configuration4 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:simatic_hmi_unified_comfort_panels_firmware:*:*:*:*:*:*:*:* | 17 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:simatic_hmi_unified_comfort_panels:-:*:*:*:*:*:*:* | ||||
| Configuration5 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:simatic_net_cp_1243-1_firmware:-:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:simatic_net_cp_1243-1:-:*:*:*:*:*:*:* | ||||
| Configuration6 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:simatic_net_cp_1243-8_irc_firmware:-:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:simatic_net_cp_1243-8_irc:-:*:*:*:*:*:*:* | ||||
| Configuration7 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:simatic_net_cp_1542sp-1_firmware:-:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:simatic_net_cp_1542sp-1:-:*:*:*:*:*:*:* | ||||
| Configuration8 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:simatic_net_cp_1542sp-1_irc_firmware:-:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:simatic_net_cp_1542sp-1_irc:-:*:*:*:*:*:*:* | ||||
| Configuration9 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:simatic_net_cp_1543-1_firmware:-:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:simatic_net_cp_1543-1:-:*:*:*:*:*:*:* | ||||
| Configuration10 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:simatic_net_cp_1543sp-1_firmware:-:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:simatic_net_cp_1543sp-1:-:*:*:*:*:*:*:* | ||||
| Configuration11 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:simatic_net_cp_1545-1_firmware:-:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:simatic_net_cp_1545-1:-:*:*:*:*:*:*:* | ||||
| Configuration12 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:tim_1531_irc_firmware:*:*:*:*:*:*:*:* | 2.2 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:tim_1531_irc:-:*:*:*:*:*:*:* | ||||
| Configuration13 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:sinumerik_one_firmware:*:*:*:*:*:*:*:* | 2.0.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:sinumerik_one:-:*:*:*:*:*:*:* | ||||