CVE-2020-35498
Advisory lineage Upstream: 0 Downstream: 20
Modified
Published: 11 Feb 2021, 00:00
Last modified:23 Apr 2025, 19:46
Vulnerability Summary
Overall Risk (default)
medium
32/100 CVSS Score
7.8 HIGH
v2.0 (nvd)
EPSS Score
5.69% LOW
6% probability -0.08%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
11 Feb 2021, 00:00
Published
Vulnerability first disclosed
23 Apr 2025, 19:46
Last Modified
Vulnerability information updated
Description
A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.
CVSS Metrics
- v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- v2.0•HIGH•Score: 7.8AV:N/AC:L/Au:N/C:N/I:N/A:C
EPSS Trends
Current EPSS score: 5.69%• Percentile: 91%
Techniques & Countermeasures
- CWE-400•Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
Affected Systems
- debian•debian_linux
9.0 | 10.0
- fedoraproject•fedora
33
- openvswitch•openvswitch
≥ 2.5.0, < 2.5.12 | ≥ 2.6.0, < 2.6.10 | ≥ 2.7.0, < 2.7.13 | ≥ 2.8.0, < 2.8.11 | ≥ 2.9.0, < 2.9.9 | ≥ 2.10.0, < 2.10.7 | ≥ 2.11.0, < 2.11.6 | ≥ 2.12.0, < 2.12.3 | ≥ 2.13.0, < 2.13.3 | ≥ 2.14.0, < 2.14.2
References (6)
- https://bugzilla.redhat.com/show_bug.cgi?id=1908845
- https://www.openwall.com/lists/oss-security/2021/02/10/4
- https://www.debian.org/security/2021/dsa-4852
- https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJ4DXFJWMZ325ECZXPZOSK7BOEDJZHPR/
- https://security.gentoo.org/glsa/202311-16