{ "threat_severity" : "Moderate", "public_date" : "2021-01-13T00:00:00Z", "bugzilla" : { "description" : "lldp/openvswitch: denial of service via externally triggered memory leak", "id" : "1921438", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1921438" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-400", "details" : [ "A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.", "A flaw was found in multiple versions of Open vSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability." ], "statement" : "Red Hat OpenStack Platform 13's openvswitch package will receive it's fixes from Fast Datapath.", "affected_release" : [ { "product_name" : "Fast Datapath for Red Hat Enterprise Linux 7", "release_date" : "2021-03-15T00:00:00Z", "advisory" : "RHSA-2021:0834", "cpe" : "cpe:/o:redhat:enterprise_linux:7::fastdatapath", "package" : "openvswitch2.11-0:2.11.3-86.el7fdp" }, { "product_name" : "Fast Datapath for Red Hat Enterprise Linux 7", "release_date" : "2021-03-15T00:00:00Z", "advisory" : "RHSA-2021:0835", "cpe" : "cpe:/o:redhat:enterprise_linux:7::fastdatapath", "package" : "openvswitch2.13-0:2.13.0-81.el7fdp" }, { "product_name" : "Fast Datapath for Red Hat Enterprise Linux 7", "release_date" : "2021-05-20T00:00:00Z", "advisory" : "RHSA-2021:2077", "cpe" : "cpe:/o:redhat:enterprise_linux:7::fastdatapath", "package" : "openvswitch-0:2.9.9-1.el7fdp" }, { "product_name" : "Fast Datapath for Red Hat Enterprise Linux 8", "release_date" : "2021-02-11T00:00:00Z", "advisory" : "RHSA-2021:0497", "cpe" : "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "package" : "openvswitch2.13-0:2.13.0-79.5.el8fdp" }, { "product_name" : "Fast Datapath for Red Hat Enterprise Linux 8", "release_date" : "2021-03-15T00:00:00Z", "advisory" : "RHSA-2021:0837", "cpe" : "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "package" : "openvswitch2.11-0:2.11.3-83.el8fdp" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-11-12T00:00:00Z", "advisory" : "RHSA-2024:9158", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "lldpd-0:1.0.18-4.el9" }, { "product_name" : "Red Hat OpenStack Platform 13.0 (Queens)", "release_date" : "2021-06-16T00:00:00Z", "advisory" : "RHSA-2021:2456", "cpe" : "cpe:/a:redhat:openstack:13::el7", "package" : "openvswitch2.11-0:2.11.3-86.el7fdp" }, { "product_name" : "Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS", "release_date" : "2021-05-20T00:00:00Z", "advisory" : "RHSA-2021:2077", "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package" : "openvswitch-0:2.9.9-1.el7fdp" }, { "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date" : "2021-03-31T00:00:00Z", "advisory" : "RHSA-2021:1050", "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package" : "openvswitch2.11-0:2.11.3-86.el7fdp" }, { "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date" : "2021-03-31T00:00:00Z", "advisory" : "RHSA-2021:1050", "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package" : "ovn2.11-0:2.11.1-57.el7fdp" }, { "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date" : "2021-03-31T00:00:00Z", "advisory" : "RHSA-2021:1051", "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package" : "redhat-virtualization-host-0:4.3.14-20210322.0.el7_9" }, { "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date" : "2021-03-23T00:00:00Z", "advisory" : "RHSA-2021:0976", "cpe" : "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package" : "redhat-virtualization-host-0:4.4.4-20210307.0.el8_3" } ], "package_state" : [ { "product_name" : "Fast Datapath for RHEL 7", "fix_state" : "Out of support scope", "package_name" : "openvswitch2.10", "cpe" : "cpe:/o:redhat:enterprise_linux:7::fastdatapath" }, { "product_name" : "Fast Datapath for RHEL 7", "fix_state" : "Out of support scope", "package_name" : "openvswitch2.12", "cpe" : "cpe:/o:redhat:enterprise_linux:7::fastdatapath" }, { "product_name" : "Fast Datapath for RHEL 8", "fix_state" : "Out of support scope", "package_name" : "openvswitch2.12", "cpe" : "cpe:/o:redhat:enterprise_linux:8::fastdatapath" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Will not fix", "package_name" : "lldpd", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openvswitch2.13", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenStack Platform 10 (Newton)", "fix_state" : "Out of support scope", "package_name" : "openvswitch", "cpe" : "cpe:/a:redhat:openstack:10" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Will not fix", "package_name" : "openvswitch", "cpe" : "cpe:/a:redhat:openstack:13" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-27827\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-27827\nhttps://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html" ], "name" : "CVE-2020-27827", "csaw" : false }