FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-18 05:51:40 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
b53bbf58-257f-11e6-9f4d-20cf30e32f6dopenvswitch -- MPLS buffer overflow

Open vSwitch reports:

Multiple versions of Open vSwitch are vulnerable to remote buffer overflow attacks, in which crafted MPLS packets could overflow the buffer reserved for MPLS labels in an OVS internal data structure. The MPLS packets that trigger the vulnerability and the potential for exploitation vary depending on version:

Open vSwitch 2.1.x and earlier are not vulnerable.

In Open vSwitch 2.2.x and 2.3.x, the MPLS buffer overflow can be exploited for arbitrary remote code execution.

In Open vSwitch 2.4.x, the MPLS buffer overflow does not obviously lead to a remote code execution exploit, but testing shows that it can allow a remote denial of service. See the mitigation section for details.

Open vSwitch 2.5.x is not vulnerable.


Discovery 2016-03-28
Entry 2016-05-29
Modified 2016-07-03
openvswitch
>= 2.2.0 lt 2.3.3

>= 2.4.0 lt 2.4.1

CVE-2016-2074
http://openvswitch.org/pipermail/announce/2016-March/000082.html
http://openvswitch.org/pipermail/announce/2016-March/000083.html