What is CVE-2017-14970?

CVE-2017-14970 is a medium-severity vulnerability in Openvswitch, classified under Missing Release of Resource after Effective Lifetime. CVSS score: 5.9/10. Published 2017-10-02.

How severe is CVE-2017-14970?

Medium severity. CVSS v3 base score is 5.9 out of 10.

Vulnerability in Openvswitch

CVE-2017-14970

In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an Open…

EPSS: 0.005 (66.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Openvswitch
N/a — versions n/a

Weakness classification (CWE)

CWE-772 — Missing Release of Resource after Effective Lifetime

References

cve@mitre.org (x_refsource_CONFIRM, Patch, Mailing List, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM, Patch, Mailing List, Vendor Advisory)

Frequently asked questions

What is CVE-2017-14970?: CVE-2017-14970 is a medium-severity vulnerability in Openvswitch, classified under Missing Release of Resource after Effective Lifetime. CVSS score: 5.9/10. Published 2017-10-02.
How severe is CVE-2017-14970?: Medium severity. CVSS v3 base score is 5.9 out of 10.