CVE-2021-3905

Name
CVE-2021-3905
Description
A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://bugzilla.redhat.com/show_bug.cgi?id=2019692
MISC https://ubuntu.com/security/CVE-2021-3905
MISC https://access.redhat.com/security/cve/CVE-2021-3905
MISC https://github.com/openvswitch/ovs-issues/issues/226
MISC https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:* openvswitch >= None < 2.17.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
openvswitch edge-community 2.13.6-r0 Stuart Cardall <developer@it-offshore.co.uk> possibly vulnerable
openvswitch edge-community 2.12.3-r4 Stuart Cardall <developer@it-offshore.co.uk> possibly vulnerable
openvswitch edge-community 2.12.3-r3 Stuart Cardall <developer@it-offshore.co.uk> possibly vulnerable
openvswitch edge-community 2.12.3-r2 Stuart Cardall <developer@it-offshore.co.uk> possibly vulnerable
openvswitch edge-community 2.12.3-r0 None possibly vulnerable
openvswitch edge-community 2.12.2-r0 None possibly vulnerable
openvswitch edge-community 2.12.1-r0 None possibly vulnerable
openvswitch 3.22-community 2.12.3-r2 None possibly vulnerable
openvswitch 3.22-community 2.12.3-r0 None possibly vulnerable
openvswitch 3.22-community 2.12.2-r0 None possibly vulnerable
openvswitch 3.22-community 2.12.1-r0 None possibly vulnerable