CVE-2021-3905

high

Description

A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.

References

Advisories
More

https://ubuntu.com/security/CVE-2021-3905

https://security.gentoo.org/glsa/202311-16

https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349

https://bugzilla.redhat.com/show_bug.cgi?id=2019692

https://access.redhat.com/security/cve/CVE-2021-3905

https://github.com/openvswitch/ovs-issues/issues/226

Details

Source: Mitre, NVD

Published: 2022-08-23

Updated: 2023-11-26

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H