CVE-2021-3905

A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.

References

Affected packages

Git / github.com/openvswitch/ovs

Affected ranges

Type: GIT
Repo: https://github.com/openvswitch/ovs
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

803ed12e31b0377c37d7aa8c94b3b92f2081e349

Affected versions

v0.*

v0.90.0

v0.90.1

v0.90.2

v0.90.3

v0.90.4

v0.90.6

v0.90.7

v0.99.0

v0.99.1

v0.99.2

v1.*

v1.0.0

v1.0.1

v1.1.0pre1

v1.1.0pre2

Database specific

{
    "vanir_signatures": [
        {
            "id": "CVE-2021-3905-2f55292c",
            "signature_type": "Function",
            "target": {
                "file": "lib/ipf.c",
                "function": "ipf_extract_frags_from_batch"
            },
            "deprecated": false,
            "digest": {
                "length": 620.0,
                "function_hash": "59206550191124162597306143656796702807"
            },
            "signature_version": "v1",
            "source": "https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349"
        },
        {
            "id": "CVE-2021-3905-bc45e5fb",
            "signature_type": "Line",
            "target": {
                "file": "lib/ipf.c"
            },
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "113026978509954193576006793526224427224",
                    "336035935748019679433616447587111359138",
                    "188532591581163255405121483877259391893",
                    "49480125028801656152872840088186111378"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "source": "https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349"
        }
    ]
}