CVE-2021-3905

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-3905
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3905.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-3905
Downstream
Published
2022-08-23T16:15:10.177Z
Modified
2026-03-15T22:41:44.017945Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.

References

Affected packages

Git / github.com/openvswitch/ovs

Affected ranges

Type
GIT
Repo
https://github.com/openvswitch/ovs
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
db7c86e5d03cd9018739e5fa47cc6be0bad246a0
Fixed
803ed12e31b0377c37d7aa8c94b3b92f2081e349
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.17.0"
        }
    ]
}

Affected versions

v0.*
v0.90.0
v0.90.1
v0.90.2
v0.90.3
v0.90.4
v0.90.6
v0.90.7
v0.99.0
v0.99.1
v0.99.2
v1.*
v1.0.0
v1.0.1
v1.1.0pre1
v1.1.0pre2

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "21.10"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "35"
            }
        ]
    }
]
vanir_signatures 
[
    {
        "target": {
            "function": "ipf_extract_frags_from_batch",
            "file": "lib/ipf.c"
        },
        "id": "CVE-2021-3905-2f55292c",
        "digest": {
            "function_hash": "59206550191124162597306143656796702807",
            "length": 620.0
        },
        "source": "https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "target": {
            "file": "lib/ipf.c"
        },
        "id": "CVE-2021-3905-bc45e5fb",
        "digest": {
            "line_hashes": [
                "113026978509954193576006793526224427224",
                "336035935748019679433616447587111359138",
                "188532591581163255405121483877259391893",
                "49480125028801656152872840088186111378"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line"
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3905.json"