CVE-2021-3905

{"id": "CVE-2021-3905", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-08-23T16:15:10.177", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2021-3905", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019692", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/openvswitch/ovs-issues/issues/226", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349", "tags": ["Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://security.gentoo.org/glsa/202311-16", "source": "secalert@redhat.com"}, {"url": "https://ubuntu.com/security/CVE-2021-3905", "tags": ["Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-401"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments."}, {"lang": "es", "value": "Se ha encontrado una p\u00e9rdida de memoria en Open vSwitch (OVS) durante el procesamiento de la fragmentaci\u00f3n IP en el espacio de usuario. Un atacante podr\u00eda usar este fallo para agotar potencialmente la memoria disponible al seguir enviando fragmentos de paquetes."}], "lastModified": "2023-11-26T11:15:08.147", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59369EE4-B970-4222-AA4E-276928B1016B", "versionEndExcluding": "2.17.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:enterprise_linux_fast_datapath:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "559A4609-EC7E-40CD-9165-5DA68CBCEE9B"}, {"criteria": "cpe:2.3:a:redhat:enterprise_linux_fast_datapath:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAE5723C-165D-4427-A8DF-82662A2E7A9F"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAE4D2D0-CEEB-416F-8BC5-A7987DF56190"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}