A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/CVE-2021-3905 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2019692 | Issue Tracking Patch Third Party Advisory |
https://github.com/openvswitch/ovs-issues/issues/226 | Exploit Issue Tracking Patch Third Party Advisory |
https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349 | Patch Third Party Advisory |
https://security.gentoo.org/glsa/202311-16 | |
https://ubuntu.com/security/CVE-2021-3905 | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
26 Nov 2023, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Aug 2022, 02:01
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-401 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
References | (MISC) https://access.redhat.com/security/cve/CVE-2021-3905 - Third Party Advisory | |
References | (MISC) https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349 - Patch, Third Party Advisory | |
References | (MISC) https://ubuntu.com/security/CVE-2021-3905 - Patch, Third Party Advisory | |
References | (MISC) https://github.com/openvswitch/ovs-issues/issues/226 - Exploit, Issue Tracking, Patch, Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2019692 - Issue Tracking, Patch, Third Party Advisory | |
CPE | cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:* cpe:2.3:a:redhat:enterprise_linux_fast_datapath:8.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* cpe:2.3:a:redhat:enterprise_linux_fast_datapath:7.0:*:*:*:*:*:*:* |
23 Aug 2022, 17:04
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-23 16:15
Updated : 2024-02-04 22:51
NVD link : CVE-2021-3905
Mitre link : CVE-2021-3905
CVE.ORG link : CVE-2021-3905
JSON object : View
Products Affected
fedoraproject
- fedora
redhat
- enterprise_linux_fast_datapath
openvswitch
- openvswitch
canonical
- ubuntu_linux
CWE
CWE-401
Missing Release of Memory after Effective Lifetime