In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function ofputil_pull_queue_get_config_reply10 in lib/ofp-util.c.
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Openvswitch | Openvswitch | 2.7.0 (including) | 2.7.0 (including) |
| Fast Datapath for Red Hat Enterprise Linux 7 | RedHat | openvswitch-0:2.7.2-1.git20170719.el7fdp | * |
| Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 | RedHat | openvswitch-0:2.4.1-2.git20160727.el7ost | * |
| Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 | RedHat | openvswitch-0:2.5.0-15.git20160727.el7ost | * |
| Red Hat OpenStack Platform 10.0 (Newton) | RedHat | openvswitch-0:2.6.1-13.git20161206.el7ost | * |
| Red Hat OpenStack Platform 11.0 (Ocata) | RedHat | openvswitch-0:2.6.1-13.git20161206.el7ost | * |
| Red Hat OpenStack Platform 8.0 (Liberty) | RedHat | openvswitch-0:2.5.0-15.git20160727.el7ost | * |
| Red Hat OpenStack Platform 9.0 (Mitaka) | RedHat | openvswitch-0:2.5.0-15.git20160727.el7ost | * |
| Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS | RedHat | openvswitch-0:2.7.2-1.git20170719.el7fdp | * |
| Openvswitch | Ubuntu | xenial | * |
| Openvswitch | Ubuntu | yakkety | * |
| Openvswitch | Ubuntu | zesty | * |