CVE-2017-14970 : What You Need to Know

Open vSwitch (OvS) versions earlier than 2.8.1 are affected by multiple memory leaks in the "lib/ofp-util.c" file when parsing incorrectly formatted OpenFlow group mod messages.

Understanding CVE-2017-14970

What is CVE-2017-14970?

This CVE identifies multiple memory leaks in Open vSwitch (OvS) versions prior to 2.8.1 that occur during the parsing of malformed OpenFlow group mod messages.

The Impact of CVE-2017-14970

The significance of this report is challenged by the vendor, stating that the vulnerability can only be activated by an OpenFlow controller, which has more efficient methods to compel Open vSwitch to allocate memory.

Technical Details of CVE-2017-14970

Vulnerability Description

The vulnerability involves memory leaks in the "lib/ofp-util.c" file of Open vSwitch (OvS) versions earlier than 2.8.1 when processing incorrectly formatted OpenFlow group mod messages.

Affected Systems and Versions

Product: Not applicable
Vendor: Not applicable
Versions affected: All versions earlier than 2.8.1

Exploitation Mechanism

The memory leaks are triggered when parsing OpenFlow group mod messages that are incorrectly formatted. The vendor disputes the relevance of this report, emphasizing that it requires activation by an OpenFlow controller.

Mitigation and Prevention

Immediate Steps to Take

Upgrade to Open vSwitch version 2.8.1 or later to mitigate the memory leaks.
Ensure OpenFlow controllers are securely configured to prevent unauthorized activation of the vulnerability.

Long-Term Security Practices

Regularly monitor and update Open vSwitch and associated components to address potential vulnerabilities.
Implement network segmentation and access controls to limit the impact of any successful exploitation.

Patching and Updates

Apply patches and updates provided by Open vSwitch to address the memory leak vulnerability.