CVE-2020-35498

HIGH

openvswitch 2.5.0-2.5.11 - Denial of Service via Crafted Packet Megaflow Width

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-35498. PoCs published by freddierice.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2020-35498, which involves crafting and sending malformed ICMP packets with excessive padding to trigger a vulnerability. The PoC includes both a trigger (Go-based) and a capture tool (C-based with BPF filtering) to detect the exploit attempt.

Description

A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.

Exploits (1)

nomisec WORKING POC

by freddierice · poc

https://github.com/freddierice/cve-2020-35498-flag

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2020-35498, which involves crafting and sending malformed ICMP packets with excessive padding to trigger a vulnerability. The PoC includes both a trigger (Go-based) and a capture tool (C-based with BPF filtering) to detect the exploit attempt.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Linux kernel (specific version not specified)

No auth needed

Prerequisites: Network access to target · Ability to send raw packets

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6

Core References

Third Party Advisory vendor-advisory

https://www.debian.org/security/2021/dsa-4852

Mailing List, Third Party Advisory mailing-list

https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html

Mailing List, Third Party Advisory vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJ4DXFJWMZ325ECZXPZOSK7BOEDJZHPR/

Third Party Advisory vendor-advisory

https://security.gentoo.org/glsa/202311-16

Issue Tracking, Patch, Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1908845

Mailing List, Patch, Third Party Advisory

https://www.openwall.com/lists/oss-security/2021/02/10/4

Scores

CVSS v3 7.5

EPSS 0.0576

EPSS Percentile 90.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-400

Status published

Products (4)

debian/debian_linux 9.0

debian/debian_linux 10.0

fedoraproject/fedora 33

openvswitch/openvswitch 2.5.0 - 2.5.12

Published Feb 11, 2021

Tracked Since Feb 18, 2026