CVE-2021-3905

HIGH

Openvswitch < 2.17.0 - Memory Leak

Title source: rule

Description

A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.

References (6)

[Third Party Advisory] https://access.redhat.com/security/cve/CVE-2021-3905

[Issue Tracking, Patch, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=2019692

[Exploit, Issue Tracking, Patch, Third Party Advisory] https://github.com/openvswitch/ovs-issues/issues/226

[Patch, Third Party Advisory] https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349

View Patch ZIP pw:eip

[Third Party Advisory] https://security.gentoo.org/glsa/202311-16

[Patch, Third Party Advisory] https://ubuntu.com/security/CVE-2021-3905

Scores

CVSS v3 7.5

EPSS 0.0017

EPSS Percentile 37.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-401

Status published

Affected Products (5)

openvswitch/openvswitch < 2.17.0

redhat/enterprise_linux_fast_datapath

canonical/ubuntu_linux

fedoraproject/fedora

Timeline

Published Aug 23, 2022

Tracked Since Feb 18, 2026