Base Score

HIGH7.5

CVE-2021-3905

A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.

VectorNETWORK

Published Bysecalert@redhat.com

Published DateAug 23, 2022, 16:15

Weakness Type (CWE):CWE-401

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH

References

https://access.redhat.com/security/cve/CVE-2021-3905
https://bugzilla.redhat.com/show_bug.cgi?id=2019692
https://github.com/openvswitch/ovs-issues/issues/226
https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349
https://security.gentoo.org/glsa/202311-16
https://ubuntu.com/security/CVE-2021-3905

Base Score

HIGH7.5

Weakness Type (CWE):CWE-401

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH