How severe is CVE-2017-14970?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2017-14970?

This is classified as CWE-772, which is a common weakness in software security.

CVE-2017-14970 - MEDIUM Severity | CVSS 5.9

Vulnerability Description

In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table."

Related Vulnerabilities

CVE-2017-15671

MEDIUM

CVSS:5.9(Medium)

The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user nam...

CWE-7722017

CVE-2017-16672

MEDIUM

CVSS:5.9(Medium)

An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip s...

CWE-7722017

CVE-2018-19132

MEDIUM

CVSS:5.9(Medium)

Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.

CWE-7722018

CVE-2023-22302

MEDIUM

CVSS:5.9(Medium)

In BIG-IP versions 17.0.x before 17.0.0.2, and 16.1.x beginning in 16.1.2.2 to before 16.1.3.3, when an HTTP profile is configured on a virtual server and conditions beyond the attacker’s control exis...

CWE-7722023

CVE-2023-47124

MEDIUM

CVSS:5.9(Medium)

Traefik is an open source HTTP reverse proxy and load balancer. When Traefik is configured to use the `HTTPChallenge` to generate and renew the Let's Encrypt TLS certificates, the delay authorized to ...

CWE-7722023

CVE-2016-7466

MEDIUM

CVSS:6.0(Medium)

Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumpt...

CWE-7722016