CVE-2017-4920

MEDIUM Year: 2017
CVSS v3 Score
5.9
Medium
CVSS v2 Score
7.1
High
Weakness Type
CWE-400
View all →

Vulnerability Description

The implementation of the OSPF protocol in VMware NSX-V Edge 6.2.x prior to 6.2.8 and NSX-V Edge 6.3.x prior to 6.3.3 doesn't correctly handle the link-state advertisement (LSA). A rogue LSA may exploit this issue resulting in continuous sending of LSAs between two routers eventually going in loop or loss of connectivity.

Related Vulnerabilities

CVE-2013-7470

MEDIUM
CVSS:5.9(Medium)

cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABEL is disabled, allows attackers to cause a denial of service (infinite loop and crash), as demonstra...

CWE-4002013

CVE-2016-10544

MEDIUM
CVSS:5.9(Medium)

uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down to...

CWE-4002016

CVE-2016-6307

MEDIUM
CVSS:5.9(Medium)

The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consum...

CWE-4002016

CVE-2017-15130

MEDIUM
CVSS:5.9(Medium)

A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the...

CWE-4002017

CVE-2017-16025

MEDIUM
CVSS:5.9(Medium)

Nes is a websocket extension library for hapi. Hapi is a webserver framework. Versions below and including 6.4.0 have a denial of service vulnerability via an invalid Cookie header. This is only prese...

CWE-4002017

CVE-2017-3140

MEDIUM
CVSS:5.9(Medium)

If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5...

CWE-4002017