Vulnerability-Lookup

CVE-2020-27827 (GCVE-0-2020-27827)

Vulnerability from cvelistv5 – Published: 2021-03-18 00:00 – Updated: 2025-12-03 18:20

Summary

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-400

Assigner

redhat

References

8 references

URL	Tags
https://bugzilla.redhat.com/show_bug.cgi?id=1921438
https://mail.openvswitch.org/pipermail/ovs-dev/20…
https://cert-portal.siemens.com/productcert/pdf/s…
https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://security.gentoo.org/glsa/202311-16	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
n/a	lldp/openvswitch	Affected: lldpd 1.0.8, openvswitch 2.14.1, openvswitch 2.13.2, openvswitch 2.12.2, openvswitch 2.11.5, openvswitch 2.10.6, openvswitch 2.9.8, openvswitch 2.8.10, openvswitch 2.7.12, openvswitch 2.6.9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:25:43.547Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921438"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07"
          },
          {
            "name": "FEDORA-2023-88991d2713",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP/"
          },
          {
            "name": "FEDORA-2023-c0c184a019",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS/"
          },
          {
            "name": "FEDORA-2023-3e4feeadec",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D/"
          },
          {
            "name": "GLSA-202311-16",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202311-16"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2020-27827",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-04T13:38:48.935265Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-03T18:20:03.875Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "lldp/openvswitch",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "lldpd 1.0.8, openvswitch 2.14.1, openvswitch 2.13.2, openvswitch 2.12.2, openvswitch 2.11.5, openvswitch 2.10.6, openvswitch 2.9.8, openvswitch 2.8.10, openvswitch 2.7.12, openvswitch 2.6.9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-26T11:06:15.202Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921438"
        },
        {
          "url": "https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf"
        },
        {
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07"
        },
        {
          "name": "FEDORA-2023-88991d2713",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP/"
        },
        {
          "name": "FEDORA-2023-c0c184a019",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS/"
        },
        {
          "name": "FEDORA-2023-3e4feeadec",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D/"
        },
        {
          "name": "GLSA-202311-16",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202311-16"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-27827",
    "datePublished": "2021-03-18T00:00:00.000Z",
    "dateReserved": "2020-10-27T00:00:00.000Z",
    "dateUpdated": "2025-12-03T18:20:03.875Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2020-27827",
      "date": "2026-05-30",
      "epss": "0.00504",
      "percentile": "0.66483"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-27827\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2021-03-18T17:15:13.510\",\"lastModified\":\"2025-12-03T19:15:51.763\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 un fallo en m\u00faltiples versiones de OpenvSwitch.\u0026#xa0;Los paquetes LLDP especialmente dise\u00f1ados pueden causar que una memoria se pierda cuando se asignan datos para manejar TLV opcionales espec\u00edficos, potencialmente causando una denegaci\u00f3n de servicio.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:C\",\"baseScore\":7.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lldpd_project:lldpd:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.8\",\"matchCriteriaId\":\"60E35B97-6AAD-4F2D-88E7-D1B235D36E63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.6.0\",\"versionEndExcluding\":\"2.6.9\",\"matchCriteriaId\":\"D7946D64-A914-4DC4-8AFA-E5A4C9415B87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.7.0\",\"versionEndExcluding\":\"2.7.12\",\"matchCriteriaId\":\"FCBC3BDE-1CFE-4275-8F33-BC7D0ECD88BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.8.0\",\"versionEndExcluding\":\"2.8.10\",\"matchCriteriaId\":\"F553884B-6DC9-4DBD-ADD6-B24B8A9FDFBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.9.0\",\"versionEndExcluding\":\"2.9.8\",\"matchCriteriaId\":\"4A42E11A-8575-40B1-8343-840783E17FD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.10.0\",\"versionEndExcluding\":\"2.10.6\",\"matchCriteriaId\":\"92DE8269-BD35-46B7-B4D0-5C0B5C3B2BE5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.11.0\",\"versionEndExcluding\":\"2.11.5\",\"matchCriteriaId\":\"6AA97E08-3F7E-46CE-B03D-FD06307137A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.12.0\",\"versionEndExcluding\":\"2.12.2\",\"matchCriteriaId\":\"F74931FC-4B61-4EAD-90CD-D095A9BC76B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.13.0\",\"versionEndExcluding\":\"2.13.2\",\"matchCriteriaId\":\"6AACFC3E-4242-4E9E-9AC2-B2E1C700DF0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.14.0\",\"versionEndExcluding\":\"2.14.1\",\"matchCriteriaId\":\"E22360F8-FD09-4CED-8E62-46916AB17A12\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"932D137F-528B-4526-9A89-CD59FA1AB0FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"704CFA1A-953E-4105-BFBE-406034B83DED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BBD7A51-0590-4DDF-8249-5AFA8D645CB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_hmi_unified_comfort_panels_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"17\",\"matchCriteriaId\":\"CAB60054-8FD0-45A4-B7DC-FFF061764B80\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_hmi_unified_comfort_panels:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2921C017-7617-4789-9690-C81EAC4F469D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_net_cp_1243-1_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"238D992C-6158-4E31-AE0A-7A9C54B51963\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_net_cp_1243-1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65278BA0-3C81-4D81-9801-D7BE3A1D7680\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_net_cp_1243-8_irc_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2009C1FA-96D5-413C-9161-0DB55F841088\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_net_cp_1243-8_irc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"350FD323-C876-4C7A-A2E7-4B0660C87F6C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_net_cp_1542sp-1_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F56E0C04-AEC3-45C8-93E7-FCA3B7F370F6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_net_cp_1542sp-1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0602DEEA-AE39-4A44-9D78-6623943DDCD6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_net_cp_1542sp-1_irc_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F7747CD-757E-4B36-8F23-7588183948A7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_net_cp_1542sp-1_irc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1EE2F10-A7A6-486F-AE5C-53AE25BAF200\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_net_cp_1543-1_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB5A494F-2EAB-4647-9A45-5CB0C382E099\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_net_cp_1543-1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F56C2BDC-928E-491A-8E7C-F976B3787C7A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_net_cp_1543sp-1_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98C894B9-C62A-4689-9DA4-D9A3795B8CE5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_net_cp_1543sp-1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"783B50B8-2FB7-4982-88AA-B4F2AD094796\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_net_cp_1545-1_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A46FF27-6B0D-4606-9D7B-45912556416F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_net_cp_1545-1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1256EB4B-DD8A-4F99-AE69-F74E8F789C63\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:tim_1531_irc_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.2\",\"matchCriteriaId\":\"D5B1898E-CB50-429B-9609-DC27C33C5C37\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:tim_1531_irc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1D94BEB-BBFB-4258-9835-87DBBB999239\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sinumerik_one_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0.1\",\"matchCriteriaId\":\"296D097F-C7D2-4D12-8621-E0D1CAE64FA1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:sinumerik_one:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE30FFDF-5494-400D-8F88-954A6B1503B9\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1921438\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Mitigation\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202311-16\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1921438\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mitigation\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202311-16\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1921438\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP/\", \"name\": \"FEDORA-2023-88991d2713\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS/\", \"name\": \"FEDORA-2023-c0c184a019\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D/\", \"name\": \"FEDORA-2023-3e4feeadec\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202311-16\", \"name\": \"GLSA-202311-16\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T16:25:43.547Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-27827\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-04T13:38:48.935265Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-04T13:38:59.599Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"lldp/openvswitch\", \"versions\": [{\"status\": \"affected\", \"version\": \"lldpd 1.0.8, openvswitch 2.14.1, openvswitch 2.13.2, openvswitch 2.12.2, openvswitch 2.11.5, openvswitch 2.10.6, openvswitch 2.9.8, openvswitch 2.8.10, openvswitch 2.7.12, openvswitch 2.6.9\"}]}], \"references\": [{\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1921438\"}, {\"url\": \"https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf\"}, {\"url\": \"https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP/\", \"name\": \"FEDORA-2023-88991d2713\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS/\", \"name\": \"FEDORA-2023-c0c184a019\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D/\", \"name\": \"FEDORA-2023-3e4feeadec\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202311-16\", \"name\": \"GLSA-202311-16\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2023-11-26T11:06:15.202Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2020-27827\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-03T18:20:03.875Z\", \"dateReserved\": \"2020-10-27T00:00:00.000Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2021-03-18T00:00:00.000Z\", \"assignerShortName\": \"redhat\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

VAR-202103-0218

Vulnerability from variot - Updated: 2026-04-10 22:01

A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. Canonical Ubuntu is a set of desktop application-based GNU/Linux operating system developed by British company Canonical. A security vulnerability exists in the Ubuntu lldp software that could be exploited by an attacker to trigger a denial of service attack. The following products and models are affected: Ubuntu 20.10 openvswitch-common, Ubuntu 20.04 LTS openvswitch-common Ubuntu 18.04 LTS openvswitch-common, Ubuntu 16.04 LTS: openvswitch-common. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: OpenShift Container Platform 4.7.4 security update Advisory ID: RHSA-2021:0957-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:0957 Issue date: 2021-03-30 CVE Names: CVE-2020-27827 CVE-2020-35498 CVE-2021-3114 =====================================================================

Summary:

Red Hat OpenShift Container Platform release 4.7.4 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.4. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHSA-2021:0958

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html

This update fixes the following bugs among others:

A flaw was found in golang: crypto/elliptic, in which P-224 keys as generated could return incorrect inputs, which reduced the strength of the cryptography. (BZ#1918750)
This update adds new capabilities to the Baremetal Operator, allowing for different reboot modes to be utilized. This allows workloads to be relocated as quickly as possible in the event of a node failure. Additionally, it provides a path for clients to quickly power down systems for remediation purposes and to recover workloads. As a result, workload recovery time is significantly reduced. (BZ#1936407)

You may download the oc tool and use it to inspect release image metadata as follows:

(For x86_64 architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.6.20-x86_64

The image digest is sha256:999a6a4bd731075e389ae601b373194c6cb2c7b4dadd1ad06ef607e86476b129

(For s390x architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.6.20-s390x

The image digest is sha256:90be6b7e97d8da9fbb2afc7fe6d7dd4da6265fb847ec440e46bda1a25c224b0c

(For ppc64le architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.6.20-ppc64le

The image digest is sha256:475367e4991d6e8ea3617cf3dfe2dd472db76a89f23484f118932d6bdd6f53e9

Security Fix(es):

golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor.

Solution:

For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html

Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html.

Bugs fixed (https://bugzilla.redhat.com/):

1910352 - When creating a worker with a used mac-address stuck on registering 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 1922417 - Issue configuring nodes with VLAN and teaming 1927554 - [sig-devex][Feature:ImageEcosystem][Slow] openshift sample application repositories rails/nodejs/cakephp 1929257 - The KubeletConfigController cannot process multiple confs for a pool/ pool changes 1929371 - 4.7 CNO claims to be done upgrading before it even starts 1929721 - Enable host-based disk encryption on Azure platform 1930106 - Cannot IPI with tang/tpm disk encryption 1930152 - Web console crashes during VM creation from template when no storage classes are defined 1931401 - test: openshift-tests.[sig-cli] oc observe works as expected [Suite:openshift/conformance/parallel] 1931863 - NetworkManager overlay FS not being created on None platform 1931950 - Whereabouts IPv6 addresses not calculated when leading hextets equal 0 1933839 - Panic in OLM packageserver when invoking webhook authorization endpoint 1934645 - [4.7z] Need BFD failover capability on ECMP routes 1935636 - High RAM usage on machine api termination node system oom 1936707 - New CSV using ServiceAccount named "default" stuck in Pending during upgrade 1936803 - Support ServiceBinding 0.5.0+ 1936861 - (release-4.7] Configmap gatherer doesn't include namespace name (in the archive path) in case of a configmap with binary data 1937313 - Topology view - vm details screen isntt stop loading 1937469 - Pod/node/ip/template isn't showing when vm is running 1937695 - ironic image "/" cluttered with files 1937829 - ovn-kube must handle single-stack to dual-stack migration 1937998 - [4.7] wrong community catalog image reference 1938405 - catalog operator causing CPU spikes and bad etcd performance 1939218 - Images built on OCP 4.6 clusters create manifests that result in quay.io (and other registries) rejecting those manifests 1939278 - Backport Avoid node disruption when kube-apiserver-to-kubelet-signer is rotated 1939477 - CI tests using openshift/hello-world broken by Ruby Version Update 1940283 - [VPA] Updater failed to trigger evictions due to "vpa-admission-controller" not found 1941297 - OCP-Metal images

References:

https://access.redhat.com/security/cve/CVE-2020-27827 https://access.redhat.com/security/cve/CVE-2020-35498 https://access.redhat.com/security/cve/CVE-2021-3114 https://access.redhat.com/security/updates/classification/#moderate

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iQIVAwUBYGKzb9zjgjWX9erEAQj7Iw/+PfX6ucF71yzOz1uCYviLerogcA+o1gFQ v5N+fASsbYGvIR1G5NW/SZ/4mW/UadNDHPSafGyp0F2eHt05tXbrEWQevf4HerTT teAJItQyPRML13mzC+5CSi6IfLzuyYAHVQQP6nxv/5z0xrI8SjiQaXIGHWmlweVy mCGVAiRhsJkONh5tz3cIrH9IrDpvgMuJXgfZum2d9fPMOS9VMcjjDh3peDqolu3A RMKIgEb6PSHFSaco/gbWnTvOTAKuEI8bLLWmR9fa9+Svj7fxtWV6FXwzxkrOHDp4 l6pS+Sre9Azhoffq9WxF6IGQf0qlHkA1RkKgrlLvZcRY3xFpjOiN5enoy/6w2j5M d28j7WXTIVDHqXWK26HLLpqNTJd46zfjL54Kh8CzuwrfvGp3hdjx81sbY1gp0RXo KjAUbeAOwMoUKl9FqBOKYG+AiHOUuZcXAxlz1sYdEd3QrA5ApY8rQhRakLLjPrVP 7N8BchpHQ7SLcxHPpvMOjfQrDGhjEG7L3VisZmIqH1MYlqvrwCS+g7SYyamFW4V7 JuHOn3pMNdgSV3F5Xy2sxHYo1fZ9gmU42G+aOw3FCq/nUOOWfURgtXAGWlTWMmJE wO2zi4JHAcvnkT5yDVtIX8JAfxY8ZBZTr/mCKPOomEh6a386AQvf6N9shFKy2lhL xTyfIBuAwy8= =GeCF -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Relevant releases/architectures:

RHEL 7-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64 Red Hat Virtualization 4 Hypervisor for RHEL 7 - noarch

Description:

The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.

Security Fix(es):

lldp/openvswitch: denial of service via externally triggered memory leak (CVE-2020-27827)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/2974891

Bugs fixed (https://bugzilla.redhat.com/):

1921438 - CVE-2020-27827 lldp/openvswitch: denial of service via externally triggered memory leak 1924062 - Rebase RHV-H 4.3 EUS on RHEL 7.9.z #4 1932859 - Rebase RHV-H 4.3.14 on FDP 2.11 (21B) 1940841 - Include updated gluster-ansible-features in RHV-H 4.3

Package List:

Red Hat Virtualization 4 Hypervisor for RHEL 7:

Source: redhat-virtualization-host-4.3.14-20210322.0.el7_9.src.rpm

noarch: redhat-virtualization-host-image-update-4.3.14-20210322.0.el7_9.noarch.rpm

RHEL 7-based RHEV-H for RHEV 4 (build requirements):

Source: redhat-release-virtualization-host-4.3.14-2.el7ev.src.rpm redhat-virtualization-host-4.3.14-20210322.0.el7_9.src.rpm

noarch: redhat-virtualization-host-image-update-4.3.14-20210322.0.el7_9.noarch.rpm redhat-virtualization-host-image-update-placeholder-4.3.14-2.el7ev.noarch.rpm

x86_64: redhat-release-virtualization-host-4.3.14-2.el7ev.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

Description:

Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9158.json

Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

Description:

LLDP is an industry standard protocol designed to supplant proprietary Link-Layer protocols such as EDP or CDP. The goal of LLDP is to provide an inter-vendor compatible mechanism to deliver Link-Layer notifications to adjacent network devices

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "lldpd",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "lldpd",
        "version": "1.0.8"
      },
      {
        "_id": null,
        "model": "openvswitch",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openvswitch",
        "version": "2.6.0"
      },
      {
        "_id": null,
        "model": "openvswitch",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openvswitch",
        "version": "2.10.6"
      },
      {
        "_id": null,
        "model": "simatic net cp 1243-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": null
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "33"
      },
      {
        "_id": null,
        "model": "simatic net cp 1543sp-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": null
      },
      {
        "_id": null,
        "model": "openvswitch",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openvswitch",
        "version": "2.9.0"
      },
      {
        "_id": null,
        "model": "openvswitch",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openvswitch",
        "version": "2.11.0"
      },
      {
        "_id": null,
        "model": "openvswitch",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openvswitch",
        "version": "2.12.0"
      },
      {
        "_id": null,
        "model": "simatic net cp 1542sp-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": null
      },
      {
        "_id": null,
        "model": "simatic net cp 1543-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": null
      },
      {
        "_id": null,
        "model": "simatic net cp 1545-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": null
      },
      {
        "_id": null,
        "model": "sinumerik one",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.0.1"
      },
      {
        "_id": null,
        "model": "openvswitch",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openvswitch",
        "version": "2.13.2"
      },
      {
        "_id": null,
        "model": "openvswitch",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openvswitch",
        "version": "2.6.9"
      },
      {
        "_id": null,
        "model": "simatic net cp 1542sp-1 irc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": null
      },
      {
        "_id": null,
        "model": "openvswitch",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openvswitch",
        "version": "2.9.8"
      },
      {
        "_id": null,
        "model": "openstack",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "10"
      },
      {
        "_id": null,
        "model": "openvswitch",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openvswitch",
        "version": "2.14.0"
      },
      {
        "_id": null,
        "model": "openvswitch",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openvswitch",
        "version": "2.12.2"
      },
      {
        "_id": null,
        "model": "openstack",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "13"
      },
      {
        "_id": null,
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "_id": null,
        "model": "openvswitch",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openvswitch",
        "version": "2.10.0"
      },
      {
        "_id": null,
        "model": "tim 1531 irc",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.2"
      },
      {
        "_id": null,
        "model": "openshift container platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "_id": null,
        "model": "openvswitch",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openvswitch",
        "version": "2.8.0"
      },
      {
        "_id": null,
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "virtualization",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "_id": null,
        "model": "openvswitch",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openvswitch",
        "version": "2.11.5"
      },
      {
        "_id": null,
        "model": "simatic hmi unified comfort panels",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "17"
      },
      {
        "_id": null,
        "model": "openvswitch",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openvswitch",
        "version": "2.13.0"
      },
      {
        "_id": null,
        "model": "simatic net cp 1243-8 irc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": null
      },
      {
        "_id": null,
        "model": "openvswitch",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openvswitch",
        "version": "2.14.1"
      },
      {
        "_id": null,
        "model": "openvswitch",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openvswitch",
        "version": "2.7.0"
      },
      {
        "_id": null,
        "model": "openvswitch",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openvswitch",
        "version": "2.7.12"
      },
      {
        "_id": null,
        "model": "openvswitch",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openvswitch",
        "version": "2.8.10"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-27827"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "162733"
      },
      {
        "db": "PACKETSTORM",
        "id": "163180"
      },
      {
        "db": "PACKETSTORM",
        "id": "162017"
      },
      {
        "db": "PACKETSTORM",
        "id": "161789"
      },
      {
        "db": "PACKETSTORM",
        "id": "162043"
      },
      {
        "db": "PACKETSTORM",
        "id": "162044"
      },
      {
        "db": "PACKETSTORM",
        "id": "161781"
      },
      {
        "db": "PACKETSTORM",
        "id": "182596"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1127"
      }
    ],
    "trust": 1.4
  },
  "cve": "CVE-2020-27827",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2020-27827",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 1.0,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-371938",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2020-27827",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-27827",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            "id": "CVE-2020-27827",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202101-1127",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-371938",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-371938"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1127"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-27827"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-27827"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. Canonical Ubuntu is a set of desktop application-based GNU/Linux operating system developed by British company Canonical. A security vulnerability exists in the Ubuntu lldp software that could be exploited by an attacker to trigger a denial of service attack. The following products and models are affected: Ubuntu 20.10 openvswitch-common, Ubuntu 20.04 LTS openvswitch-common Ubuntu 18.04 LTS openvswitch-common, Ubuntu 16.04 LTS: openvswitch-common. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: OpenShift Container Platform 4.7.4 security update\nAdvisory ID:       RHSA-2021:0957-01\nProduct:           Red Hat OpenShift Enterprise\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2021:0957\nIssue date:        2021-03-30\nCVE Names:         CVE-2020-27827 CVE-2020-35498 CVE-2021-3114 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.7.4 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.7.4. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2021:0958\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nThis update fixes the following bugs among others:\n\n* A flaw was found in golang: crypto/elliptic, in which P-224 keys as\ngenerated could return incorrect inputs, which reduced the strength of the\ncryptography. (BZ#1918750)\n\n* This update adds new capabilities to the Baremetal Operator, allowing for\ndifferent reboot modes to be utilized. This allows workloads to be\nrelocated as quickly as possible in the event of a node failure. \nAdditionally, it provides a path for clients to quickly power down systems\nfor remediation purposes and to recover workloads. As a result, workload\nrecovery time is significantly reduced. (BZ#1936407)\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n$ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.6.20-x86_64\n\nThe image digest is\nsha256:999a6a4bd731075e389ae601b373194c6cb2c7b4dadd1ad06ef607e86476b129\n\n(For s390x architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.6.20-s390x\n\nThe image digest is\nsha256:90be6b7e97d8da9fbb2afc7fe6d7dd4da6265fb847ec440e46bda1a25c224b0c\n\n(For ppc64le architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.6.20-ppc64le\n\nThe image digest is\nsha256:475367e4991d6e8ea3617cf3dfe2dd472db76a89f23484f118932d6bdd6f53e9\n\nSecurity Fix(es):\n\n* golang: crypto/elliptic: incorrect operations on the P-224 curve\n(CVE-2021-3114)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor. \n\n3. Solution:\n\nFor OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -cli.html. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1910352 - When creating a worker with a used mac-address stuck on registering\n1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve\n1922417 - Issue configuring nodes with VLAN and teaming\n1927554 - [sig-devex][Feature:ImageEcosystem][Slow] openshift sample application repositories rails/nodejs/cakephp\n1929257 - The KubeletConfigController cannot process multiple confs for a pool/ pool changes\n1929371 - 4.7 CNO claims to be done upgrading before it even starts\n1929721 - Enable host-based disk encryption on Azure platform\n1930106 - Cannot IPI with tang/tpm disk encryption\n1930152 - Web console crashes during VM creation from template when no storage classes are defined\n1931401 - test: openshift-tests.[sig-cli] oc observe works as expected [Suite:openshift/conformance/parallel]\n1931863 - NetworkManager overlay FS not being created on None platform\n1931950 - Whereabouts IPv6 addresses not calculated when leading hextets equal 0\n1933839 - Panic in OLM packageserver when invoking webhook authorization endpoint\n1934645 - [4.7z] Need BFD failover capability on ECMP routes\n1935636 - High RAM usage on machine api termination node system oom\n1936707 - New CSV using ServiceAccount named \"default\" stuck in Pending during upgrade\n1936803 - Support ServiceBinding 0.5.0+\n1936861 - (release-4.7] Configmap gatherer doesn\u0027t include namespace name (in the archive path) in case of a configmap with binary data\n1937313 - Topology view - vm details screen isntt stop loading\n1937469 - Pod/node/ip/template isn\u0027t showing when vm is running\n1937695 - ironic image \"/\" cluttered with files\n1937829 - ovn-kube must handle single-stack to dual-stack migration\n1937998 - [4.7] wrong community catalog image reference\n1938405 - catalog operator causing CPU spikes and bad etcd performance\n1939218 - Images built on OCP 4.6 clusters create manifests that result in quay.io (and other registries) rejecting those manifests\n1939278 - Backport Avoid node disruption when kube-apiserver-to-kubelet-signer is rotated\n1939477 - CI tests using openshift/hello-world broken by Ruby Version Update\n1940283 - [VPA] Updater failed to trigger evictions due to \"vpa-admission-controller\" not found\n1941297 - OCP-Metal images\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-27827\nhttps://access.redhat.com/security/cve/CVE-2020-35498\nhttps://access.redhat.com/security/cve/CVE-2021-3114\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYGKzb9zjgjWX9erEAQj7Iw/+PfX6ucF71yzOz1uCYviLerogcA+o1gFQ\nv5N+fASsbYGvIR1G5NW/SZ/4mW/UadNDHPSafGyp0F2eHt05tXbrEWQevf4HerTT\nteAJItQyPRML13mzC+5CSi6IfLzuyYAHVQQP6nxv/5z0xrI8SjiQaXIGHWmlweVy\nmCGVAiRhsJkONh5tz3cIrH9IrDpvgMuJXgfZum2d9fPMOS9VMcjjDh3peDqolu3A\nRMKIgEb6PSHFSaco/gbWnTvOTAKuEI8bLLWmR9fa9+Svj7fxtWV6FXwzxkrOHDp4\nl6pS+Sre9Azhoffq9WxF6IGQf0qlHkA1RkKgrlLvZcRY3xFpjOiN5enoy/6w2j5M\nd28j7WXTIVDHqXWK26HLLpqNTJd46zfjL54Kh8CzuwrfvGp3hdjx81sbY1gp0RXo\nKjAUbeAOwMoUKl9FqBOKYG+AiHOUuZcXAxlz1sYdEd3QrA5ApY8rQhRakLLjPrVP\n7N8BchpHQ7SLcxHPpvMOjfQrDGhjEG7L3VisZmIqH1MYlqvrwCS+g7SYyamFW4V7\nJuHOn3pMNdgSV3F5Xy2sxHYo1fZ9gmU42G+aOw3FCq/nUOOWfURgtXAGWlTWMmJE\nwO2zi4JHAcvnkT5yDVtIX8JAfxY8ZBZTr/mCKPOomEh6a386AQvf6N9shFKy2lhL\nxTyfIBuAwy8=\n=GeCF\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Relevant releases/architectures:\n\nRHEL 7-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64\nRed Hat Virtualization 4 Hypervisor for RHEL 7 - noarch\n\n3. Description:\n\nThe redhat-virtualization-host packages provide the Red Hat Virtualization\nHost. \nThese packages include redhat-release-virtualization-host. Red Hat\nVirtualization Hosts (RHVH) are installed using a special build of Red Hat\nEnterprise Linux with only the packages required to host virtual machines. \nRHVH\nfeatures a Cockpit user interface for monitoring the host\u0027s resources and\nperforming administrative tasks. \n\nSecurity Fix(es):\n\n* lldp/openvswitch: denial of service via externally triggered memory leak\n(CVE-2020-27827)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2974891\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1921438 - CVE-2020-27827 lldp/openvswitch: denial of service via externally triggered memory leak\n1924062 - Rebase RHV-H 4.3 EUS on RHEL 7.9.z #4\n1932859 - Rebase RHV-H 4.3.14 on FDP 2.11 (21B)\n1940841 - Include updated gluster-ansible-features in RHV-H 4.3\n\n6. Package List:\n\nRed Hat Virtualization 4 Hypervisor for RHEL 7:\n\nSource:\nredhat-virtualization-host-4.3.14-20210322.0.el7_9.src.rpm\n\nnoarch:\nredhat-virtualization-host-image-update-4.3.14-20210322.0.el7_9.noarch.rpm\n\nRHEL 7-based RHEV-H for RHEV 4 (build requirements):\n\nSource:\nredhat-release-virtualization-host-4.3.14-2.el7ev.src.rpm\nredhat-virtualization-host-4.3.14-20210322.0.el7_9.src.rpm\n\nnoarch:\nredhat-virtualization-host-image-update-4.3.14-20210322.0.el7_9.noarch.rpm\nredhat-virtualization-host-image-update-placeholder-4.3.14-2.el7ev.noarch.rpm\n\nx86_64:\nredhat-release-virtualization-host-4.3.14-2.el7ev.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Description:\n\nOpen vSwitch provides standard network bridging functions and support for\nthe OpenFlow protocol for remote per-flow control of traffic. \n\nThe following advisory data is extracted from:\n\nhttps://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9158.json\n\nRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat\u0027s archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. \n\n\n\n\nDescription:\n\nLLDP is an industry standard protocol designed to supplant proprietary Link-Layer protocols such as EDP or CDP. The goal of LLDP is to provide an inter-vendor compatible mechanism to deliver Link-Layer notifications to adjacent network devices",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-27827"
      },
      {
        "db": "VULHUB",
        "id": "VHN-371938"
      },
      {
        "db": "PACKETSTORM",
        "id": "162733"
      },
      {
        "db": "PACKETSTORM",
        "id": "163180"
      },
      {
        "db": "PACKETSTORM",
        "id": "162017"
      },
      {
        "db": "PACKETSTORM",
        "id": "161789"
      },
      {
        "db": "PACKETSTORM",
        "id": "162043"
      },
      {
        "db": "PACKETSTORM",
        "id": "162044"
      },
      {
        "db": "PACKETSTORM",
        "id": "161781"
      },
      {
        "db": "PACKETSTORM",
        "id": "182596"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-27827",
        "trust": 2.5
      },
      {
        "db": "SIEMENS",
        "id": "SSA-941426",
        "trust": 1.7
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-21-194-07",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "162733",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "161781",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "163180",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "162017",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "162043",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "161391",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "161951",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1127",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0274",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0907",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.2134",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0999",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0520",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2155",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0169",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1109",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0639",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1086",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2402",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0358",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1780",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021052513",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021062138",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "162044",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "161789",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "161785",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-371938",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "182596",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-371938"
      },
      {
        "db": "PACKETSTORM",
        "id": "162733"
      },
      {
        "db": "PACKETSTORM",
        "id": "163180"
      },
      {
        "db": "PACKETSTORM",
        "id": "162017"
      },
      {
        "db": "PACKETSTORM",
        "id": "161789"
      },
      {
        "db": "PACKETSTORM",
        "id": "162043"
      },
      {
        "db": "PACKETSTORM",
        "id": "162044"
      },
      {
        "db": "PACKETSTORM",
        "id": "161781"
      },
      {
        "db": "PACKETSTORM",
        "id": "182596"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1127"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-27827"
      }
    ]
  },
  "id": "VAR-202103-0218",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-371938"
      }
    ],
    "trust": 0.7875
  },
  "last_update_date": "2026-04-10T22:01:06.779000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "Canonical Ubuntu lldp Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=139475"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1127"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-400",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-371938"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-27827"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 1.8,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921438"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://mail.openvswitch.org/pipermail/ovs-dev/2021-january/379471.html"
      },
      {
        "trust": 1.7,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27827"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/skqwhg2szjzsgc7pxvdaejybn7esdr7d/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3t5xhpogipwcrrpjue6p3hvc5ptsd5js/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jya4amjxcnf6upfg36l2tppt32c242sp/"
      },
      {
        "trust": 1.0,
        "url": "https://security.gentoo.org/glsa/202311-16"
      },
      {
        "trust": 0.7,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2020-27827"
      },
      {
        "trust": 0.7,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2020-35498"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35498"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.6,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3t5xhpogipwcrrpjue6p3hvc5ptsd5js/"
      },
      {
        "trust": 0.6,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/skqwhg2szjzsgc7pxvdaejybn7esdr7d/"
      },
      {
        "trust": 0.6,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jya4amjxcnf6upfg36l2tppt32c242sp/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/162733/red-hat-security-advisory-2021-2077-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0639"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/161391/red-hat-security-advisory-2021-0497-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0907"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021052513"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0169/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0358/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2402"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/162017/red-hat-security-advisory-2021-0957-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/161781/red-hat-security-advisory-2021-0834-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0999"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1109"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.2134"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2155"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1780"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0274/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/161951/red-hat-security-advisory-2021-0976-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1086"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/lldp-memory-leak-34341"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0520"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021062138"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/162043/red-hat-security-advisory-2021-1051-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/163180/red-hat-security-advisory-2021-2456-01.html"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/2974891"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8011"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8011"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2077"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2456"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:0958"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:0957"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3114"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3114"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:0835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:1051"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:1050"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:0834"
      },
      {
        "trust": 0.1,
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9158.json"
      },
      {
        "trust": 0.1,
        "url": "https://issues.redhat.com/browse/rhel-25990"
      },
      {
        "trust": 0.1,
        "url": "https://issues.redhat.com/browse/rhel-5787"
      },
      {
        "trust": 0.1,
        "url": "https://issues.redhat.com/browse/rhel-22127"
      },
      {
        "trust": 0.1,
        "url": "https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.5_release_notes/index"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237411"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040388"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2024:9158"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-371938"
      },
      {
        "db": "PACKETSTORM",
        "id": "162733"
      },
      {
        "db": "PACKETSTORM",
        "id": "163180"
      },
      {
        "db": "PACKETSTORM",
        "id": "162017"
      },
      {
        "db": "PACKETSTORM",
        "id": "161789"
      },
      {
        "db": "PACKETSTORM",
        "id": "162043"
      },
      {
        "db": "PACKETSTORM",
        "id": "162044"
      },
      {
        "db": "PACKETSTORM",
        "id": "161781"
      },
      {
        "db": "PACKETSTORM",
        "id": "182596"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1127"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-27827"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-371938",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "162733",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "163180",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "162017",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "161789",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "162043",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "162044",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "161781",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "182596",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1127",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2020-27827",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2021-03-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-371938",
        "ident": null
      },
      {
        "date": "2021-05-20T22:17:24",
        "db": "PACKETSTORM",
        "id": "162733",
        "ident": null
      },
      {
        "date": "2021-06-17T17:37:26",
        "db": "PACKETSTORM",
        "id": "163180",
        "ident": null
      },
      {
        "date": "2021-03-30T14:19:26",
        "db": "PACKETSTORM",
        "id": "162017",
        "ident": null
      },
      {
        "date": "2021-03-15T20:30:52",
        "db": "PACKETSTORM",
        "id": "161789",
        "ident": null
      },
      {
        "date": "2021-03-31T14:36:16",
        "db": "PACKETSTORM",
        "id": "162043",
        "ident": null
      },
      {
        "date": "2021-03-31T14:36:24",
        "db": "PACKETSTORM",
        "id": "162044",
        "ident": null
      },
      {
        "date": "2021-03-15T17:26:06",
        "db": "PACKETSTORM",
        "id": "161781",
        "ident": null
      },
      {
        "date": "2024-11-13T15:37:22",
        "db": "PACKETSTORM",
        "id": "182596",
        "ident": null
      },
      {
        "date": "2021-01-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202101-1127",
        "ident": null
      },
      {
        "date": "2021-03-18T17:15:13.510000",
        "db": "NVD",
        "id": "CVE-2020-27827",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2022-10-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-371938",
        "ident": null
      },
      {
        "date": "2023-04-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202101-1127",
        "ident": null
      },
      {
        "date": "2025-12-03T19:15:51.763000",
        "db": "NVD",
        "id": "CVE-2020-27827",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "162733"
      },
      {
        "db": "PACKETSTORM",
        "id": "163180"
      },
      {
        "db": "PACKETSTORM",
        "id": "161789"
      },
      {
        "db": "PACKETSTORM",
        "id": "162044"
      },
      {
        "db": "PACKETSTORM",
        "id": "161781"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1127"
      }
    ],
    "trust": 1.1
  },
  "title": {
    "_id": null,
    "data": "lldpd Resource Management Error Vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1127"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "_id": null,
    "data": "memory leak",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "163180"
      },
      {
        "db": "PACKETSTORM",
        "id": "161789"
      },
      {
        "db": "PACKETSTORM",
        "id": "162043"
      },
      {
        "db": "PACKETSTORM",
        "id": "162044"
      },
      {
        "db": "PACKETSTORM",
        "id": "161781"
      },
      {
        "db": "PACKETSTORM",
        "id": "182596"
      }
    ],
    "trust": 0.6
  }
}

WID-SEC-W-2023-0916

Vulnerability from csaf_certbund - Published: 2021-02-11 23:00 - Updated: 2024-11-11 23:00

Summary

Red Hat Enterprise Linux: Mehrere Schwachstellen ermöglichen Denial of Service

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution. SUSE Linux ist eine Linux-Distribution bzw. Open Source Plattform.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux und SUSE Linux ausnutzen, um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme: - Linux

CVE-2020-27827

Es existiert eine Schwachstelle in Red Hat Enterprise Linux, welche darauf basiert, dass bei es beim Empfang von speziell angefertigten "LLDP"-Paketen zu Datenverlust kommen kann. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen.

Affected products

Known affected 3 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2020-35498

Es existiert eine Schwachstelle in Red Hat Enterprise Linux und SUSE Linux, welche in der Komponente "openvswitch" besteht. Die Schwachstelle ist auf Fehler bei der Implementierung eines Paket-Parses im Userspace zurückzuführen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Zustand auszuführen.

Affected products

Known affected 4 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

References

25 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://access.redhat.com/errata/RHSA-2021:0976	external
https://access.redhat.com/errata/RHSA-2021:0958	external
https://access.redhat.com/errata/RHSA-2021:1051	external
https://access.redhat.com/errata/RHSA-2021:1050	external
https://access.redhat.com/errata/RHSA-2021:2077	external
https://access.redhat.com/errata/RHSA-2021:0497	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://www.debian.org/security/2021/dsa-4852	external
https://lists.debian.org/debian-lts-announce/2021…	external
https://access.redhat.com/errata/RHSA-2021:0837	external
https://access.redhat.com/errata/RHSA-2021:0834	external
https://access.redhat.com/errata/RHSA-2021:0835	external
https://access.redhat.com/errata/RHSA-2021:2456	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://lists.debian.org/debian-lts-announce/2023…	external
https://access.redhat.com/errata/RHSA-2024:9158	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.\r\nSUSE Linux ist eine Linux-Distribution bzw. Open Source Plattform.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux und SUSE Linux ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0916 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2023-0916.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0916 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0916"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:0976 vom 2021-03-23",
        "url": "https://access.redhat.com/errata/RHSA-2021:0976"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:0958 vom 2021-03-30",
        "url": "https://access.redhat.com/errata/RHSA-2021:0958"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:1051 vom 2021-03-31",
        "url": "https://access.redhat.com/errata/RHSA-2021:1051"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:1050 vom 2021-03-31",
        "url": "https://access.redhat.com/errata/RHSA-2021:1050"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:2077 vom 2021-05-20",
        "url": "https://access.redhat.com/errata/RHSA-2021:2077"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Adivisory: RHSA-2021:0497 vom 2021-02-11",
        "url": "https://access.redhat.com/errata/RHSA-2021:0497"
      },
      {
        "category": "external",
        "summary": "SUSE Security Advisory: 0439-1 vom 2021-02-11",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-February/008313.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Advisory: 0440-1 vom 2021-02-11",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-February/008314.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Advisory: 0436-1 vom 2021-02-11",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-February/008315.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:0446-1 vom 2021-02-12",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-February/008320.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:0451-1 vom 2021-02-12",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-February/008322.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:0479-1 vom 2021-02-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-February/008326.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-4852 vom 2021-02-16",
        "url": "https://www.debian.org/security/2021/dsa-4852"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-2571 vom 2021-02-19",
        "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:0837 vom 2021-03-15",
        "url": "https://access.redhat.com/errata/RHSA-2021:0837"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:0834 vom 2021-03-15",
        "url": "https://access.redhat.com/errata/RHSA-2021:0834"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:0835 vom 2021-03-15",
        "url": "https://access.redhat.com/errata/RHSA-2021:0835"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:2456 vom 2021-06-16",
        "url": "https://access.redhat.com/errata/RHSA-2021:2456"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-88991D2713 vom 2023-04-12",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-88991d2713"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-C0C184A019 vom 2023-04-12",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-c0c184a019"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-3E4FEEADEC vom 2023-04-12",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-3e4feeadec"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-3389 vom 2023-04-12",
        "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00015.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:9158 vom 2024-11-12",
        "url": "https://access.redhat.com/errata/RHSA-2024:9158"
      }
    ],
    "source_lang": "en-US",
    "title": "Red Hat Enterprise Linux: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
    "tracking": {
      "current_release_date": "2024-11-11T23:00:00.000+00:00",
      "generator": {
        "date": "2024-11-12T11:13:57.807+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.8"
        }
      },
      "id": "WID-SEC-W-2023-0916",
      "initial_release_date": "2021-02-11T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2021-02-11T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2021-02-14T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-02-15T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-02-16T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2021-02-21T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2021-03-15T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-03-23T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-03-29T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-03-31T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-05-20T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-06-15T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-04-11T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2023-04-12T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2024-11-11T23:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "14"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-27827",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Red Hat Enterprise Linux, welche darauf basiert, dass bei es beim Empfang von speziell angefertigten \"LLDP\"-Paketen zu Datenverlust kommen kann. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "74185"
        ]
      },
      "release_date": "2021-02-11T23:00:00.000+00:00",
      "title": "CVE-2020-27827"
    },
    {
      "cve": "CVE-2020-35498",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Red Hat Enterprise Linux und SUSE Linux, welche in der Komponente \"openvswitch\" besteht. Die Schwachstelle ist auf Fehler bei der Implementierung eines Paket-Parses im Userspace zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Zustand auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "74185"
        ]
      },
      "release_date": "2021-02-11T23:00:00.000+00:00",
      "title": "CVE-2020-35498"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-27827 (GCVE-0-2020-27827)

VAR-202103-0218

WID-SEC-W-2023-0916

Tags

Sightings

Nomenclature