VAR-202103-0218
Vulnerability from variot - Updated: 2026-04-10 22:01A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. Canonical Ubuntu is a set of desktop application-based GNU/Linux operating system developed by British company Canonical. A security vulnerability exists in the Ubuntu lldp software that could be exploited by an attacker to trigger a denial of service attack. The following products and models are affected: Ubuntu 20.10 openvswitch-common, Ubuntu 20.04 LTS openvswitch-common Ubuntu 18.04 LTS openvswitch-common, Ubuntu 16.04 LTS: openvswitch-common. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: OpenShift Container Platform 4.7.4 security update Advisory ID: RHSA-2021:0957-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:0957 Issue date: 2021-03-30 CVE Names: CVE-2020-27827 CVE-2020-35498 CVE-2021-3114 =====================================================================
- Summary:
Red Hat OpenShift Container Platform release 4.7.4 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.4. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHSA-2021:0958
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html
This update fixes the following bugs among others:
-
A flaw was found in golang: crypto/elliptic, in which P-224 keys as generated could return incorrect inputs, which reduced the strength of the cryptography. (BZ#1918750)
-
This update adds new capabilities to the Baremetal Operator, allowing for different reboot modes to be utilized. This allows workloads to be relocated as quickly as possible in the event of a node failure. Additionally, it provides a path for clients to quickly power down systems for remediation purposes and to recover workloads. As a result, workload recovery time is significantly reduced. (BZ#1936407)
You may download the oc tool and use it to inspect release image metadata as follows:
(For x86_64 architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.6.20-x86_64
The image digest is sha256:999a6a4bd731075e389ae601b373194c6cb2c7b4dadd1ad06ef607e86476b129
(For s390x architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.6.20-s390x
The image digest is sha256:90be6b7e97d8da9fbb2afc7fe6d7dd4da6265fb847ec440e46bda1a25c224b0c
(For ppc64le architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.6.20-ppc64le
The image digest is sha256:475367e4991d6e8ea3617cf3dfe2dd472db76a89f23484f118932d6bdd6f53e9
Security Fix(es):
- golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor.
- Solution:
For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html.
- Bugs fixed (https://bugzilla.redhat.com/):
1910352 - When creating a worker with a used mac-address stuck on registering 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 1922417 - Issue configuring nodes with VLAN and teaming 1927554 - [sig-devex][Feature:ImageEcosystem][Slow] openshift sample application repositories rails/nodejs/cakephp 1929257 - The KubeletConfigController cannot process multiple confs for a pool/ pool changes 1929371 - 4.7 CNO claims to be done upgrading before it even starts 1929721 - Enable host-based disk encryption on Azure platform 1930106 - Cannot IPI with tang/tpm disk encryption 1930152 - Web console crashes during VM creation from template when no storage classes are defined 1931401 - test: openshift-tests.[sig-cli] oc observe works as expected [Suite:openshift/conformance/parallel] 1931863 - NetworkManager overlay FS not being created on None platform 1931950 - Whereabouts IPv6 addresses not calculated when leading hextets equal 0 1933839 - Panic in OLM packageserver when invoking webhook authorization endpoint 1934645 - [4.7z] Need BFD failover capability on ECMP routes 1935636 - High RAM usage on machine api termination node system oom 1936707 - New CSV using ServiceAccount named "default" stuck in Pending during upgrade 1936803 - Support ServiceBinding 0.5.0+ 1936861 - (release-4.7] Configmap gatherer doesn't include namespace name (in the archive path) in case of a configmap with binary data 1937313 - Topology view - vm details screen isntt stop loading 1937469 - Pod/node/ip/template isn't showing when vm is running 1937695 - ironic image "/" cluttered with files 1937829 - ovn-kube must handle single-stack to dual-stack migration 1937998 - [4.7] wrong community catalog image reference 1938405 - catalog operator causing CPU spikes and bad etcd performance 1939218 - Images built on OCP 4.6 clusters create manifests that result in quay.io (and other registries) rejecting those manifests 1939278 - Backport Avoid node disruption when kube-apiserver-to-kubelet-signer is rotated 1939477 - CI tests using openshift/hello-world broken by Ruby Version Update 1940283 - [VPA] Updater failed to trigger evictions due to "vpa-admission-controller" not found 1941297 - OCP-Metal images
- References:
https://access.redhat.com/security/cve/CVE-2020-27827 https://access.redhat.com/security/cve/CVE-2020-35498 https://access.redhat.com/security/cve/CVE-2021-3114 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYGKzb9zjgjWX9erEAQj7Iw/+PfX6ucF71yzOz1uCYviLerogcA+o1gFQ v5N+fASsbYGvIR1G5NW/SZ/4mW/UadNDHPSafGyp0F2eHt05tXbrEWQevf4HerTT teAJItQyPRML13mzC+5CSi6IfLzuyYAHVQQP6nxv/5z0xrI8SjiQaXIGHWmlweVy mCGVAiRhsJkONh5tz3cIrH9IrDpvgMuJXgfZum2d9fPMOS9VMcjjDh3peDqolu3A RMKIgEb6PSHFSaco/gbWnTvOTAKuEI8bLLWmR9fa9+Svj7fxtWV6FXwzxkrOHDp4 l6pS+Sre9Azhoffq9WxF6IGQf0qlHkA1RkKgrlLvZcRY3xFpjOiN5enoy/6w2j5M d28j7WXTIVDHqXWK26HLLpqNTJd46zfjL54Kh8CzuwrfvGp3hdjx81sbY1gp0RXo KjAUbeAOwMoUKl9FqBOKYG+AiHOUuZcXAxlz1sYdEd3QrA5ApY8rQhRakLLjPrVP 7N8BchpHQ7SLcxHPpvMOjfQrDGhjEG7L3VisZmIqH1MYlqvrwCS+g7SYyamFW4V7 JuHOn3pMNdgSV3F5Xy2sxHYo1fZ9gmU42G+aOw3FCq/nUOOWfURgtXAGWlTWMmJE wO2zi4JHAcvnkT5yDVtIX8JAfxY8ZBZTr/mCKPOomEh6a386AQvf6N9shFKy2lhL xTyfIBuAwy8= =GeCF -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Relevant releases/architectures:
RHEL 7-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64 Red Hat Virtualization 4 Hypervisor for RHEL 7 - noarch
- Description:
The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
Security Fix(es):
- lldp/openvswitch: denial of service via externally triggered memory leak (CVE-2020-27827)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/2974891
- Bugs fixed (https://bugzilla.redhat.com/):
1921438 - CVE-2020-27827 lldp/openvswitch: denial of service via externally triggered memory leak 1924062 - Rebase RHV-H 4.3 EUS on RHEL 7.9.z #4 1932859 - Rebase RHV-H 4.3.14 on FDP 2.11 (21B) 1940841 - Include updated gluster-ansible-features in RHV-H 4.3
- Package List:
Red Hat Virtualization 4 Hypervisor for RHEL 7:
Source: redhat-virtualization-host-4.3.14-20210322.0.el7_9.src.rpm
noarch: redhat-virtualization-host-image-update-4.3.14-20210322.0.el7_9.noarch.rpm
RHEL 7-based RHEV-H for RHEV 4 (build requirements):
Source: redhat-release-virtualization-host-4.3.14-2.el7ev.src.rpm redhat-virtualization-host-4.3.14-20210322.0.el7_9.src.rpm
noarch: redhat-virtualization-host-image-update-4.3.14-20210322.0.el7_9.noarch.rpm redhat-virtualization-host-image-update-placeholder-4.3.14-2.el7ev.noarch.rpm
x86_64: redhat-release-virtualization-host-4.3.14-2.el7ev.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- Description:
Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
The following advisory data is extracted from:
https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9158.json
Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.
Description:
LLDP is an industry standard protocol designed to supplant proprietary Link-Layer protocols such as EDP or CDP. The goal of LLDP is to provide an inter-vendor compatible mechanism to deliver Link-Layer notifications to adjacent network devices
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "lldpd",
"scope": "lt",
"trust": 1.0,
"vendor": "lldpd",
"version": "1.0.8"
},
{
"_id": null,
"model": "openvswitch",
"scope": "gte",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.6.0"
},
{
"_id": null,
"model": "openvswitch",
"scope": "lt",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.10.6"
},
{
"_id": null,
"model": "simatic net cp 1243-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"_id": null,
"model": "simatic net cp 1543sp-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"_id": null,
"model": "openvswitch",
"scope": "gte",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.9.0"
},
{
"_id": null,
"model": "openvswitch",
"scope": "gte",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.11.0"
},
{
"_id": null,
"model": "openvswitch",
"scope": "gte",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.12.0"
},
{
"_id": null,
"model": "simatic net cp 1542sp-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"_id": null,
"model": "simatic net cp 1543-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"_id": null,
"model": "simatic net cp 1545-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"_id": null,
"model": "sinumerik one",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0.1"
},
{
"_id": null,
"model": "openvswitch",
"scope": "lt",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.13.2"
},
{
"_id": null,
"model": "openvswitch",
"scope": "lt",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.6.9"
},
{
"_id": null,
"model": "simatic net cp 1542sp-1 irc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"_id": null,
"model": "openvswitch",
"scope": "lt",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.9.8"
},
{
"_id": null,
"model": "openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "10"
},
{
"_id": null,
"model": "openvswitch",
"scope": "gte",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.14.0"
},
{
"_id": null,
"model": "openvswitch",
"scope": "lt",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.12.2"
},
{
"_id": null,
"model": "openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "13"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "openvswitch",
"scope": "gte",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.10.0"
},
{
"_id": null,
"model": "tim 1531 irc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"_id": null,
"model": "openshift container platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.0"
},
{
"_id": null,
"model": "openvswitch",
"scope": "gte",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.8.0"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"_id": null,
"model": "virtualization",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.0"
},
{
"_id": null,
"model": "openvswitch",
"scope": "lt",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.11.5"
},
{
"_id": null,
"model": "simatic hmi unified comfort panels",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "17"
},
{
"_id": null,
"model": "openvswitch",
"scope": "gte",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.13.0"
},
{
"_id": null,
"model": "simatic net cp 1243-8 irc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"_id": null,
"model": "openvswitch",
"scope": "lt",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.14.1"
},
{
"_id": null,
"model": "openvswitch",
"scope": "gte",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.7.0"
},
{
"_id": null,
"model": "openvswitch",
"scope": "lt",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.7.12"
},
{
"_id": null,
"model": "openvswitch",
"scope": "lt",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.8.10"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-27827"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "162733"
},
{
"db": "PACKETSTORM",
"id": "163180"
},
{
"db": "PACKETSTORM",
"id": "162017"
},
{
"db": "PACKETSTORM",
"id": "161789"
},
{
"db": "PACKETSTORM",
"id": "162043"
},
{
"db": "PACKETSTORM",
"id": "162044"
},
{
"db": "PACKETSTORM",
"id": "161781"
},
{
"db": "PACKETSTORM",
"id": "182596"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1127"
}
],
"trust": 1.4
},
"cve": "CVE-2020-27827",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-27827",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-371938",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-27827",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-27827",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2020-27827",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-1127",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-371938",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-371938"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1127"
},
{
"db": "NVD",
"id": "CVE-2020-27827"
},
{
"db": "NVD",
"id": "CVE-2020-27827"
}
]
},
"description": {
"_id": null,
"data": "A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. Canonical Ubuntu is a set of desktop application-based GNU/Linux operating system developed by British company Canonical. A security vulnerability exists in the Ubuntu lldp software that could be exploited by an attacker to trigger a denial of service attack. The following products and models are affected: Ubuntu 20.10 openvswitch-common, Ubuntu 20.04 LTS openvswitch-common Ubuntu 18.04 LTS openvswitch-common, Ubuntu 16.04 LTS: openvswitch-common. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: OpenShift Container Platform 4.7.4 security update\nAdvisory ID: RHSA-2021:0957-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:0957\nIssue date: 2021-03-30\nCVE Names: CVE-2020-27827 CVE-2020-35498 CVE-2021-3114 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.7.4 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.7.4. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2021:0958\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nThis update fixes the following bugs among others:\n\n* A flaw was found in golang: crypto/elliptic, in which P-224 keys as\ngenerated could return incorrect inputs, which reduced the strength of the\ncryptography. (BZ#1918750)\n\n* This update adds new capabilities to the Baremetal Operator, allowing for\ndifferent reboot modes to be utilized. This allows workloads to be\nrelocated as quickly as possible in the event of a node failure. \nAdditionally, it provides a path for clients to quickly power down systems\nfor remediation purposes and to recover workloads. As a result, workload\nrecovery time is significantly reduced. (BZ#1936407)\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n$ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.6.20-x86_64\n\nThe image digest is\nsha256:999a6a4bd731075e389ae601b373194c6cb2c7b4dadd1ad06ef607e86476b129\n\n(For s390x architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.6.20-s390x\n\nThe image digest is\nsha256:90be6b7e97d8da9fbb2afc7fe6d7dd4da6265fb847ec440e46bda1a25c224b0c\n\n(For ppc64le architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.6.20-ppc64le\n\nThe image digest is\nsha256:475367e4991d6e8ea3617cf3dfe2dd472db76a89f23484f118932d6bdd6f53e9\n\nSecurity Fix(es):\n\n* golang: crypto/elliptic: incorrect operations on the P-224 curve\n(CVE-2021-3114)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor. \n\n3. Solution:\n\nFor OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -cli.html. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1910352 - When creating a worker with a used mac-address stuck on registering\n1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve\n1922417 - Issue configuring nodes with VLAN and teaming\n1927554 - [sig-devex][Feature:ImageEcosystem][Slow] openshift sample application repositories rails/nodejs/cakephp\n1929257 - The KubeletConfigController cannot process multiple confs for a pool/ pool changes\n1929371 - 4.7 CNO claims to be done upgrading before it even starts\n1929721 - Enable host-based disk encryption on Azure platform\n1930106 - Cannot IPI with tang/tpm disk encryption\n1930152 - Web console crashes during VM creation from template when no storage classes are defined\n1931401 - test: openshift-tests.[sig-cli] oc observe works as expected [Suite:openshift/conformance/parallel]\n1931863 - NetworkManager overlay FS not being created on None platform\n1931950 - Whereabouts IPv6 addresses not calculated when leading hextets equal 0\n1933839 - Panic in OLM packageserver when invoking webhook authorization endpoint\n1934645 - [4.7z] Need BFD failover capability on ECMP routes\n1935636 - High RAM usage on machine api termination node system oom\n1936707 - New CSV using ServiceAccount named \"default\" stuck in Pending during upgrade\n1936803 - Support ServiceBinding 0.5.0+\n1936861 - (release-4.7] Configmap gatherer doesn\u0027t include namespace name (in the archive path) in case of a configmap with binary data\n1937313 - Topology view - vm details screen isntt stop loading\n1937469 - Pod/node/ip/template isn\u0027t showing when vm is running\n1937695 - ironic image \"/\" cluttered with files\n1937829 - ovn-kube must handle single-stack to dual-stack migration\n1937998 - [4.7] wrong community catalog image reference\n1938405 - catalog operator causing CPU spikes and bad etcd performance\n1939218 - Images built on OCP 4.6 clusters create manifests that result in quay.io (and other registries) rejecting those manifests\n1939278 - Backport Avoid node disruption when kube-apiserver-to-kubelet-signer is rotated\n1939477 - CI tests using openshift/hello-world broken by Ruby Version Update\n1940283 - [VPA] Updater failed to trigger evictions due to \"vpa-admission-controller\" not found\n1941297 - OCP-Metal images\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-27827\nhttps://access.redhat.com/security/cve/CVE-2020-35498\nhttps://access.redhat.com/security/cve/CVE-2021-3114\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYGKzb9zjgjWX9erEAQj7Iw/+PfX6ucF71yzOz1uCYviLerogcA+o1gFQ\nv5N+fASsbYGvIR1G5NW/SZ/4mW/UadNDHPSafGyp0F2eHt05tXbrEWQevf4HerTT\nteAJItQyPRML13mzC+5CSi6IfLzuyYAHVQQP6nxv/5z0xrI8SjiQaXIGHWmlweVy\nmCGVAiRhsJkONh5tz3cIrH9IrDpvgMuJXgfZum2d9fPMOS9VMcjjDh3peDqolu3A\nRMKIgEb6PSHFSaco/gbWnTvOTAKuEI8bLLWmR9fa9+Svj7fxtWV6FXwzxkrOHDp4\nl6pS+Sre9Azhoffq9WxF6IGQf0qlHkA1RkKgrlLvZcRY3xFpjOiN5enoy/6w2j5M\nd28j7WXTIVDHqXWK26HLLpqNTJd46zfjL54Kh8CzuwrfvGp3hdjx81sbY1gp0RXo\nKjAUbeAOwMoUKl9FqBOKYG+AiHOUuZcXAxlz1sYdEd3QrA5ApY8rQhRakLLjPrVP\n7N8BchpHQ7SLcxHPpvMOjfQrDGhjEG7L3VisZmIqH1MYlqvrwCS+g7SYyamFW4V7\nJuHOn3pMNdgSV3F5Xy2sxHYo1fZ9gmU42G+aOw3FCq/nUOOWfURgtXAGWlTWMmJE\nwO2zi4JHAcvnkT5yDVtIX8JAfxY8ZBZTr/mCKPOomEh6a386AQvf6N9shFKy2lhL\nxTyfIBuAwy8=\n=GeCF\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Relevant releases/architectures:\n\nRHEL 7-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64\nRed Hat Virtualization 4 Hypervisor for RHEL 7 - noarch\n\n3. Description:\n\nThe redhat-virtualization-host packages provide the Red Hat Virtualization\nHost. \nThese packages include redhat-release-virtualization-host. Red Hat\nVirtualization Hosts (RHVH) are installed using a special build of Red Hat\nEnterprise Linux with only the packages required to host virtual machines. \nRHVH\nfeatures a Cockpit user interface for monitoring the host\u0027s resources and\nperforming administrative tasks. \n\nSecurity Fix(es):\n\n* lldp/openvswitch: denial of service via externally triggered memory leak\n(CVE-2020-27827)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2974891\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1921438 - CVE-2020-27827 lldp/openvswitch: denial of service via externally triggered memory leak\n1924062 - Rebase RHV-H 4.3 EUS on RHEL 7.9.z #4\n1932859 - Rebase RHV-H 4.3.14 on FDP 2.11 (21B)\n1940841 - Include updated gluster-ansible-features in RHV-H 4.3\n\n6. Package List:\n\nRed Hat Virtualization 4 Hypervisor for RHEL 7:\n\nSource:\nredhat-virtualization-host-4.3.14-20210322.0.el7_9.src.rpm\n\nnoarch:\nredhat-virtualization-host-image-update-4.3.14-20210322.0.el7_9.noarch.rpm\n\nRHEL 7-based RHEV-H for RHEV 4 (build requirements):\n\nSource:\nredhat-release-virtualization-host-4.3.14-2.el7ev.src.rpm\nredhat-virtualization-host-4.3.14-20210322.0.el7_9.src.rpm\n\nnoarch:\nredhat-virtualization-host-image-update-4.3.14-20210322.0.el7_9.noarch.rpm\nredhat-virtualization-host-image-update-placeholder-4.3.14-2.el7ev.noarch.rpm\n\nx86_64:\nredhat-release-virtualization-host-4.3.14-2.el7ev.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Description:\n\nOpen vSwitch provides standard network bridging functions and support for\nthe OpenFlow protocol for remote per-flow control of traffic. \n\nThe following advisory data is extracted from:\n\nhttps://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9158.json\n\nRed Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat\u0027s archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. \n\n\n\n\nDescription:\n\nLLDP is an industry standard protocol designed to supplant proprietary Link-Layer protocols such as EDP or CDP. The goal of LLDP is to provide an inter-vendor compatible mechanism to deliver Link-Layer notifications to adjacent network devices",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-27827"
},
{
"db": "VULHUB",
"id": "VHN-371938"
},
{
"db": "PACKETSTORM",
"id": "162733"
},
{
"db": "PACKETSTORM",
"id": "163180"
},
{
"db": "PACKETSTORM",
"id": "162017"
},
{
"db": "PACKETSTORM",
"id": "161789"
},
{
"db": "PACKETSTORM",
"id": "162043"
},
{
"db": "PACKETSTORM",
"id": "162044"
},
{
"db": "PACKETSTORM",
"id": "161781"
},
{
"db": "PACKETSTORM",
"id": "182596"
}
],
"trust": 1.71
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-27827",
"trust": 2.5
},
{
"db": "SIEMENS",
"id": "SSA-941426",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-21-194-07",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "162733",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "161781",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "163180",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162017",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162043",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "161391",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "161951",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1127",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.0274",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0907",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.2134",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0999",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0520",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2155",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0169",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1109",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0639",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1086",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2402",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0358",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1780",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052513",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021062138",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "162044",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161789",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161785",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-371938",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "182596",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-371938"
},
{
"db": "PACKETSTORM",
"id": "162733"
},
{
"db": "PACKETSTORM",
"id": "163180"
},
{
"db": "PACKETSTORM",
"id": "162017"
},
{
"db": "PACKETSTORM",
"id": "161789"
},
{
"db": "PACKETSTORM",
"id": "162043"
},
{
"db": "PACKETSTORM",
"id": "162044"
},
{
"db": "PACKETSTORM",
"id": "161781"
},
{
"db": "PACKETSTORM",
"id": "182596"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1127"
},
{
"db": "NVD",
"id": "CVE-2020-27827"
}
]
},
"id": "VAR-202103-0218",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-371938"
}
],
"trust": 0.7875
},
"last_update_date": "2026-04-10T22:01:06.779000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Canonical Ubuntu lldp Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=139475"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-1127"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-371938"
},
{
"db": "NVD",
"id": "CVE-2020-27827"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921438"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf"
},
{
"trust": 1.7,
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2021-january/379471.html"
},
{
"trust": 1.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27827"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/skqwhg2szjzsgc7pxvdaejybn7esdr7d/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3t5xhpogipwcrrpjue6p3hvc5ptsd5js/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jya4amjxcnf6upfg36l2tppt32c242sp/"
},
{
"trust": 1.0,
"url": "https://security.gentoo.org/glsa/202311-16"
},
{
"trust": 0.7,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-27827"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-35498"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35498"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3t5xhpogipwcrrpjue6p3hvc5ptsd5js/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/skqwhg2szjzsgc7pxvdaejybn7esdr7d/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jya4amjxcnf6upfg36l2tppt32c242sp/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162733/red-hat-security-advisory-2021-2077-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0639"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161391/red-hat-security-advisory-2021-0497-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0907"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052513"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0169/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0358/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2402"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162017/red-hat-security-advisory-2021-0957-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161781/red-hat-security-advisory-2021-0834-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0999"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1109"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.2134"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2155"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1780"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0274/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161951/red-hat-security-advisory-2021-0976-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1086"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/lldp-memory-leak-34341"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0520"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021062138"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162043/red-hat-security-advisory-2021-1051-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163180/red-hat-security-advisory-2021-2456-01.html"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/2974891"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8011"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-8011"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2077"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2456"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0958"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0957"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3114"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3114"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0835"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1051"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1050"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0834"
},
{
"trust": 0.1,
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9158.json"
},
{
"trust": 0.1,
"url": "https://issues.redhat.com/browse/rhel-25990"
},
{
"trust": 0.1,
"url": "https://issues.redhat.com/browse/rhel-5787"
},
{
"trust": 0.1,
"url": "https://issues.redhat.com/browse/rhel-22127"
},
{
"trust": 0.1,
"url": "https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.5_release_notes/index"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237411"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040388"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2024:9158"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-371938"
},
{
"db": "PACKETSTORM",
"id": "162733"
},
{
"db": "PACKETSTORM",
"id": "163180"
},
{
"db": "PACKETSTORM",
"id": "162017"
},
{
"db": "PACKETSTORM",
"id": "161789"
},
{
"db": "PACKETSTORM",
"id": "162043"
},
{
"db": "PACKETSTORM",
"id": "162044"
},
{
"db": "PACKETSTORM",
"id": "161781"
},
{
"db": "PACKETSTORM",
"id": "182596"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1127"
},
{
"db": "NVD",
"id": "CVE-2020-27827"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-371938",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "162733",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "163180",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "162017",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "161789",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "162043",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "162044",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "161781",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "182596",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1127",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-27827",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-03-18T00:00:00",
"db": "VULHUB",
"id": "VHN-371938",
"ident": null
},
{
"date": "2021-05-20T22:17:24",
"db": "PACKETSTORM",
"id": "162733",
"ident": null
},
{
"date": "2021-06-17T17:37:26",
"db": "PACKETSTORM",
"id": "163180",
"ident": null
},
{
"date": "2021-03-30T14:19:26",
"db": "PACKETSTORM",
"id": "162017",
"ident": null
},
{
"date": "2021-03-15T20:30:52",
"db": "PACKETSTORM",
"id": "161789",
"ident": null
},
{
"date": "2021-03-31T14:36:16",
"db": "PACKETSTORM",
"id": "162043",
"ident": null
},
{
"date": "2021-03-31T14:36:24",
"db": "PACKETSTORM",
"id": "162044",
"ident": null
},
{
"date": "2021-03-15T17:26:06",
"db": "PACKETSTORM",
"id": "161781",
"ident": null
},
{
"date": "2024-11-13T15:37:22",
"db": "PACKETSTORM",
"id": "182596",
"ident": null
},
{
"date": "2021-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-1127",
"ident": null
},
{
"date": "2021-03-18T17:15:13.510000",
"db": "NVD",
"id": "CVE-2020-27827",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-10-07T00:00:00",
"db": "VULHUB",
"id": "VHN-371938",
"ident": null
},
{
"date": "2023-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-1127",
"ident": null
},
{
"date": "2025-12-03T19:15:51.763000",
"db": "NVD",
"id": "CVE-2020-27827",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "162733"
},
{
"db": "PACKETSTORM",
"id": "163180"
},
{
"db": "PACKETSTORM",
"id": "161789"
},
{
"db": "PACKETSTORM",
"id": "162044"
},
{
"db": "PACKETSTORM",
"id": "161781"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1127"
}
],
"trust": 1.1
},
"title": {
"_id": null,
"data": "lldpd Resource Management Error Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-1127"
}
],
"trust": 0.6
},
"type": {
"_id": null,
"data": "memory leak",
"sources": [
{
"db": "PACKETSTORM",
"id": "163180"
},
{
"db": "PACKETSTORM",
"id": "161789"
},
{
"db": "PACKETSTORM",
"id": "162043"
},
{
"db": "PACKETSTORM",
"id": "162044"
},
{
"db": "PACKETSTORM",
"id": "161781"
},
{
"db": "PACKETSTORM",
"id": "182596"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.