{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2020-27827", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2025-12-03T18:20:03.875Z", "dateReserved": "2020-10-27T00:00:00.000Z", "datePublished": "2021-03-18T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-11-26T11:06:15.202Z"}, "descriptions": [{"lang": "en", "value": "A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability."}], "affected": [{"vendor": "n/a", "product": "lldp/openvswitch", "versions": [{"version": "lldpd 1.0.8, openvswitch 2.14.1, openvswitch 2.13.2, openvswitch 2.12.2, openvswitch 2.11.5, openvswitch 2.10.6, openvswitch 2.9.8, openvswitch 2.8.10, openvswitch 2.7.12, openvswitch 2.6.9", "status": "affected"}]}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921438"}, {"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf"}, {"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07"}, {"name": "FEDORA-2023-88991d2713", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP/"}, {"name": "FEDORA-2023-c0c184a019", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS/"}, {"name": "FEDORA-2023-3e4feeadec", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D/"}, {"name": "GLSA-202311-16", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202311-16"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-400", "cweId": "CWE-400"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:25:43.547Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921438", "tags": ["x_transferred"]}, {"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html", "tags": ["x_transferred"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf", "tags": ["x_transferred"]}, {"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07", "tags": ["x_transferred"]}, {"name": "FEDORA-2023-88991d2713", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP/"}, {"name": "FEDORA-2023-c0c184a019", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS/"}, {"name": "FEDORA-2023-3e4feeadec", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D/"}, {"name": "GLSA-202311-16", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202311-16"}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-06-04T13:38:48.935265Z", "id": "CVE-2020-27827", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-03T18:20:03.875Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921438", "tags": ["x_transferred"]}, {"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html", "tags": ["x_transferred"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf", "tags": ["x_transferred"]}, {"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP/", "name": "FEDORA-2023-88991d2713", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS/", "name": "FEDORA-2023-c0c184a019", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D/", "name": "FEDORA-2023-3e4feeadec", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202311-16", "name": "GLSA-202311-16", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:25:43.547Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2020-27827", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-04T13:38:48.935265Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-04T13:38:59.599Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "lldp/openvswitch", "versions": [{"status": "affected", "version": "lldpd 1.0.8, openvswitch 2.14.1, openvswitch 2.13.2, openvswitch 2.12.2, openvswitch 2.11.5, openvswitch 2.10.6, openvswitch 2.9.8, openvswitch 2.8.10, openvswitch 2.7.12, openvswitch 2.6.9"}]}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921438"}, {"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf"}, {"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP/", "name": "FEDORA-2023-88991d2713", "tags": ["vendor-advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS/", "name": "FEDORA-2023-c0c184a019", "tags": ["vendor-advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D/", "name": "FEDORA-2023-3e4feeadec", "tags": ["vendor-advisory"]}, {"url": "https://security.gentoo.org/glsa/202311-16", "name": "GLSA-202311-16", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-11-26T11:06:15.202Z"}}}, "cveMetadata": {"cveId": "CVE-2020-27827", "state": "PUBLISHED", "dateUpdated": "2025-12-03T18:20:03.875Z", "dateReserved": "2020-10-27T00:00:00.000Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2021-03-18T00:00:00.000Z", "assignerShortName": "redhat"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lldpd_project:lldpd:*:*:*:*:*:*:*:*", "matchCriteriaId": "60E35B97-6AAD-4F2D-88E7-D1B235D36E63", "versionEndExcluding": "1.0.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7946D64-A914-4DC4-8AFA-E5A4C9415B87", "versionEndExcluding": "2.6.9", "versionStartIncluding": "2.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCBC3BDE-1CFE-4275-8F33-BC7D0ECD88BA", "versionEndExcluding": "2.7.12", "versionStartIncluding": "2.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*", "matchCriteriaId": "F553884B-6DC9-4DBD-ADD6-B24B8A9FDFBA", "versionEndExcluding": "2.8.10", "versionStartIncluding": "2.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A42E11A-8575-40B1-8343-840783E17FD0", "versionEndExcluding": "2.9.8", "versionStartIncluding": "2.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*", "matchCriteriaId": "92DE8269-BD35-46B7-B4D0-5C0B5C3B2BE5", "versionEndExcluding": "2.10.6", "versionStartIncluding": "2.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AA97E08-3F7E-46CE-B03D-FD06307137A8", "versionEndExcluding": "2.11.5", "versionStartIncluding": "2.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*", "matchCriteriaId": "F74931FC-4B61-4EAD-90CD-D095A9BC76B6", "versionEndExcluding": "2.12.2", "versionStartIncluding": "2.12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AACFC3E-4242-4E9E-9AC2-B2E1C700DF0C", "versionEndExcluding": "2.13.2", "versionStartIncluding": "2.13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*", "matchCriteriaId": "E22360F8-FD09-4CED-8E62-46916AB17A12", "versionEndExcluding": "2.14.1", "versionStartIncluding": "2.14.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*", "matchCriteriaId": "E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", "matchCriteriaId": "704CFA1A-953E-4105-BFBE-406034B83DED", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_hmi_unified_comfort_panels_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CAB60054-8FD0-45A4-B7DC-FFF061764B80", "versionEndExcluding": "17", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_hmi_unified_comfort_panels:-:*:*:*:*:*:*:*", "matchCriteriaId": "2921C017-7617-4789-9690-C81EAC4F469D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_net_cp_1243-1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "238D992C-6158-4E31-AE0A-7A9C54B51963", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_net_cp_1243-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "65278BA0-3C81-4D81-9801-D7BE3A1D7680", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_net_cp_1243-8_irc_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "2009C1FA-96D5-413C-9161-0DB55F841088", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_net_cp_1243-8_irc:-:*:*:*:*:*:*:*", "matchCriteriaId": "350FD323-C876-4C7A-A2E7-4B0660C87F6C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_net_cp_1542sp-1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F56E0C04-AEC3-45C8-93E7-FCA3B7F370F6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_net_cp_1542sp-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "0602DEEA-AE39-4A44-9D78-6623943DDCD6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_net_cp_1542sp-1_irc_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1F7747CD-757E-4B36-8F23-7588183948A7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_net_cp_1542sp-1_irc:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1EE2F10-A7A6-486F-AE5C-53AE25BAF200", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_net_cp_1543-1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "BB5A494F-2EAB-4647-9A45-5CB0C382E099", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_net_cp_1543-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "F56C2BDC-928E-491A-8E7C-F976B3787C7A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_net_cp_1543sp-1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "98C894B9-C62A-4689-9DA4-D9A3795B8CE5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_net_cp_1543sp-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "783B50B8-2FB7-4982-88AA-B4F2AD094796", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_net_cp_1545-1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7A46FF27-6B0D-4606-9D7B-45912556416F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_net_cp_1545-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "1256EB4B-DD8A-4F99-AE69-F74E8F789C63", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:tim_1531_irc_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5B1898E-CB50-429B-9609-DC27C33C5C37", "versionEndExcluding": "2.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:tim_1531_irc:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1D94BEB-BBFB-4258-9835-87DBBB999239", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:sinumerik_one_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "296D097F-C7D2-4D12-8621-E0D1CAE64FA1", "versionEndExcluding": "2.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:sinumerik_one:-:*:*:*:*:*:*:*", "matchCriteriaId": "AE30FFDF-5494-400D-8F88-954A6B1503B9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en m\u00faltiples versiones de OpenvSwitch. Los paquetes LLDP especialmente dise\u00f1ados pueden causar que una memoria se pierda cuando se asignan datos para manejar TLV opcionales espec\u00edficos, potencialmente causando una denegaci\u00f3n de servicio. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema"}], "id": "CVE-2020-27827", "lastModified": "2025-12-03T19:15:51.763", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2021-03-18T17:15:13.510", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Mitigation", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921438"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D/"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Mitigation", "Vendor Advisory"], "url": "https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/202311-16"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mitigation", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921438"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Mitigation", "Vendor Advisory"], "url": "https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202311-16"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2021:0834", "cpe": "cpe:/o:redhat:enterprise_linux:7::fastdatapath", "package": "openvswitch2.11-0:2.11.3-86.el7fdp", "product_name": "Fast Datapath for Red Hat Enterprise Linux 7", "release_date": "2021-03-15T00:00:00Z"}, {"advisory": "RHSA-2021:0835", "cpe": "cpe:/o:redhat:enterprise_linux:7::fastdatapath", "package": "openvswitch2.13-0:2.13.0-81.el7fdp", "product_name": "Fast Datapath for Red Hat Enterprise Linux 7", "release_date": "2021-03-15T00:00:00Z"}, {"advisory": "RHSA-2021:2077", "cpe": "cpe:/o:redhat:enterprise_linux:7::fastdatapath", "package": "openvswitch-0:2.9.9-1.el7fdp", "product_name": "Fast Datapath for Red Hat Enterprise Linux 7", "release_date": "2021-05-20T00:00:00Z"}, {"advisory": "RHSA-2021:0497", "cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "package": "openvswitch2.13-0:2.13.0-79.5.el8fdp", "product_name": "Fast Datapath for Red Hat Enterprise Linux 8", "release_date": "2021-02-11T00:00:00Z"}, {"advisory": "RHSA-2021:0837", "cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "package": "openvswitch2.11-0:2.11.3-83.el8fdp", "product_name": "Fast Datapath for Red Hat Enterprise Linux 8", "release_date": "2021-03-15T00:00:00Z"}, {"advisory": "RHSA-2024:9158", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "lldpd-0:1.0.18-4.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2021:2456", "cpe": "cpe:/a:redhat:openstack:13::el7", "package": "openvswitch2.11-0:2.11.3-86.el7fdp", "product_name": "Red Hat OpenStack Platform 13.0 (Queens)", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2077", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "openvswitch-0:2.9.9-1.el7fdp", "product_name": "Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2021-05-20T00:00:00Z"}, {"advisory": "RHSA-2021:1050", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "openvswitch2.11-0:2.11.3-86.el7fdp", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2021-03-31T00:00:00Z"}, {"advisory": "RHSA-2021:1050", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "ovn2.11-0:2.11.1-57.el7fdp", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2021-03-31T00:00:00Z"}, {"advisory": "RHSA-2021:1051", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "redhat-virtualization-host-0:4.3.14-20210322.0.el7_9", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2021-03-31T00:00:00Z"}, {"advisory": "RHSA-2021:0976", "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package": "redhat-virtualization-host-0:4.4.4-20210307.0.el8_3", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date": "2021-03-23T00:00:00Z"}], "bugzilla": {"description": "lldp/openvswitch: denial of service via externally triggered memory leak", "id": "1921438", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921438"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-400", "details": ["A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.", "A flaw was found in multiple versions of Open vSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability."], "name": "CVE-2020-27827", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7::fastdatapath", "fix_state": "Out of support scope", "package_name": "openvswitch2.10", "product_name": "Fast Datapath for RHEL 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7::fastdatapath", "fix_state": "Out of support scope", "package_name": "openvswitch2.12", "product_name": "Fast Datapath for RHEL 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "fix_state": "Out of support scope", "package_name": "openvswitch2.12", "product_name": "Fast Datapath for RHEL 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "lldpd", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openvswitch2.13", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Out of support scope", "package_name": "openvswitch", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Will not fix", "package_name": "openvswitch", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}], "public_date": "2021-01-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-27827\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-27827\nhttps://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html"], "statement": "Red Hat OpenStack Platform 13's openvswitch package will receive it's fixes from Fast Datapath.", "threat_severity": "Moderate"}

{}