{"id":"CVE-2020-35498","details":"A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.","modified":"2026-03-20T11:37:09.517796Z","published":"2021-02-11T18:15:15.677Z","related":["SUSE-SU-2021:0436-1","SUSE-SU-2021:0439-1","SUSE-SU-2021:0440-1","SUSE-SU-2021:0446-1","SUSE-SU-2021:0451-1","SUSE-SU-2021:0479-1","SUSE-SU-2022:3384-1","openSUSE-SU-2021:0283-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJ4DXFJWMZ325ECZXPZOSK7BOEDJZHPR/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202311-16"},{"type":"ADVISORY","url":"https://www.debian.org/security/2021/dsa-4852"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html"},{"type":"FIX","url":"https://www.openwall.com/lists/oss-security/2021/02/10/4"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1908845"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openvswitch/ovs","events":[{"introduced":"22d4614ddf83988a3771fb379ea029e663b4455a"},{"fixed":"3fbe4e9e8ba20ab1c7e2fe3804cb4e1f64c63e2c"},{"introduced":"7a0f907b2393626dac1387617355990eab69aef7"},{"fixed":"8717cd3d9b2347da025aad32d306f6f8d52d777f"},{"introduced":"c298ef781c2d35d939fe163cbc2f41ea7b1cb8d1"},{"fixed":"db92fd7e5b4a469a63d7f9a411c094409d0c0895"},{"introduced":"4fbe77d8deebd8e98953cd2c74051bb23a19af72"},{"fixed":"cadf7794dd3f4442597c5095491f55d6ea3baed5"},{"introduced":"bd916d13dbb845746983a6780da772154df647ba"},{"fixed":"58b2a17bafb6a3048371627a0bb19172782b0aa0"},{"introduced":"5563e309b80bbea9bff538e71ecfd7e5e538bab9"},{"fixed":"11b4c6e17f894dac4fd98facf4be01cdfb531bfb"},{"introduced":"997f2b583f49d1a52b41958b88acf4f23a49eba6"},{"fixed":"5d07b5da2e7c8aa5c32b8c1279966e5e065c50e8"},{"introduced":"6beb94976e2b3e0c51430b63214de14186d8db39"},{"fixed":"db922b3e0995c5d01437fff617921495bbb41fbb"},{"introduced":"71d553b995d0bd527d3ab1e9fbaf5a2ae34de2f3"},{"fixed":"f25820bf556c6881a83207166508463d75c7f134"},{"introduced":"29c7b4518fb5834e3f432f1c8864df8e95e1506c"},{"fixed":"c35b8c02e564df00fdbc68472820b4a85f96c758"}],"database_specific":{"versions":[{"introduced":"2.5.0"},{"fixed":"2.5.12"},{"introduced":"2.6.0"},{"fixed":"2.6.10"},{"introduced":"2.7.0"},{"fixed":"2.7.13"},{"introduced":"2.8.0"},{"fixed":"2.8.11"},{"introduced":"2.9.0"},{"fixed":"2.9.9"},{"introduced":"2.10.0"},{"fixed":"2.10.7"},{"introduced":"2.11.0"},{"fixed":"2.11.6"},{"introduced":"2.12.0"},{"fixed":"2.12.3"},{"introduced":"2.13.0"},{"fixed":"2.13.3"},{"introduced":"2.14.0"},{"fixed":"2.14.2"}]}}],"versions":["v2.10.0","v2.10.1","v2.10.2","v2.10.3","v2.10.4","v2.10.5","v2.10.6","v2.11.0","v2.11.1","v2.11.2","v2.11.3","v2.11.4","v2.11.5","v2.12.0","v2.12.1","v2.12.2","v2.13.0","v2.13.1","v2.13.2","v2.14.0","v2.14.1","v2.5.0","v2.5.1","v2.5.10","v2.5.11","v2.5.2","v2.5.3","v2.5.4","v2.5.5","v2.5.6","v2.5.7","v2.5.8","v2.5.9","v2.6.0","v2.6.1","v2.6.2","v2.6.3","v2.6.4","v2.6.5","v2.6.6","v2.6.7","v2.6.8","v2.6.9","v2.7.0","v2.7.1","v2.7.10","v2.7.11","v2.7.12","v2.7.2","v2.7.3","v2.7.4","v2.7.5","v2.7.6","v2.7.7","v2.7.8","v2.7.9","v2.8.0","v2.8.1","v2.8.10","v2.8.2","v2.8.3","v2.8.4","v2.8.5","v2.8.6","v2.8.7","v2.8.8","v2.8.9","v2.9.0","v2.9.1","v2.9.2","v2.9.3","v2.9.4","v2.9.5","v2.9.6","v2.9.7","v2.9.8"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-35498.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"33"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}