View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2017-14970 severity moderate: SUSE including 13 source package names (libopenvswitch-2_11-0, libopenvswitch-2_8-0, …), 36 product×package rows across 15 product lines (SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Server 12 SP2, … (15 product lines)): Known Not Affected 20, Fixed 16.
In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table."