View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2017-9214 severity important: SUSE including 15 source package names (libopenvswitch-2_11-0, libopenvswitch-2_8-0, …), 46 product×package rows across 22 product lines (HPE Helion OpenStack 8, SUSE Linux Enterprise High Performance Computing 15-LTSS, … (22 product lines)): Known Not Affected 32, Fixed 14.
In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.