Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-hrp6-mkfa-t7gz
Vulnerability ID VCID-hrp6-mkfa-t7gz
Aliases CVE-2020-35498
Summary openvswitch: limitation in the OVS packet parsing in userspace leads to DoS
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-400 Uncontrolled Resource Consumption
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35498.json
epss 0.05687 https://api.first.org/data/v1/epss?cve=CVE-2020-35498
cvssv3.1 7.5 https://bugzilla.redhat.com/show_bug.cgi?id=1908845
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=1908845
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 7.5 https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html
ssvc Track https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJ4DXFJWMZ325ECZXPZOSK7BOEDJZHPR/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJ4DXFJWMZ325ECZXPZOSK7BOEDJZHPR/
archlinux Medium https://security.archlinux.org/AVG-1564
cvssv3.1 7.5 https://security.gentoo.org/glsa/202311-16
ssvc Track https://security.gentoo.org/glsa/202311-16
cvssv3.1 7.5 https://www.debian.org/security/2021/dsa-4852
ssvc Track https://www.debian.org/security/2021/dsa-4852
cvssv3.1 7.5 https://www.openwall.com/lists/oss-security/2021/02/10/4
ssvc Track https://www.openwall.com/lists/oss-security/2021/02/10/4
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35498.json
https://api.first.org/data/v1/epss?cve=CVE-2020-35498
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35498
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1908845 https://bugzilla.redhat.com/show_bug.cgi?id=1908845
4 https://www.openwall.com/lists/oss-security/2021/02/10/4
982493 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982493
AVG-1564 https://security.archlinux.org/AVG-1564
dsa-4852 https://www.debian.org/security/2021/dsa-4852
GLSA-202311-16 https://security.gentoo.org/glsa/202311-16
msg00032.html https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html
RHSA-2021:0497 https://access.redhat.com/errata/RHSA-2021:0497
RHSA-2021:0834 https://access.redhat.com/errata/RHSA-2021:0834
RHSA-2021:0835 https://access.redhat.com/errata/RHSA-2021:0835
RHSA-2021:0837 https://access.redhat.com/errata/RHSA-2021:0837
RHSA-2021:1050 https://access.redhat.com/errata/RHSA-2021:1050
RHSA-2021:2077 https://access.redhat.com/errata/RHSA-2021:2077
RHSA-2021:2456 https://access.redhat.com/errata/RHSA-2021:2456
UJ4DXFJWMZ325ECZXPZOSK7BOEDJZHPR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJ4DXFJWMZ325ECZXPZOSK7BOEDJZHPR/
USN-4729-1 https://usn.ubuntu.com/4729-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35498.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=1908845
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:22Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=1908845
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:22Z/ Found at https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJ4DXFJWMZ325ECZXPZOSK7BOEDJZHPR/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:22Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJ4DXFJWMZ325ECZXPZOSK7BOEDJZHPR/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.gentoo.org/glsa/202311-16
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:22Z/ Found at https://security.gentoo.org/glsa/202311-16
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.debian.org/security/2021/dsa-4852
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:22Z/ Found at https://www.debian.org/security/2021/dsa-4852
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.openwall.com/lists/oss-security/2021/02/10/4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:22Z/ Found at https://www.openwall.com/lists/oss-security/2021/02/10/4
Exploit Prediction Scoring System (EPSS)
Percentile 0.90535
EPSS Score 0.05687
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T09:17:46.247452+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35498.json 38.6.0