Multiple versions of Open vSwitch are vulnerable to remote buffer
overflow attacks, in which crafted MPLS packets could overflow the
buffer reserved for MPLS labels in an OVS internal data structure.
The MPLS packets that trigger the vulnerability and the potential for
exploitation vary depending on version:
Open vSwitch 2.1.x and earlier are not vulnerable.
In Open vSwitch 2.2.x and 2.3.x, the MPLS buffer overflow can be
exploited for arbitrary remote code execution.
In Open vSwitch 2.4.x, the MPLS buffer overflow does not obviously lead
to a remote code execution exploit, but testing shows that it can allow a
remote denial of service. See the mitigation section for details.
Open vSwitch 2.5.x is not vulnerable.