{
  "threat_severity" : "Moderate",
  "public_date" : "2026-03-31T00:00:00Z",
  "bugzilla" : {
    "description" : "openvswitch: Open vSwitch: Denial of Service via malformed FTP EPASV command",
    "id" : "2453459",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2453459"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.9",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-120",
  "details" : [ "A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with an EPASV command exceeding 255 characters. This heap access error can lead to a crash, resulting in a Denial of Service (DoS) for the affected system.", "A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with an EPASV command exceeding 255 characters. This heap access error can lead to a crash, resulting in a Denial of Service (DoS) for the affected system." ],
  "statement" : "This vulnerability in Open vSwitch, leading to a heap access error and potential denial of service, is not exploitable in default Red Hat configurations. Exploitation requires Open vSwitch to be specifically configured with FTP helpers over the userspace datapath, which is not enabled by default.",
  "acknowledgement" : "Red Hat would like to thank Seiji Sakurai for reporting this issue.",
  "package_state" : [ {
    "product_name" : "Fast Datapath for RHEL 7",
    "fix_state" : "Fix deferred",
    "package_name" : "openvswitch",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 7",
    "fix_state" : "Fix deferred",
    "package_name" : "openvswitch2.10",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 7",
    "fix_state" : "Fix deferred",
    "package_name" : "openvswitch2.11",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 7",
    "fix_state" : "Fix deferred",
    "package_name" : "openvswitch2.12",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 7",
    "fix_state" : "Fix deferred",
    "package_name" : "openvswitch2.13",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 7",
    "fix_state" : "Fix deferred",
    "package_name" : "openvswitch-selinux-extra-policy",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 7",
    "fix_state" : "Fix deferred",
    "package_name" : "ovn2.11",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 7",
    "fix_state" : "Fix deferred",
    "package_name" : "ovn2.12",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 8",
    "fix_state" : "Fix deferred",
    "package_name" : "openvswitch2.11",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 8",
    "fix_state" : "Fix deferred",
    "package_name" : "openvswitch2.12",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 8",
    "fix_state" : "Fix deferred",
    "package_name" : "openvswitch2.13",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 8",
    "fix_state" : "Fix deferred",
    "package_name" : "openvswitch2.15",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 8",
    "fix_state" : "Fix deferred",
    "package_name" : "openvswitch2.16",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 8",
    "fix_state" : "Fix deferred",
    "package_name" : "openvswitch2.17",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 8",
    "fix_state" : "Fix deferred",
    "package_name" : "openvswitch3.1",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 8",
    "fix_state" : "Fix deferred",
    "package_name" : "openvswitch-selinux-extra-policy",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 8",
    "fix_state" : "Fix deferred",
    "package_name" : "ovn2.11",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 8",
    "fix_state" : "Fix deferred",
    "package_name" : "ovn2.12",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 9",
    "fix_state" : "Fix deferred",
    "package_name" : "openvswitch2.17",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 9",
    "fix_state" : "Fix deferred",
    "package_name" : "openvswitch3.0",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 9",
    "fix_state" : "Fix deferred",
    "package_name" : "openvswitch3.1",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 9",
    "fix_state" : "Fix deferred",
    "package_name" : "openvswitch3.2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 9",
    "fix_state" : "Fix deferred",
    "package_name" : "openvswitch3.3",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 9",
    "fix_state" : "Fix deferred",
    "package_name" : "openvswitch3.4",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 9",
    "fix_state" : "Fix deferred",
    "package_name" : "openvswitch3.5",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 9",
    "fix_state" : "Fix deferred",
    "package_name" : "openvswitch3.6",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 9",
    "fix_state" : "Fix deferred",
    "package_name" : "openvswitch-selinux-extra-policy",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "openvswitch",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Fix deferred",
    "package_name" : "openvswitch2.17",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Fix deferred",
    "package_name" : "openvswitch3.0",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Fix deferred",
    "package_name" : "openvswitch3.1",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Fix deferred",
    "package_name" : "rhcos",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenStack Platform 13 (Queens)",
    "fix_state" : "Fix deferred",
    "package_name" : "rhosp13/openstack-neutron-openvswitch-agent",
    "cpe" : "cpe:/a:redhat:openstack:13"
  }, {
    "product_name" : "Red Hat OpenStack Platform 13 (Queens)",
    "fix_state" : "Fix deferred",
    "package_name" : "rhosp13/openstack-openvswitch-base",
    "cpe" : "cpe:/a:redhat:openstack:13"
  }, {
    "product_name" : "Red Hat OpenStack Platform 13 (Queens)",
    "fix_state" : "Fix deferred",
    "package_name" : "rhosp13/openstack-ovn-base",
    "cpe" : "cpe:/a:redhat:openstack:13"
  }, {
    "product_name" : "Red Hat OpenStack Platform 16.2",
    "fix_state" : "Fix deferred",
    "package_name" : "rhosp-openvswitch",
    "cpe" : "cpe:/a:redhat:openstack:16.2"
  }, {
    "product_name" : "Red Hat OpenStack Platform 16.2",
    "fix_state" : "Fix deferred",
    "package_name" : "rhosp-rhel8/openstack-neutron-openvswitch-agent",
    "cpe" : "cpe:/a:redhat:openstack:16.2"
  }, {
    "product_name" : "Red Hat OpenStack Platform 17.1",
    "fix_state" : "Fix deferred",
    "package_name" : "rhosp-openvswitch",
    "cpe" : "cpe:/a:redhat:openstack:17.1"
  }, {
    "product_name" : "Red Hat OpenStack Platform 17.1",
    "fix_state" : "Fix deferred",
    "package_name" : "rhosp-rhel9/openstack-neutron-openvswitch-agent",
    "cpe" : "cpe:/a:redhat:openstack:17.1"
  }, {
    "product_name" : "Red Hat OpenStack Platform 18.0",
    "fix_state" : "Fix deferred",
    "package_name" : "rhoso-openvswitch",
    "cpe" : "cpe:/a:redhat:openstack:18.0"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-34956\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-34956" ],
  "name" : "CVE-2026-34956",
  "mitigation" : {
    "value" : "Optionally, avoid using alg=ftp flows. These are not usually configured.",
    "lang" : "en:us"
  },
  "csaw" : false
}