Description
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding.
References (6)
Core 6
Core References
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:0053
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3873-1/
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3500
Patch, Third Party Advisory x_refsource_misc
https://github.com/openvswitch/ovs/commit/9237a63c47bd314b807cda0bd2216264e82edbe8
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:0081
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html
Scores
CVSS v3
4.9
EPSS
0.0208
EPSS Percentile
84.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-125
Status
published
Products (6)
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
18.04
debian/debian_linux
9.0
openvswitch/openvswitch
2.7.0 - 2.7.6
redhat/openstack
10
redhat/openstack
13
Published
Sep 19, 2018
Tracked Since
Feb 18, 2026