{"id":"CVE-2018-17206","details":"An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding.","modified":"2026-04-11T12:27:56.175460Z","published":"2018-09-19T16:29:01.113Z","related":["SUSE-SU-2018:4128-1"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3500"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:0053"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:0081"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3873-1/"},{"type":"FIX","url":"https://github.com/openvswitch/ovs/commit/9237a63c47bd314b807cda0bd2216264e82edbe8"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openvswitch/ovs","events":[{"introduced":"c298ef781c2d35d939fe163cbc2f41ea7b1cb8d1"},{"last_affected":"a3830aae25911fef587c08f7301b4665ecc17ae1"},{"fixed":"9237a63c47bd314b807cda0bd2216264e82edbe8"}],"database_specific":{"versions":[{"introduced":"2.7.0"},{"last_affected":"2.7.6"}]}}],"versions":["v2.7.0","v2.7.1","v2.7.2","v2.7.3","v2.7.4","v2.7.5","v2.7.6"],"database_specific":{"vanir_signatures_modified":"2026-04-11T12:27:56Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"10"}]},{"events":[{"introduced":"0"},{"last_affected":"13"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-17206.json","vanir_signatures":[{"target":{"file":"lib/ofp-actions.c","function":"decode_bundle"},"source":"https://github.com/openvswitch/ovs/commit/9237a63c47bd314b807cda0bd2216264e82edbe8","id":"CVE-2018-17206-41634a70","digest":{"length":2465,"function_hash":"57461956889987823182985039612819091499"},"deprecated":false,"signature_type":"Function","signature_version":"v1"},{"target":{"file":"lib/ofp-actions.c"},"source":"https://github.com/openvswitch/ovs/commit/9237a63c47bd314b807cda0bd2216264e82edbe8","id":"CVE-2018-17206-f8b6cd53","digest":{"line_hashes":["210906905664758460515499443758496348914","169491159002022090409035248224929762667","260441358071495433885160431772933471618","29049431944125111516871169759209627234","104421915300623089526274437846960737898","236094497615507576891058569560103942668","97419143637965801260516021338863620520","265232926905435110150322864614360754111"],"threshold":0.9},"deprecated":false,"signature_type":"Line","signature_version":"v1"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}]}