{"id":"CVE-2018-17206","details":"An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding.","modified":"2026-03-15T22:25:59.468670Z","published":"2018-09-19T16:29:01.113Z","related":["SUSE-SU-2018:4128-1"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3500"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:0053"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:0081"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3873-1/"},{"type":"FIX","url":"https://github.com/openvswitch/ovs/commit/9237a63c47bd314b807cda0bd2216264e82edbe8"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openvswitch/ovs","events":[{"introduced":"c298ef781c2d35d939fe163cbc2f41ea7b1cb8d1"},{"last_affected":"a3830aae25911fef587c08f7301b4665ecc17ae1"},{"fixed":"9237a63c47bd314b807cda0bd2216264e82edbe8"}],"database_specific":{"versions":[{"introduced":"2.7.0"},{"last_affected":"2.7.6"}]}}],"versions":["v2.7.0","v2.7.1","v2.7.2","v2.7.3","v2.7.4","v2.7.5","v2.7.6"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-17206.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"10"}]},{"events":[{"introduced":"0"},{"last_affected":"13"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}],"vanir_signatures":[{"source":"https://github.com/openvswitch/ovs/commit/9237a63c47bd314b807cda0bd2216264e82edbe8","signature_version":"v1","deprecated":false,"id":"CVE-2018-17206-41634a70","target":{"file":"lib/ofp-actions.c","function":"decode_bundle"},"signature_type":"Function","digest":{"length":2465,"function_hash":"57461956889987823182985039612819091499"}},{"source":"https://github.com/openvswitch/ovs/commit/9237a63c47bd314b807cda0bd2216264e82edbe8","signature_version":"v1","deprecated":false,"id":"CVE-2018-17206-f8b6cd53","target":{"file":"lib/ofp-actions.c"},"signature_type":"Line","digest":{"line_hashes":["210906905664758460515499443758496348914","169491159002022090409035248224929762667","260441358071495433885160431772933471618","29049431944125111516871169759209627234","104421915300623089526274437846960737898","236094497615507576891058569560103942668","97419143637965801260516021338863620520","265232926905435110150322864614360754111"],"threshold":0.9}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}]}