{"id":"CVE-2021-36980","details":"Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action.","modified":"2026-04-11T17:26:05.694975Z","published":"2021-07-20T07:15:08.113Z","related":["SUSE-SU-2022:3096-1","SUSE-SU-2022:3098-1","SUSE-SU-2022:3099-1","SUSE-SU-2022:3116-1","SUSE-SU-2023:1795-1","SUSE-SU-2023:2360-1","openSUSE-SU-2024:11898-1"],"references":[{"type":"ADVISORY","url":"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openvswitch/OSV-2020-2197.yaml"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202311-16"},{"type":"FIX","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27851"},{"type":"FIX","url":"https://github.com/openvswitch/ovs/commit/38744b1bcb022c611712527f039722115300f58f"},{"type":"FIX","url":"https://github.com/openvswitch/ovs/commit/65c61b0c23a0d474696d7b1cea522a5016a8aeb3"},{"type":"FIX","url":"https://github.com/openvswitch/ovs/commit/6d67310f4d2524b466b98f05ebccc1add1e8cf35"},{"type":"FIX","url":"https://github.com/openvswitch/ovs/commit/77cccc74deede443e8b9102299efc869a52b65b2"},{"type":"FIX","url":"https://github.com/openvswitch/ovs/commit/8ce8dc34b5f73b30ce0c1869af9947013c3c6575"},{"type":"FIX","url":"https://github.com/openvswitch/ovs/commit/9926637a80d0d243dbf9c49761046895e9d1a8e2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openvswitch/ovs","events":[{"introduced":"997f2b583f49d1a52b41958b88acf4f23a49eba6"},{"last_affected":"8dc1733eaea866dce033b3c44853e1b09bf59fc7"},{"fixed":"38744b1bcb022c611712527f039722115300f58f"},{"fixed":"65c61b0c23a0d474696d7b1cea522a5016a8aeb3"},{"fixed":"6d67310f4d2524b466b98f05ebccc1add1e8cf35"},{"fixed":"77cccc74deede443e8b9102299efc869a52b65b2"},{"fixed":"8ce8dc34b5f73b30ce0c1869af9947013c3c6575"},{"fixed":"9926637a80d0d243dbf9c49761046895e9d1a8e2"}],"database_specific":{"versions":[{"introduced":"2.11.0"},{"last_affected":"2.15.0"}]}}],"versions":["v2.11.0","v2.11.1","v2.11.2","v2.11.3","v2.11.4","v2.11.5","v2.11.6"],"database_specific":{"vanir_signatures":[{"id":"CVE-2021-36980-200af1b6","digest":{"function_hash":"209576733534873843408785465615394916633","length":761},"target":{"function":"decode_NXAST_RAW_ENCAP","file":"lib/ofp-actions.c"},"source":"https://github.com/openvswitch/ovs/commit/65c61b0c23a0d474696d7b1cea522a5016a8aeb3","signature_type":"Function","deprecated":false,"signature_version":"v1"},{"id":"CVE-2021-36980-275ba41f","digest":{"line_hashes":["92060819711219569976165408103874414148","230133176707265485790101955749202792602","125678146867983290637383644987280043108","160963822987075192410460993497950816861","75627123629655397597708468586468840578","203694621910049404690690516157255942209","195849225705113354180812045969896413298","208620529668483093776628092577962602440"],"threshold":0.9},"target":{"file":"lib/ofp-actions.c"},"source":"https://github.com/openvswitch/ovs/commit/6d67310f4d2524b466b98f05ebccc1add1e8cf35","signature_type":"Line","deprecated":false,"signature_version":"v1"},{"id":"CVE-2021-36980-30cd9a35","digest":{"line_hashes":["92060819711219569976165408103874414148","230133176707265485790101955749202792602","125678146867983290637383644987280043108","160963822987075192410460993497950816861","75627123629655397597708468586468840578","203694621910049404690690516157255942209","195849225705113354180812045969896413298","208620529668483093776628092577962602440"],"threshold":0.9},"target":{"file":"lib/ofp-actions.c"},"source":"https://github.com/openvswitch/ovs/commit/9926637a80d0d243dbf9c49761046895e9d1a8e2","signature_type":"Line","deprecated":false,"signature_version":"v1"},{"id":"CVE-2021-36980-415b3027","digest":{"function_hash":"209576733534873843408785465615394916633","length":761},"target":{"function":"decode_NXAST_RAW_ENCAP","file":"lib/ofp-actions.c"},"source":"https://github.com/openvswitch/ovs/commit/6d67310f4d2524b466b98f05ebccc1add1e8cf35","signature_type":"Function","deprecated":false,"signature_version":"v1"},{"id":"CVE-2021-36980-4400f99d","digest":{"line_hashes":["92060819711219569976165408103874414148","230133176707265485790101955749202792602","125678146867983290637383644987280043108","160963822987075192410460993497950816861","75627123629655397597708468586468840578","203694621910049404690690516157255942209","195849225705113354180812045969896413298","208620529668483093776628092577962602440"],"threshold":0.9},"target":{"file":"lib/ofp-actions.c"},"source":"https://github.com/openvswitch/ovs/commit/8ce8dc34b5f73b30ce0c1869af9947013c3c6575","signature_type":"Line","deprecated":false,"signature_version":"v1"},{"id":"CVE-2021-36980-58985c2c","digest":{"line_hashes":["92060819711219569976165408103874414148","230133176707265485790101955749202792602","125678146867983290637383644987280043108","160963822987075192410460993497950816861","75627123629655397597708468586468840578","203694621910049404690690516157255942209","195849225705113354180812045969896413298","208620529668483093776628092577962602440"],"threshold":0.9},"target":{"file":"lib/ofp-actions.c"},"source":"https://github.com/openvswitch/ovs/commit/38744b1bcb022c611712527f039722115300f58f","signature_type":"Line","deprecated":false,"signature_version":"v1"},{"id":"CVE-2021-36980-5c589e53","digest":{"line_hashes":["92060819711219569976165408103874414148","230133176707265485790101955749202792602","125678146867983290637383644987280043108","160963822987075192410460993497950816861","75627123629655397597708468586468840578","203694621910049404690690516157255942209","195849225705113354180812045969896413298","208620529668483093776628092577962602440"],"threshold":0.9},"target":{"file":"lib/ofp-actions.c"},"source":"https://github.com/openvswitch/ovs/commit/77cccc74deede443e8b9102299efc869a52b65b2","signature_type":"Line","deprecated":false,"signature_version":"v1"},{"id":"CVE-2021-36980-880e5a8e","digest":{"line_hashes":["92060819711219569976165408103874414148","230133176707265485790101955749202792602","125678146867983290637383644987280043108","160963822987075192410460993497950816861","75627123629655397597708468586468840578","203694621910049404690690516157255942209","195849225705113354180812045969896413298","208620529668483093776628092577962602440"],"threshold":0.9},"target":{"file":"lib/ofp-actions.c"},"source":"https://github.com/openvswitch/ovs/commit/65c61b0c23a0d474696d7b1cea522a5016a8aeb3","signature_type":"Line","deprecated":false,"signature_version":"v1"},{"id":"CVE-2021-36980-8fa1a3c4","digest":{"function_hash":"209576733534873843408785465615394916633","length":761},"target":{"function":"decode_NXAST_RAW_ENCAP","file":"lib/ofp-actions.c"},"source":"https://github.com/openvswitch/ovs/commit/38744b1bcb022c611712527f039722115300f58f","signature_type":"Function","deprecated":false,"signature_version":"v1"},{"id":"CVE-2021-36980-9195f800","digest":{"function_hash":"209576733534873843408785465615394916633","length":761},"target":{"function":"decode_NXAST_RAW_ENCAP","file":"lib/ofp-actions.c"},"source":"https://github.com/openvswitch/ovs/commit/8ce8dc34b5f73b30ce0c1869af9947013c3c6575","signature_type":"Function","deprecated":false,"signature_version":"v1"},{"id":"CVE-2021-36980-96f56785","digest":{"function_hash":"209576733534873843408785465615394916633","length":761},"target":{"function":"decode_NXAST_RAW_ENCAP","file":"lib/ofp-actions.c"},"source":"https://github.com/openvswitch/ovs/commit/9926637a80d0d243dbf9c49761046895e9d1a8e2","signature_type":"Function","deprecated":false,"signature_version":"v1"},{"id":"CVE-2021-36980-f5546977","digest":{"function_hash":"209576733534873843408785465615394916633","length":761},"target":{"function":"decode_NXAST_RAW_ENCAP","file":"lib/ofp-actions.c"},"source":"https://github.com/openvswitch/ovs/commit/77cccc74deede443e8b9102299efc869a52b65b2","signature_type":"Function","deprecated":false,"signature_version":"v1"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-36980.json","vanir_signatures_modified":"2026-04-11T17:26:05Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}