First published: Wed Sep 19 2018(Updated: )
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Openvswitch Openvswitch | >=2.7.0<=2.7.6 | |
Redhat Openstack | =10 | |
Redhat Openstack | =13 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Debian Debian Linux | =9.0 | |
debian/openvswitch | 2.15.0+ds1-2+deb11u5 3.1.0-2+deb12u1 3.5.0~git20241129.2af7cef-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2018-17206.
The severity of CVE-2018-17206 is medium (4.9).
Open vSwitch (OvS) versions 2.7.x through 2.7.6 are affected by CVE-2018-17206.
To fix the vulnerability CVE-2018-17206, update Open vSwitch to version 2.10.7+ds1-0+deb10u1 or later.
More information about CVE-2018-17206 can be found on the following links: [Link 1](https://access.redhat.com/errata/RHSA-2018:3500), [Link 2](https://access.redhat.com/errata/RHSA-2019:0053), [Link 3](https://access.redhat.com/errata/RHSA-2019:0081).