CVE-2018-17206
Advisory lineage Upstream: 0 Downstream: 8
Modified
Published: 19 Sept 2018, 16:00
Last modified:05 Aug 2024, 10:47
Vulnerability Summary
Overall Risk (default)
low
20/100 CVSS Score
4.9 MEDIUM
v3.1 (nvd)
EPSS Score
2.08% LOW
2% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
19 Sept 2018, 16:00
Published
Vulnerability first disclosed
05 Aug 2024, 10:47
Last Modified
Vulnerability information updated
Description
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding.
CVSS Metrics
- v3.1•MEDIUM•Score: 4.9CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
- v2.0•MEDIUM•Score: 4AV:N/AC:L/Au:S/C:N/I:N/A:P
EPSS Trends
Current EPSS score: 2.08%• Percentile: 84%
Techniques & Countermeasures
- CWE-125•Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
Affected Systems
- canonical•ubuntu_linux
16.04 | 18.04
- debian•debian_linux
9.0
- openvswitch•openvswitch
≥ 2.7.0, ≤ 2.7.6
- redhat•openstack
10 | 13
References (6)
- https://access.redhat.com/errata/RHSA-2019:0053
- https://usn.ubuntu.com/3873-1/
- https://access.redhat.com/errata/RHSA-2018:3500
- https://github.com/openvswitch/ovs/commit/9237a63c47bd314b807cda0bd2216264e82edbe8
- https://access.redhat.com/errata/RHSA-2019:0081
- https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html