An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding.
{
"unresolved_ranges": [
{
"cpes": [
"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"
],
"extracted_events": [
{
"introduced": "16.04"
},
{
"last_affected": "16.04"
},
{
"introduced": "18.04"
},
{
"last_affected": "18.04"
}
],
"source": "CPE_STRING",
"vendor_product": "canonical:ubuntu_linux"
},
{
"cpes": [
"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "9.0"
},
{
"last_affected": "9.0"
}
],
"source": "CPE_STRING",
"vendor_product": "debian:debian_linux"
},
{
"cpes": [
"cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*",
"cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "10"
},
{
"last_affected": "10"
},
{
"introduced": "13"
},
{
"last_affected": "13"
}
],
"source": "CPE_STRING",
"vendor_product": "redhat:openstack"
}
]
}[
{
"source": "https://github.com/openvswitch/ovs/commit/9237a63c47bd314b807cda0bd2216264e82edbe8",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "57461956889987823182985039612819091499",
"length": 2465.0
},
"id": "CVE-2018-17206-41634a70",
"signature_type": "Function",
"target": {
"function": "decode_bundle",
"file": "lib/ofp-actions.c"
}
},
{
"source": "https://github.com/openvswitch/ovs/commit/9237a63c47bd314b807cda0bd2216264e82edbe8",
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"210906905664758460515499443758496348914",
"169491159002022090409035248224929762667",
"260441358071495433885160431772933471618",
"29049431944125111516871169759209627234",
"104421915300623089526274437846960737898",
"236094497615507576891058569560103942668",
"97419143637965801260516021338863620520",
"265232926905435110150322864614360754111"
]
},
"id": "CVE-2018-17206-f8b6cd53",
"signature_type": "Line",
"target": {
"file": "lib/ofp-actions.c"
}
}
]
"2026-07-08T17:16:13Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-17206.json"