An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding.
https://usn.ubuntu.com/3873-1/
https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html
https://github.com/openvswitch/ovs/commit/9237a63c47bd314b807cda0bd2216264e82edbe8
https://access.redhat.com/errata/RHSA-2019:0081
https://access.redhat.com/errata/RHSA-2019:0053
https://access.redhat.com/errata/RHSA-2018:3500
Source: Mitre, NVD
Published: 2018-09-19
Updated: 2024-11-21
Base Score: 4
Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P
Severity: Medium
Base Score: 4.9
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
EPSS: 0.02198