CVE-2021-36980
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-36980
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-36980.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-36980
- Downstream
- Related
- Published
- 2021-07-20T07:15:08Z
- Modified
- 2025-09-19T13:08:59.870016Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decodeNXASTRAWENCAP (called from ofpactdecode and ofpactsdecode) during the decoding of a RAWENCAP action.
- References
-
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27851
- https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openvswitch/OSV-2020-2197.yaml
- https://github.com/openvswitch/ovs/commit/38744b1bcb022c611712527f039722115300f58f
- https://github.com/openvswitch/ovs/commit/65c61b0c23a0d474696d7b1cea522a5016a8aeb3
- https://github.com/openvswitch/ovs/commit/6d67310f4d2524b466b98f05ebccc1add1e8cf35
- https://github.com/openvswitch/ovs/commit/77cccc74deede443e8b9102299efc869a52b65b2
- https://github.com/openvswitch/ovs/commit/8ce8dc34b5f73b30ce0c1869af9947013c3c6575
- https://github.com/openvswitch/ovs/commit/9926637a80d0d243dbf9c49761046895e9d1a8e2
- https://security.gentoo.org/glsa/202311-16
Affected packages
Git / github.com/openvswitch/ovs
Affected ranges
- Type
- GIT
- Repo
- https://github.com/openvswitch/ovs
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixedFixedFixedFixed
Affected versions
v0.*
v0.90.0
v0.90.1
v0.90.2
v0.90.3
v0.90.4
v0.90.6
v0.90.7
v0.99.0
v0.99.1
v0.99.2
v1.*
v1.0.0
v1.0.1
v1.1.0pre1
v1.1.0pre2
v2.*
v2.11.0
v2.11.1
v2.11.2
v2.11.3
v2.11.4
v2.11.5
v2.11.6
v2.12.0
v2.12.1
v2.12.2
v2.12.3
v2.13.0
v2.13.1
v2.13.2
v2.13.3
v2.14.0
v2.14.1
v2.14.2
v2.15.0
Database specific
{
"vanir_signatures": [
{
"signature_type": "Function",
"target": {
"function": "decode_NXAST_RAW_ENCAP",
"file": "lib/ofp-actions.c"
},
"source": "https://github.com/openvswitch/ovs/commit/65c61b0c23a0d474696d7b1cea522a5016a8aeb3",
"id": "CVE-2021-36980-200af1b6",
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "209576733534873843408785465615394916633",
"length": 761.0
}
},
{
"signature_type": "Line",
"target": {
"file": "lib/ofp-actions.c"
},
"source": "https://github.com/openvswitch/ovs/commit/6d67310f4d2524b466b98f05ebccc1add1e8cf35",
"id": "CVE-2021-36980-275ba41f",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"92060819711219569976165408103874414148",
"230133176707265485790101955749202792602",
"125678146867983290637383644987280043108",
"160963822987075192410460993497950816861",
"75627123629655397597708468586468840578",
"203694621910049404690690516157255942209",
"195849225705113354180812045969896413298",
"208620529668483093776628092577962602440"
],
"threshold": 0.9
}
},
{
"signature_type": "Line",
"target": {
"file": "lib/ofp-actions.c"
},
"source": "https://github.com/openvswitch/ovs/commit/9926637a80d0d243dbf9c49761046895e9d1a8e2",
"id": "CVE-2021-36980-30cd9a35",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"92060819711219569976165408103874414148",
"230133176707265485790101955749202792602",
"125678146867983290637383644987280043108",
"160963822987075192410460993497950816861",
"75627123629655397597708468586468840578",
"203694621910049404690690516157255942209",
"195849225705113354180812045969896413298",
"208620529668483093776628092577962602440"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"target": {
"function": "decode_NXAST_RAW_ENCAP",
"file": "lib/ofp-actions.c"
},
"source": "https://github.com/openvswitch/ovs/commit/6d67310f4d2524b466b98f05ebccc1add1e8cf35",
"id": "CVE-2021-36980-415b3027",
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "209576733534873843408785465615394916633",
"length": 761.0
}
},
{
"signature_type": "Line",
"target": {
"file": "lib/ofp-actions.c"
},
"source": "https://github.com/openvswitch/ovs/commit/8ce8dc34b5f73b30ce0c1869af9947013c3c6575",
"id": "CVE-2021-36980-4400f99d",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"92060819711219569976165408103874414148",
"230133176707265485790101955749202792602",
"125678146867983290637383644987280043108",
"160963822987075192410460993497950816861",
"75627123629655397597708468586468840578",
"203694621910049404690690516157255942209",
"195849225705113354180812045969896413298",
"208620529668483093776628092577962602440"
],
"threshold": 0.9
}
},
{
"signature_type": "Line",
"target": {
"file": "lib/ofp-actions.c"
},
"source": "https://github.com/openvswitch/ovs/commit/38744b1bcb022c611712527f039722115300f58f",
"id": "CVE-2021-36980-58985c2c",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"92060819711219569976165408103874414148",
"230133176707265485790101955749202792602",
"125678146867983290637383644987280043108",
"160963822987075192410460993497950816861",
"75627123629655397597708468586468840578",
"203694621910049404690690516157255942209",
"195849225705113354180812045969896413298",
"208620529668483093776628092577962602440"
],
"threshold": 0.9
}
},
{
"signature_type": "Line",
"target": {
"file": "lib/ofp-actions.c"
},
"source": "https://github.com/openvswitch/ovs/commit/77cccc74deede443e8b9102299efc869a52b65b2",
"id": "CVE-2021-36980-5c589e53",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"92060819711219569976165408103874414148",
"230133176707265485790101955749202792602",
"125678146867983290637383644987280043108",
"160963822987075192410460993497950816861",
"75627123629655397597708468586468840578",
"203694621910049404690690516157255942209",
"195849225705113354180812045969896413298",
"208620529668483093776628092577962602440"
],
"threshold": 0.9
}
},
{
"signature_type": "Line",
"target": {
"file": "lib/ofp-actions.c"
},
"source": "https://github.com/openvswitch/ovs/commit/65c61b0c23a0d474696d7b1cea522a5016a8aeb3",
"id": "CVE-2021-36980-880e5a8e",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"92060819711219569976165408103874414148",
"230133176707265485790101955749202792602",
"125678146867983290637383644987280043108",
"160963822987075192410460993497950816861",
"75627123629655397597708468586468840578",
"203694621910049404690690516157255942209",
"195849225705113354180812045969896413298",
"208620529668483093776628092577962602440"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"target": {
"function": "decode_NXAST_RAW_ENCAP",
"file": "lib/ofp-actions.c"
},
"source": "https://github.com/openvswitch/ovs/commit/38744b1bcb022c611712527f039722115300f58f",
"id": "CVE-2021-36980-8fa1a3c4",
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "209576733534873843408785465615394916633",
"length": 761.0
}
},
{
"signature_type": "Function",
"target": {
"function": "decode_NXAST_RAW_ENCAP",
"file": "lib/ofp-actions.c"
},
"source": "https://github.com/openvswitch/ovs/commit/8ce8dc34b5f73b30ce0c1869af9947013c3c6575",
"id": "CVE-2021-36980-9195f800",
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "209576733534873843408785465615394916633",
"length": 761.0
}
},
{
"signature_type": "Function",
"target": {
"function": "decode_NXAST_RAW_ENCAP",
"file": "lib/ofp-actions.c"
},
"source": "https://github.com/openvswitch/ovs/commit/9926637a80d0d243dbf9c49761046895e9d1a8e2",
"id": "CVE-2021-36980-96f56785",
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "209576733534873843408785465615394916633",
"length": 761.0
}
},
{
"signature_type": "Function",
"target": {
"function": "decode_NXAST_RAW_ENCAP",
"file": "lib/ofp-actions.c"
},
"source": "https://github.com/openvswitch/ovs/commit/77cccc74deede443e8b9102299efc869a52b65b2",
"id": "CVE-2021-36980-f5546977",
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "209576733534873843408785465615394916633",
"length": 761.0
}
}
]
}