CVE-2021-36980 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Arbitrary code execution
Description	Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2177	openvswitch	2.14.2-1	2.15.1-1	Medium	Fixed

Date	Advisory	Group	Package	Severity	Type
20 Jul 2021	ASA-202107-40	AVG-2177	openvswitch	Medium	arbitrary code execution

References
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openvswitch/OSV-2020-2197.yaml https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27851 https://github.com/openvswitch/ovs/commit/38744b1bcb022c611712527f039722115300f58f

References

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openvswitch/OSV-2020-2197.yaml
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27851
https://github.com/openvswitch/ovs/commit/38744b1bcb022c611712527f039722115300f58f