Vulnerability Details : CVE-2021-36980
Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action.
Vulnerability category: Memory Corruption
Products affected by CVE-2021-36980
- cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-36980
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 27 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-36980
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST | |
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-05-05 |
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2021-36980
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2021-36980
-
https://github.com/openvswitch/ovs/commit/38744b1bcb022c611712527f039722115300f58f
ofp-actions: Fix use-after-free while decoding RAW_ENCAP. · openvswitch/ovs@38744b1 · GitHubPatch;Third Party Advisory
-
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openvswitch/OSV-2020-2197.yaml
oss-fuzz-vulns/OSV-2020-2197.yaml at main · google/oss-fuzz-vulns · GitHubThird Party Advisory
-
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27851
27851 - openvswitch:ofp_print_target: Heap-use-after-free in decode_NXAST_RAW_ENCAP - oss-fuzzPatch;Third Party Advisory
-
https://github.com/openvswitch/ovs/commit/8ce8dc34b5f73b30ce0c1869af9947013c3c6575
ofp-actions: Fix use-after-free while decoding RAW_ENCAP. · openvswitch/ovs@8ce8dc3 · GitHubPatch;Third Party Advisory
-
https://security.gentoo.org/glsa/202311-16
Open vSwitch: Multiple Vulnerabilities (GLSA 202311-16) — Gentoo security
-
https://github.com/openvswitch/ovs/commit/65c61b0c23a0d474696d7b1cea522a5016a8aeb3
ofp-actions: Fix use-after-free while decoding RAW_ENCAP. · openvswitch/ovs@65c61b0 · GitHubPatch;Third Party Advisory
-
https://github.com/openvswitch/ovs/commit/6d67310f4d2524b466b98f05ebccc1add1e8cf35
ofp-actions: Fix use-after-free while decoding RAW_ENCAP. · openvswitch/ovs@6d67310 · GitHubPatch;Third Party Advisory
-
https://github.com/openvswitch/ovs/commit/77cccc74deede443e8b9102299efc869a52b65b2
ofp-actions: Fix use-after-free while decoding RAW_ENCAP. · openvswitch/ovs@77cccc7 · GitHubPatch;Third Party Advisory
-
https://github.com/openvswitch/ovs/commit/9926637a80d0d243dbf9c49761046895e9d1a8e2
ofp-actions: Fix use-after-free while decoding RAW_ENCAP. · openvswitch/ovs@9926637 · GitHubPatch;Third Party Advisory
Jump to