{"url":"http://public2.vulnerablecode.io/api/packages/516208?format=json","purl":"pkg:deb/debian/openvswitch@2.6.2~pre%2Bgit20161223-3","type":"deb","namespace":"debian","name":"openvswitch","version":"2.6.2~pre+git20161223-3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.7.1-2","latest_non_vulnerable_version":"3.7.1-2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97276?format=json","vulnerability_id":"VCID-12e7-hcbz-gfed","summary":"An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. This causes an assertion failure (via OVS_NOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17204.json","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17204.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17204","reference_id":"","reference_type":"","scores":[{"value":"0.01127","scoring_system":"epss","scoring_elements":"0.78634","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01127","scoring_system":"epss","scoring_elements":"0.78661","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01127","scoring_system":"epss","scoring_elements":"0.78669","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01127","scoring_system":"epss","scoring_elements":"0.7866","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01127","scoring_system":"epss","scoring_elements":"0.78647","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01127","scoring_system":"epss","scoring_elements":"0.78665","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17204"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17204","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17204"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1632522","reference_id":"1632522","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1632522"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3500","reference_id":"RHSA-2018:3500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0053","reference_id":"RHSA-2019:0053","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0053"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0081","reference_id":"RHSA-2019:0081","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0081"},{"reference_url":"https://usn.ubuntu.com/3873-1/","reference_id":"USN-3873-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3873-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516209?format=json","purl":"pkg:deb/debian/openvswitch@2.10.0%2B2018.08.28%2Bgit.8ca7c82b7d%2Bds1-12%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7jvm-jcvu-cbfa"},{"vulnerability":"VCID-cdtd-518u-gbdm"},{"vulnerability":"VCID-m4dj-9mux-9bev"},{"vulnerability":"VCID-rkpb-6znz-kkg7"},{"vulnerability":"VCID-sd4g-5s7t-sqce"},{"vulnerability":"VCID-syfb-t5kj-5ke3"},{"vulnerability":"VCID-u16h-gf84-wube"},{"vulnerability":"VCID-uyrs-d9tt-gfe1"},{"vulnerability":"VCID-v2qh-74rq-byfb"},{"vulnerability":"VCID-v6k2-fgfb-zufk"},{"vulnerability":"VCID-zbzh-czta-jkb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvswitch@2.10.0%252B2018.08.28%252Bgit.8ca7c82b7d%252Bds1-12%252Bdeb10u2"}],"aliases":["CVE-2018-17204"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-12e7-hcbz-gfed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97278?format=json","vulnerability_id":"VCID-3nx5-ydha-gyg7","summary":"An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17206.json","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17206.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17206","reference_id":"","reference_type":"","scores":[{"value":"0.02077","scoring_system":"epss","scoring_elements":"0.84281","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02077","scoring_system":"epss","scoring_elements":"0.84305","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02077","scoring_system":"epss","scoring_elements":"0.84308","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02077","scoring_system":"epss","scoring_elements":"0.84301","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02077","scoring_system":"epss","scoring_elements":"0.84289","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02077","scoring_system":"epss","scoring_elements":"0.84302","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17206"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17206","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17206"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1632528","reference_id":"1632528","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1632528"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3500","reference_id":"RHSA-2018:3500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0053","reference_id":"RHSA-2019:0053","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0053"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0081","reference_id":"RHSA-2019:0081","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0081"},{"reference_url":"https://usn.ubuntu.com/3873-1/","reference_id":"USN-3873-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3873-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516209?format=json","purl":"pkg:deb/debian/openvswitch@2.10.0%2B2018.08.28%2Bgit.8ca7c82b7d%2Bds1-12%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7jvm-jcvu-cbfa"},{"vulnerability":"VCID-cdtd-518u-gbdm"},{"vulnerability":"VCID-m4dj-9mux-9bev"},{"vulnerability":"VCID-rkpb-6znz-kkg7"},{"vulnerability":"VCID-sd4g-5s7t-sqce"},{"vulnerability":"VCID-syfb-t5kj-5ke3"},{"vulnerability":"VCID-u16h-gf84-wube"},{"vulnerability":"VCID-uyrs-d9tt-gfe1"},{"vulnerability":"VCID-v2qh-74rq-byfb"},{"vulnerability":"VCID-v6k2-fgfb-zufk"},{"vulnerability":"VCID-zbzh-czta-jkb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvswitch@2.10.0%252B2018.08.28%252Bgit.8ca7c82b7d%252Bds1-12%252Bdeb10u2"}],"aliases":["CVE-2018-17206"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3nx5-ydha-gyg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97281?format=json","vulnerability_id":"VCID-7jvm-jcvu-cbfa","summary":"In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32166.json","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32166.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-32166","reference_id":"","reference_type":"","scores":[{"value":"0.01657","scoring_system":"epss","scoring_elements":"0.82418","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01657","scoring_system":"epss","scoring_elements":"0.82412","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01657","scoring_system":"epss","scoring_elements":"0.82411","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01657","scoring_system":"epss","scoring_elements":"0.82404","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0175","scoring_system":"epss","scoring_elements":"0.82931","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0175","scoring_system":"epss","scoring_elements":"0.82904","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-32166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32166"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2130577","reference_id":"2130577","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2130577"},{"reference_url":"https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73","reference_id":"2ed6505555cdcb46f9b1f0329d1491b75290fc73","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T14:13:38Z/"}],"url":"https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73"},{"reference_url":"https://www.mend.io/vulnerability-database/CVE-2022-32166","reference_id":"CVE-2022-32166","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T14:13:38Z/"}],"url":"https://www.mend.io/vulnerability-database/CVE-2022-32166"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html","reference_id":"msg00036.html","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T14:13:38Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html"},{"reference_url":"https://usn.ubuntu.com/5698-1/","reference_id":"USN-5698-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5698-1/"},{"reference_url":"https://usn.ubuntu.com/5698-2/","reference_id":"USN-5698-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5698-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/510238?format=json","purl":"pkg:deb/debian/openvswitch@2.15.0%2Bds1-2%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-w5dj-ttm7-nfdf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvswitch@2.15.0%252Bds1-2%252Bdeb11u5"}],"aliases":["CVE-2022-32166"],"risk_score":3.9,"exploitability":"0.5","weighted_severity":"7.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7jvm-jcvu-cbfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97282?format=json","vulnerability_id":"VCID-cdtd-518u-gbdm","summary":"An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4337.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4337.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4337","reference_id":"","reference_type":"","scores":[{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.65071","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.65113","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.65124","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.65112","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.65101","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.65118","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4337"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4337","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4337"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4338","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4338"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027273","reference_id":"1027273","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027273"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2155378","reference_id":"2155378","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2155378"},{"reference_url":"https://security.gentoo.org/glsa/202311-16","reference_id":"GLSA-202311-16","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202311-16"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0685","reference_id":"RHSA-2023:0685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0685"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0687","reference_id":"RHSA-2023:0687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0688","reference_id":"RHSA-2023:0688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0689","reference_id":"RHSA-2023:0689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0691","reference_id":"RHSA-2023:0691","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0691"},{"reference_url":"https://usn.ubuntu.com/5890-1/","reference_id":"USN-5890-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5890-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/510238?format=json","purl":"pkg:deb/debian/openvswitch@2.15.0%2Bds1-2%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-w5dj-ttm7-nfdf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvswitch@2.15.0%252Bds1-2%252Bdeb11u5"}],"aliases":["CVE-2022-4337"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cdtd-518u-gbdm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97272?format=json","vulnerability_id":"VCID-ke62-emzb-syay","summary":"In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9263.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9263.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9263","reference_id":"","reference_type":"","scores":[{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31437","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31425","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31433","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31401","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31504","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.3147","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9263"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9263","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9263"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1457327","reference_id":"1457327","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1457327"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863655","reference_id":"863655","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863655"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2418","reference_id":"RHSA-2017:2418","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2418"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2553","reference_id":"RHSA-2017:2553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2648","reference_id":"RHSA-2017:2648","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2648"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2665","reference_id":"RHSA-2017:2665","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2665"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2692","reference_id":"RHSA-2017:2692","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2692"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2698","reference_id":"RHSA-2017:2698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2698"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2727","reference_id":"RHSA-2017:2727","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2727"},{"reference_url":"https://usn.ubuntu.com/3450-1/","reference_id":"USN-3450-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3450-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516209?format=json","purl":"pkg:deb/debian/openvswitch@2.10.0%2B2018.08.28%2Bgit.8ca7c82b7d%2Bds1-12%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7jvm-jcvu-cbfa"},{"vulnerability":"VCID-cdtd-518u-gbdm"},{"vulnerability":"VCID-m4dj-9mux-9bev"},{"vulnerability":"VCID-rkpb-6znz-kkg7"},{"vulnerability":"VCID-sd4g-5s7t-sqce"},{"vulnerability":"VCID-syfb-t5kj-5ke3"},{"vulnerability":"VCID-u16h-gf84-wube"},{"vulnerability":"VCID-uyrs-d9tt-gfe1"},{"vulnerability":"VCID-v2qh-74rq-byfb"},{"vulnerability":"VCID-v6k2-fgfb-zufk"},{"vulnerability":"VCID-zbzh-czta-jkb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvswitch@2.10.0%252B2018.08.28%252Bgit.8ca7c82b7d%252Bds1-12%252Bdeb10u2"}],"aliases":["CVE-2017-9263"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ke62-emzb-syay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92400?format=json","vulnerability_id":"VCID-m4dj-9mux-9bev","summary":"A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27827.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27827.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27827","reference_id":"","reference_type":"","scores":[{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66569","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66533","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66573","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66581","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66566","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66552","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8011","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8011"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27827"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1921438","reference_id":"1921438","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-04T13:38:48Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1921438"},{"reference_url":"https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html","reference_id":"379471.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-04T13:38:48Z/"}],"url":"https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS/","reference_id":"3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-04T13:38:48Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980132","reference_id":"980132","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980132"},{"reference_url":"https://security.archlinux.org/ASA-202101-28","reference_id":"ASA-202101-28","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-28"},{"reference_url":"https://security.archlinux.org/ASA-202101-29","reference_id":"ASA-202101-29","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-29"},{"reference_url":"https://security.archlinux.org/AVG-1451","reference_id":"AVG-1451","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1451"},{"reference_url":"https://security.archlinux.org/AVG-1456","reference_id":"AVG-1456","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1456"},{"reference_url":"https://security.gentoo.org/glsa/202311-16","reference_id":"GLSA-202311-16","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-04T13:38:48Z/"}],"url":"https://security.gentoo.org/glsa/202311-16"},{"reference_url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07","reference_id":"icsa-21-194-07","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-04T13:38:48Z/"}],"url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP/","reference_id":"JYA4AMJXCNF6UPFG36L2TPPT32C242SP","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-04T13:38:48Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0497","reference_id":"RHSA-2021:0497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0834","reference_id":"RHSA-2021:0834","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0834"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0835","reference_id":"RHSA-2021:0835","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0835"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0837","reference_id":"RHSA-2021:0837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0976","reference_id":"RHSA-2021:0976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1050","reference_id":"RHSA-2021:1050","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1050"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1051","reference_id":"RHSA-2021:1051","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1051"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2077","reference_id":"RHSA-2021:2077","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2077"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2456","reference_id":"RHSA-2021:2456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:9158","reference_id":"RHSA-2024:9158","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:9158"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D/","reference_id":"SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-04T13:38:48Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D/"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf","reference_id":"ssa-941426.pdf","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-04T13:38:48Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf"},{"reference_url":"https://usn.ubuntu.com/4691-1/","reference_id":"USN-4691-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4691-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516210?format=json","purl":"pkg:deb/debian/openvswitch@2.10.7%2Bds1-0%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7jvm-jcvu-cbfa"},{"vulnerability":"VCID-cdtd-518u-gbdm"},{"vulnerability":"VCID-m4dj-9mux-9bev"},{"vulnerability":"VCID-rkpb-6znz-kkg7"},{"vulnerability":"VCID-sd4g-5s7t-sqce"},{"vulnerability":"VCID-syfb-t5kj-5ke3"},{"vulnerability":"VCID-u16h-gf84-wube"},{"vulnerability":"VCID-uyrs-d9tt-gfe1"},{"vulnerability":"VCID-v2qh-74rq-byfb"},{"vulnerability":"VCID-v6k2-fgfb-zufk"},{"vulnerability":"VCID-zbzh-czta-jkb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvswitch@2.10.7%252Bds1-0%252Bdeb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/510238?format=json","purl":"pkg:deb/debian/openvswitch@2.15.0%2Bds1-2%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-w5dj-ttm7-nfdf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvswitch@2.15.0%252Bds1-2%252Bdeb11u5"}],"aliases":["CVE-2020-27827"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m4dj-9mux-9bev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97270?format=json","vulnerability_id":"VCID-qeh7-tbsd-13aw","summary":"In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating \"it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table.\"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14970.json","reference_id":"","reference_type":"","scores":[{"value":"2.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14970.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14970","reference_id":"","reference_type":"","scores":[{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66846","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66882","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66879","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66864","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66886","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66895","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14970"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1497966","reference_id":"1497966","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1497966"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877543","reference_id":"877543","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877543"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516209?format=json","purl":"pkg:deb/debian/openvswitch@2.10.0%2B2018.08.28%2Bgit.8ca7c82b7d%2Bds1-12%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7jvm-jcvu-cbfa"},{"vulnerability":"VCID-cdtd-518u-gbdm"},{"vulnerability":"VCID-m4dj-9mux-9bev"},{"vulnerability":"VCID-rkpb-6znz-kkg7"},{"vulnerability":"VCID-sd4g-5s7t-sqce"},{"vulnerability":"VCID-syfb-t5kj-5ke3"},{"vulnerability":"VCID-u16h-gf84-wube"},{"vulnerability":"VCID-uyrs-d9tt-gfe1"},{"vulnerability":"VCID-v2qh-74rq-byfb"},{"vulnerability":"VCID-v6k2-fgfb-zufk"},{"vulnerability":"VCID-zbzh-czta-jkb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvswitch@2.10.0%252B2018.08.28%252Bgit.8ca7c82b7d%252Bds1-12%252Bdeb10u2"}],"aliases":["CVE-2017-14970"],"risk_score":1.3,"exploitability":"0.5","weighted_severity":"2.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qeh7-tbsd-13aw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97277?format=json","vulnerability_id":"VCID-r67r-aetd-uuea","summary":"An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group id that does not exist), OvS tries to revert back all previous flows that were successfully applied from the same bundle. This is possible since OvS maintains list of old flows that were replaced by flows from the bundle. While reinserting old flows, OvS has an assertion failure due to a check on rule state != RULE_INITIALIZED. This would work for new flows, but for an old flow the rule state is RULE_REMOVED. The assertion failure causes an OvS crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17205.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17205.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17205","reference_id":"","reference_type":"","scores":[{"value":"0.00771","scoring_system":"epss","scoring_elements":"0.73903","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00771","scoring_system":"epss","scoring_elements":"0.73939","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00771","scoring_system":"epss","scoring_elements":"0.73944","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00771","scoring_system":"epss","scoring_elements":"0.7393","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00771","scoring_system":"epss","scoring_elements":"0.73913","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00771","scoring_system":"epss","scoring_elements":"0.7394","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17205"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17205","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17205"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1632525","reference_id":"1632525","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1632525"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3500","reference_id":"RHSA-2018:3500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0053","reference_id":"RHSA-2019:0053","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0053"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0081","reference_id":"RHSA-2019:0081","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0081"},{"reference_url":"https://usn.ubuntu.com/3873-1/","reference_id":"USN-3873-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3873-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516209?format=json","purl":"pkg:deb/debian/openvswitch@2.10.0%2B2018.08.28%2Bgit.8ca7c82b7d%2Bds1-12%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7jvm-jcvu-cbfa"},{"vulnerability":"VCID-cdtd-518u-gbdm"},{"vulnerability":"VCID-m4dj-9mux-9bev"},{"vulnerability":"VCID-rkpb-6znz-kkg7"},{"vulnerability":"VCID-sd4g-5s7t-sqce"},{"vulnerability":"VCID-syfb-t5kj-5ke3"},{"vulnerability":"VCID-u16h-gf84-wube"},{"vulnerability":"VCID-uyrs-d9tt-gfe1"},{"vulnerability":"VCID-v2qh-74rq-byfb"},{"vulnerability":"VCID-v6k2-fgfb-zufk"},{"vulnerability":"VCID-zbzh-czta-jkb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvswitch@2.10.0%252B2018.08.28%252Bgit.8ca7c82b7d%252Bds1-12%252Bdeb10u2"}],"aliases":["CVE-2018-17205"],"risk_score":2.0,"exploitability":"0.5","weighted_severity":"4.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r67r-aetd-uuea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92398?format=json","vulnerability_id":"VCID-rkpb-6znz-kkg7","summary":"Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8011.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8011.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8011","reference_id":"","reference_type":"","scores":[{"value":"0.05555","scoring_system":"epss","scoring_elements":"0.90436","published_at":"2026-06-04T12:55:00Z"},{"value":"0.05555","scoring_system":"epss","scoring_elements":"0.9045","published_at":"2026-06-05T12:55:00Z"},{"value":"0.05555","scoring_system":"epss","scoring_elements":"0.90451","published_at":"2026-06-06T12:55:00Z"},{"value":"0.05555","scoring_system":"epss","scoring_elements":"0.90448","published_at":"2026-06-07T12:55:00Z"},{"value":"0.05555","scoring_system":"epss","scoring_elements":"0.90447","published_at":"2026-06-08T12:55:00Z"},{"value":"0.05555","scoring_system":"epss","scoring_elements":"0.90463","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8011"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8011","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8011"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27827"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1896536","reference_id":"1896536","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1896536"},{"reference_url":"https://security.archlinux.org/ASA-202101-28","reference_id":"ASA-202101-28","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-28"},{"reference_url":"https://security.archlinux.org/AVG-1456","reference_id":"AVG-1456","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5611","reference_id":"RHSA-2020:5611","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5611"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5615","reference_id":"RHSA-2020:5615","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5615"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0028","reference_id":"RHSA-2021:0028","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0028"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0931","reference_id":"RHSA-2021:0931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0988","reference_id":"RHSA-2021:0988","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0988"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2077","reference_id":"RHSA-2021:2077","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2077"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2205","reference_id":"RHSA-2021:2205","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2205"},{"reference_url":"https://usn.ubuntu.com/4691-1/","reference_id":"USN-4691-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4691-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516210?format=json","purl":"pkg:deb/debian/openvswitch@2.10.7%2Bds1-0%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7jvm-jcvu-cbfa"},{"vulnerability":"VCID-cdtd-518u-gbdm"},{"vulnerability":"VCID-m4dj-9mux-9bev"},{"vulnerability":"VCID-rkpb-6znz-kkg7"},{"vulnerability":"VCID-sd4g-5s7t-sqce"},{"vulnerability":"VCID-syfb-t5kj-5ke3"},{"vulnerability":"VCID-u16h-gf84-wube"},{"vulnerability":"VCID-uyrs-d9tt-gfe1"},{"vulnerability":"VCID-v2qh-74rq-byfb"},{"vulnerability":"VCID-v6k2-fgfb-zufk"},{"vulnerability":"VCID-zbzh-czta-jkb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvswitch@2.10.7%252Bds1-0%252Bdeb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/510238?format=json","purl":"pkg:deb/debian/openvswitch@2.15.0%2Bds1-2%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-w5dj-ttm7-nfdf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvswitch@2.15.0%252Bds1-2%252Bdeb11u5"}],"aliases":["CVE-2015-8011"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rkpb-6znz-kkg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97280?format=json","vulnerability_id":"VCID-sd4g-5s7t-sqce","summary":"A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35498.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35498.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35498","reference_id":"","reference_type":"","scores":[{"value":"0.05687","scoring_system":"epss","scoring_elements":"0.90561","published_at":"2026-06-04T12:55:00Z"},{"value":"0.05687","scoring_system":"epss","scoring_elements":"0.90589","published_at":"2026-06-09T12:55:00Z"},{"value":"0.05687","scoring_system":"epss","scoring_elements":"0.90575","published_at":"2026-06-05T12:55:00Z"},{"value":"0.05687","scoring_system":"epss","scoring_elements":"0.90576","published_at":"2026-06-06T12:55:00Z"},{"value":"0.05687","scoring_system":"epss","scoring_elements":"0.90574","published_at":"2026-06-07T12:55:00Z"},{"value":"0.05687","scoring_system":"epss","scoring_elements":"0.90573","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35498"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1908845","reference_id":"1908845","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:22Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1908845"},{"reference_url":"https://www.openwall.com/lists/oss-security/2021/02/10/4","reference_id":"4","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:22Z/"}],"url":"https://www.openwall.com/lists/oss-security/2021/02/10/4"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982493","reference_id":"982493","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982493"},{"reference_url":"https://security.archlinux.org/AVG-1564","reference_id":"AVG-1564","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1564"},{"reference_url":"https://www.debian.org/security/2021/dsa-4852","reference_id":"dsa-4852","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:22Z/"}],"url":"https://www.debian.org/security/2021/dsa-4852"},{"reference_url":"https://security.gentoo.org/glsa/202311-16","reference_id":"GLSA-202311-16","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:22Z/"}],"url":"https://security.gentoo.org/glsa/202311-16"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html","reference_id":"msg00032.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:22Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0497","reference_id":"RHSA-2021:0497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0834","reference_id":"RHSA-2021:0834","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0834"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0835","reference_id":"RHSA-2021:0835","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0835"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0837","reference_id":"RHSA-2021:0837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1050","reference_id":"RHSA-2021:1050","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1050"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2077","reference_id":"RHSA-2021:2077","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2077"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2456","reference_id":"RHSA-2021:2456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2456"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJ4DXFJWMZ325ECZXPZOSK7BOEDJZHPR/","reference_id":"UJ4DXFJWMZ325ECZXPZOSK7BOEDJZHPR","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:22Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJ4DXFJWMZ325ECZXPZOSK7BOEDJZHPR/"},{"reference_url":"https://usn.ubuntu.com/4729-1/","reference_id":"USN-4729-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4729-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516210?format=json","purl":"pkg:deb/debian/openvswitch@2.10.7%2Bds1-0%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7jvm-jcvu-cbfa"},{"vulnerability":"VCID-cdtd-518u-gbdm"},{"vulnerability":"VCID-m4dj-9mux-9bev"},{"vulnerability":"VCID-rkpb-6znz-kkg7"},{"vulnerability":"VCID-sd4g-5s7t-sqce"},{"vulnerability":"VCID-syfb-t5kj-5ke3"},{"vulnerability":"VCID-u16h-gf84-wube"},{"vulnerability":"VCID-uyrs-d9tt-gfe1"},{"vulnerability":"VCID-v2qh-74rq-byfb"},{"vulnerability":"VCID-v6k2-fgfb-zufk"},{"vulnerability":"VCID-zbzh-czta-jkb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvswitch@2.10.7%252Bds1-0%252Bdeb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/510238?format=json","purl":"pkg:deb/debian/openvswitch@2.15.0%2Bds1-2%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-w5dj-ttm7-nfdf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvswitch@2.15.0%252Bds1-2%252Bdeb11u5"}],"aliases":["CVE-2020-35498"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sd4g-5s7t-sqce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7251?format=json","vulnerability_id":"VCID-syfb-t5kj-5ke3","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36980.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36980.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36980","reference_id":"","reference_type":"","scores":[{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23055","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22973","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23823","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23725","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.2372","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23773","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36980"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36980","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36980"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1984473","reference_id":"1984473","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1984473"},{"reference_url":"https://github.com/openvswitch/ovs/commit/38744b1bcb022c611712527f039722115300f58f","reference_id":"38744b1bcb022c611712527f039722115300f58f","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:15Z/"}],"url":"https://github.com/openvswitch/ovs/commit/38744b1bcb022c611712527f039722115300f58f"},{"reference_url":"https://github.com/openvswitch/ovs/commit/65c61b0c23a0d474696d7b1cea522a5016a8aeb3","reference_id":"65c61b0c23a0d474696d7b1cea522a5016a8aeb3","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:15Z/"}],"url":"https://github.com/openvswitch/ovs/commit/65c61b0c23a0d474696d7b1cea522a5016a8aeb3"},{"reference_url":"https://github.com/openvswitch/ovs/commit/6d67310f4d2524b466b98f05ebccc1add1e8cf35","reference_id":"6d67310f4d2524b466b98f05ebccc1add1e8cf35","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:15Z/"}],"url":"https://github.com/openvswitch/ovs/commit/6d67310f4d2524b466b98f05ebccc1add1e8cf35"},{"reference_url":"https://github.com/openvswitch/ovs/commit/77cccc74deede443e8b9102299efc869a52b65b2","reference_id":"77cccc74deede443e8b9102299efc869a52b65b2","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:15Z/"}],"url":"https://github.com/openvswitch/ovs/commit/77cccc74deede443e8b9102299efc869a52b65b2"},{"reference_url":"https://github.com/openvswitch/ovs/commit/8ce8dc34b5f73b30ce0c1869af9947013c3c6575","reference_id":"8ce8dc34b5f73b30ce0c1869af9947013c3c6575","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:15Z/"}],"url":"https://github.com/openvswitch/ovs/commit/8ce8dc34b5f73b30ce0c1869af9947013c3c6575"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991308","reference_id":"991308","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991308"},{"reference_url":"https://github.com/openvswitch/ovs/commit/9926637a80d0d243dbf9c49761046895e9d1a8e2","reference_id":"9926637a80d0d243dbf9c49761046895e9d1a8e2","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:15Z/"}],"url":"https://github.com/openvswitch/ovs/commit/9926637a80d0d243dbf9c49761046895e9d1a8e2"},{"reference_url":"https://security.archlinux.org/ASA-202107-40","reference_id":"ASA-202107-40","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-40"},{"reference_url":"https://security.archlinux.org/AVG-2177","reference_id":"AVG-2177","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2177"},{"reference_url":"https://security.gentoo.org/glsa/202311-16","reference_id":"GLSA-202311-16","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:15Z/"}],"url":"https://security.gentoo.org/glsa/202311-16"},{"reference_url":"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openvswitch/OSV-2020-2197.yaml","reference_id":"OSV-2020-2197.yaml","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:15Z/"}],"url":"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openvswitch/OSV-2020-2197.yaml"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3758","reference_id":"RHSA-2021:3758","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3758"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3942","reference_id":"RHSA-2021:3942","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3942"},{"reference_url":"https://usn.ubuntu.com/5065-1/","reference_id":"USN-5065-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5065-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/510238?format=json","purl":"pkg:deb/debian/openvswitch@2.15.0%2Bds1-2%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-w5dj-ttm7-nfdf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvswitch@2.15.0%252Bds1-2%252Bdeb11u5"}],"aliases":["CVE-2021-36980"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-syfb-t5kj-5ke3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97285?format=json","vulnerability_id":"VCID-u16h-gf84-wube","summary":"openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-22563","reference_id":"","reference_type":"","scores":[{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24177","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24282","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24227","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24169","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.243","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-22563"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22563","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22563"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/openvswitch/ovs-issues/issues/315","reference_id":"315","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-02T14:11:03Z/"}],"url":"https://github.com/openvswitch/ovs-issues/issues/315"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/510238?format=json","purl":"pkg:deb/debian/openvswitch@2.15.0%2Bds1-2%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-w5dj-ttm7-nfdf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvswitch@2.15.0%252Bds1-2%252Bdeb11u5"}],"aliases":["CVE-2024-22563"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u16h-gf84-wube"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97274?format=json","vulnerability_id":"VCID-uwh3-a4rt-1fhu","summary":"In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extract_l4_tcp`, and `extract_l4_udp` that can be triggered remotely.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9264.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9264.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9264","reference_id":"","reference_type":"","scores":[{"value":"0.00786","scoring_system":"epss","scoring_elements":"0.74175","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00786","scoring_system":"epss","scoring_elements":"0.74208","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00786","scoring_system":"epss","scoring_elements":"0.74213","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00786","scoring_system":"epss","scoring_elements":"0.74199","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00786","scoring_system":"epss","scoring_elements":"0.74182","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9264"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9264","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9264"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1457329","reference_id":"1457329","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1457329"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863661","reference_id":"863661","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2418","reference_id":"RHSA-2017:2418","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2418"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2648","reference_id":"RHSA-2017:2648","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2648"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2727","reference_id":"RHSA-2017:2727","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2727"},{"reference_url":"https://usn.ubuntu.com/3450-1/","reference_id":"USN-3450-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3450-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516209?format=json","purl":"pkg:deb/debian/openvswitch@2.10.0%2B2018.08.28%2Bgit.8ca7c82b7d%2Bds1-12%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7jvm-jcvu-cbfa"},{"vulnerability":"VCID-cdtd-518u-gbdm"},{"vulnerability":"VCID-m4dj-9mux-9bev"},{"vulnerability":"VCID-rkpb-6znz-kkg7"},{"vulnerability":"VCID-sd4g-5s7t-sqce"},{"vulnerability":"VCID-syfb-t5kj-5ke3"},{"vulnerability":"VCID-u16h-gf84-wube"},{"vulnerability":"VCID-uyrs-d9tt-gfe1"},{"vulnerability":"VCID-v2qh-74rq-byfb"},{"vulnerability":"VCID-v6k2-fgfb-zufk"},{"vulnerability":"VCID-zbzh-czta-jkb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvswitch@2.10.0%252B2018.08.28%252Bgit.8ca7c82b7d%252Bds1-12%252Bdeb10u2"}],"aliases":["CVE-2017-9264"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uwh3-a4rt-1fhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97283?format=json","vulnerability_id":"VCID-uyrs-d9tt-gfe1","summary":"An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4338.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4338.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4338","reference_id":"","reference_type":"","scores":[{"value":"0.00642","scoring_system":"epss","scoring_elements":"0.71006","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00642","scoring_system":"epss","scoring_elements":"0.71048","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00642","scoring_system":"epss","scoring_elements":"0.71023","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00642","scoring_system":"epss","scoring_elements":"0.71054","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00642","scoring_system":"epss","scoring_elements":"0.71038","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4338"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4337","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4337"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4338","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4338"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027273","reference_id":"1027273","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027273"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2155381","reference_id":"2155381","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2155381"},{"reference_url":"https://security.gentoo.org/glsa/202311-16","reference_id":"GLSA-202311-16","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202311-16"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0685","reference_id":"RHSA-2023:0685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0685"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0687","reference_id":"RHSA-2023:0687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0688","reference_id":"RHSA-2023:0688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0689","reference_id":"RHSA-2023:0689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0691","reference_id":"RHSA-2023:0691","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0691"},{"reference_url":"https://usn.ubuntu.com/5890-1/","reference_id":"USN-5890-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5890-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/510238?format=json","purl":"pkg:deb/debian/openvswitch@2.15.0%2Bds1-2%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-w5dj-ttm7-nfdf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvswitch@2.15.0%252Bds1-2%252Bdeb11u5"}],"aliases":["CVE-2022-4338"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uyrs-d9tt-gfe1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93525?format=json","vulnerability_id":"VCID-v2qh-74rq-byfb","summary":"openvswitch: openvswitch don't match packets on nd_target field","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5366.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5366.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5366","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05694","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.0568","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05638","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05674","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5366"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3966","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3966"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5366","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5366"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2006347","reference_id":"2006347","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2006347"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1227","reference_id":"RHSA-2024:1227","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1227"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1234","reference_id":"RHSA-2024:1234","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1234"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1235","reference_id":"RHSA-2024:1235","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1235"},{"reference_url":"https://usn.ubuntu.com/6514-1/","reference_id":"USN-6514-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6514-1/"},{"reference_url":"https://usn.ubuntu.com/6690-1/","reference_id":"USN-6690-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6690-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/510238?format=json","purl":"pkg:deb/debian/openvswitch@2.15.0%2Bds1-2%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-w5dj-ttm7-nfdf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvswitch@2.15.0%252Bds1-2%252Bdeb11u5"}],"aliases":["CVE-2023-5366"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v2qh-74rq-byfb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97284?format=json","vulnerability_id":"VCID-v6k2-fgfb-zufk","summary":"A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1668.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1668.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1668","reference_id":"","reference_type":"","scores":[{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47146","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.4721","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47213","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47194","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47164","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47176","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1668"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1668","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1668"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034042","reference_id":"1034042","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034042"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2137666","reference_id":"2137666","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2137666"},{"reference_url":"https://security.gentoo.org/glsa/202311-16","reference_id":"GLSA-202311-16","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202311-16"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1765","reference_id":"RHSA-2023:1765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1766","reference_id":"RHSA-2023:1766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1769","reference_id":"RHSA-2023:1769","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1769"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1770","reference_id":"RHSA-2023:1770","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1770"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1823","reference_id":"RHSA-2023:1823","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1823"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1824","reference_id":"RHSA-2023:1824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1824"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3491","reference_id":"RHSA-2023:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3491"},{"reference_url":"https://usn.ubuntu.com/6068-1/","reference_id":"USN-6068-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6068-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/510238?format=json","purl":"pkg:deb/debian/openvswitch@2.15.0%2Bds1-2%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-w5dj-ttm7-nfdf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvswitch@2.15.0%252Bds1-2%252Bdeb11u5"}],"aliases":["CVE-2023-1668"],"risk_score":3.7,"exploitability":"0.5","weighted_severity":"7.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v6k2-fgfb-zufk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97275?format=json","vulnerability_id":"VCID-xwyx-bpfb-eyew","summary":"In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9265.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9265.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9265","reference_id":"","reference_type":"","scores":[{"value":"0.01532","scoring_system":"epss","scoring_elements":"0.81647","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01532","scoring_system":"epss","scoring_elements":"0.81687","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01532","scoring_system":"epss","scoring_elements":"0.81679","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01532","scoring_system":"epss","scoring_elements":"0.81672","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01532","scoring_system":"epss","scoring_elements":"0.81677","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01532","scoring_system":"epss","scoring_elements":"0.81678","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9265"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9265","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9265"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1457335","reference_id":"1457335","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1457335"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863662","reference_id":"863662","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863662"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2418","reference_id":"RHSA-2017:2418","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2418"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2553","reference_id":"RHSA-2017:2553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2648","reference_id":"RHSA-2017:2648","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2648"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2665","reference_id":"RHSA-2017:2665","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2665"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2692","reference_id":"RHSA-2017:2692","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2692"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2698","reference_id":"RHSA-2017:2698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2698"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2727","reference_id":"RHSA-2017:2727","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2727"},{"reference_url":"https://usn.ubuntu.com/3450-1/","reference_id":"USN-3450-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3450-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516209?format=json","purl":"pkg:deb/debian/openvswitch@2.10.0%2B2018.08.28%2Bgit.8ca7c82b7d%2Bds1-12%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7jvm-jcvu-cbfa"},{"vulnerability":"VCID-cdtd-518u-gbdm"},{"vulnerability":"VCID-m4dj-9mux-9bev"},{"vulnerability":"VCID-rkpb-6znz-kkg7"},{"vulnerability":"VCID-sd4g-5s7t-sqce"},{"vulnerability":"VCID-syfb-t5kj-5ke3"},{"vulnerability":"VCID-u16h-gf84-wube"},{"vulnerability":"VCID-uyrs-d9tt-gfe1"},{"vulnerability":"VCID-v2qh-74rq-byfb"},{"vulnerability":"VCID-v6k2-fgfb-zufk"},{"vulnerability":"VCID-zbzh-czta-jkb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvswitch@2.10.0%252B2018.08.28%252Bgit.8ca7c82b7d%252Bds1-12%252Bdeb10u2"}],"aliases":["CVE-2017-9265"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xwyx-bpfb-eyew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91295?format=json","vulnerability_id":"VCID-zbzh-czta-jkb5","summary":"openvswsitch: ovs-vswitch fails to recover after malformed geneve metadata packet","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3966.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3966.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3966","reference_id":"","reference_type":"","scores":[{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14008","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14099","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14101","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14064","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13979","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3966"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3966","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3966"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5366","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5366"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063492","reference_id":"1063492","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063492"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2178363","reference_id":"2178363","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-22T15:42:09Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2178363"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:3.11","reference_id":"cpe:/a:redhat:openshift:3.11","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:3.11"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7::fastdatapath","reference_id":"cpe:/o:redhat:enterprise_linux:7::fastdatapath","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7::fastdatapath"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::fastdatapath","reference_id":"cpe:/o:redhat:enterprise_linux:8::fastdatapath","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::fastdatapath"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::fastdatapath","reference_id":"cpe:/o:redhat:enterprise_linux:9::fastdatapath","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::fastdatapath"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-3966","reference_id":"CVE-2023-3966","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-22T15:42:09Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-3966"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFZADABUDOFI2KZIRQBYFZCIKH55RGY3/","reference_id":"LFZADABUDOFI2KZIRQBYFZCIKH55RGY3","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-22T15:42:09Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFZADABUDOFI2KZIRQBYFZCIKH55RGY3/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1227","reference_id":"RHSA-2024:1227","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1227"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1234","reference_id":"RHSA-2024:1234","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1234"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1235","reference_id":"RHSA-2024:1235","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1235"},{"reference_url":"https://usn.ubuntu.com/6690-1/","reference_id":"USN-6690-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6690-1/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO/","reference_id":"VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-22T15:42:09Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/510238?format=json","purl":"pkg:deb/debian/openvswitch@2.15.0%2Bds1-2%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-w5dj-ttm7-nfdf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvswitch@2.15.0%252Bds1-2%252Bdeb11u5"}],"aliases":["CVE-2023-3966"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zbzh-czta-jkb5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97271?format=json","vulnerability_id":"VCID-zrkj-8k1q-xydc","summary":"In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9214.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9214.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9214","reference_id":"","reference_type":"","scores":[{"value":"0.04372","scoring_system":"epss","scoring_elements":"0.89151","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04372","scoring_system":"epss","scoring_elements":"0.89168","published_at":"2026-06-08T12:55:00Z"},{"value":"0.04372","scoring_system":"epss","scoring_elements":"0.89184","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9214","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9214"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1456795","reference_id":"1456795","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1456795"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863228","reference_id":"863228","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863228"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2418","reference_id":"RHSA-2017:2418","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2418"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2553","reference_id":"RHSA-2017:2553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2648","reference_id":"RHSA-2017:2648","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2648"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2665","reference_id":"RHSA-2017:2665","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2665"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2692","reference_id":"RHSA-2017:2692","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2692"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2698","reference_id":"RHSA-2017:2698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2698"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2727","reference_id":"RHSA-2017:2727","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2727"},{"reference_url":"https://usn.ubuntu.com/3450-1/","reference_id":"USN-3450-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3450-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516209?format=json","purl":"pkg:deb/debian/openvswitch@2.10.0%2B2018.08.28%2Bgit.8ca7c82b7d%2Bds1-12%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7jvm-jcvu-cbfa"},{"vulnerability":"VCID-cdtd-518u-gbdm"},{"vulnerability":"VCID-m4dj-9mux-9bev"},{"vulnerability":"VCID-rkpb-6znz-kkg7"},{"vulnerability":"VCID-sd4g-5s7t-sqce"},{"vulnerability":"VCID-syfb-t5kj-5ke3"},{"vulnerability":"VCID-u16h-gf84-wube"},{"vulnerability":"VCID-uyrs-d9tt-gfe1"},{"vulnerability":"VCID-v2qh-74rq-byfb"},{"vulnerability":"VCID-v6k2-fgfb-zufk"},{"vulnerability":"VCID-zbzh-czta-jkb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvswitch@2.10.0%252B2018.08.28%252Bgit.8ca7c82b7d%252Bds1-12%252Bdeb10u2"}],"aliases":["CVE-2017-9214"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zrkj-8k1q-xydc"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97269?format=json","vulnerability_id":"VCID-c571-v4xn-zkc3","summary":"Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2074.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2074.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2074","reference_id":"","reference_type":"","scores":[{"value":"0.09337","scoring_system":"epss","scoring_elements":"0.92917","published_at":"2026-06-04T12:55:00Z"},{"value":"0.09337","scoring_system":"epss","scoring_elements":"0.92928","published_at":"2026-06-05T12:55:00Z"},{"value":"0.09337","scoring_system":"epss","scoring_elements":"0.92925","published_at":"2026-06-06T12:55:00Z"},{"value":"0.09337","scoring_system":"epss","scoring_elements":"0.9292","published_at":"2026-06-07T12:55:00Z"},{"value":"0.09337","scoring_system":"epss","scoring_elements":"0.92918","published_at":"2026-06-08T12:55:00Z"},{"value":"0.09337","scoring_system":"epss","scoring_elements":"0.92929","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2074"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1318553","reference_id":"1318553","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1318553"},{"reference_url":"https://security.gentoo.org/glsa/201701-07","reference_id":"GLSA-201701-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0523","reference_id":"RHSA-2016:0523","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0523"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0524","reference_id":"RHSA-2016:0524","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0524"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0537","reference_id":"RHSA-2016:0537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0615","reference_id":"RHSA-2016:0615","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0615"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/513388?format=json","purl":"pkg:deb/debian/openvswitch@2.3.0%2Bgit20140819-3%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12e7-hcbz-gfed"},{"vulnerability":"VCID-3nx5-ydha-gyg7"},{"vulnerability":"VCID-7jvm-jcvu-cbfa"},{"vulnerability":"VCID-c571-v4xn-zkc3"},{"vulnerability":"VCID-cdtd-518u-gbdm"},{"vulnerability":"VCID-ke62-emzb-syay"},{"vulnerability":"VCID-m4dj-9mux-9bev"},{"vulnerability":"VCID-qeh7-tbsd-13aw"},{"vulnerability":"VCID-r67r-aetd-uuea"},{"vulnerability":"VCID-rkpb-6znz-kkg7"},{"vulnerability":"VCID-sd4g-5s7t-sqce"},{"vulnerability":"VCID-syfb-t5kj-5ke3"},{"vulnerability":"VCID-u16h-gf84-wube"},{"vulnerability":"VCID-uwh3-a4rt-1fhu"},{"vulnerability":"VCID-uyrs-d9tt-gfe1"},{"vulnerability":"VCID-v2qh-74rq-byfb"},{"vulnerability":"VCID-v6k2-fgfb-zufk"},{"vulnerability":"VCID-wgfx-wf1d-y7ge"},{"vulnerability":"VCID-xwyx-bpfb-eyew"},{"vulnerability":"VCID-zbzh-czta-jkb5"},{"vulnerability":"VCID-zrkj-8k1q-xydc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvswitch@2.3.0%252Bgit20140819-3%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/516208?format=json","purl":"pkg:deb/debian/openvswitch@2.6.2~pre%2Bgit20161223-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12e7-hcbz-gfed"},{"vulnerability":"VCID-3nx5-ydha-gyg7"},{"vulnerability":"VCID-7jvm-jcvu-cbfa"},{"vulnerability":"VCID-cdtd-518u-gbdm"},{"vulnerability":"VCID-ke62-emzb-syay"},{"vulnerability":"VCID-m4dj-9mux-9bev"},{"vulnerability":"VCID-qeh7-tbsd-13aw"},{"vulnerability":"VCID-r67r-aetd-uuea"},{"vulnerability":"VCID-rkpb-6znz-kkg7"},{"vulnerability":"VCID-sd4g-5s7t-sqce"},{"vulnerability":"VCID-syfb-t5kj-5ke3"},{"vulnerability":"VCID-u16h-gf84-wube"},{"vulnerability":"VCID-uwh3-a4rt-1fhu"},{"vulnerability":"VCID-uyrs-d9tt-gfe1"},{"vulnerability":"VCID-v2qh-74rq-byfb"},{"vulnerability":"VCID-v6k2-fgfb-zufk"},{"vulnerability":"VCID-xwyx-bpfb-eyew"},{"vulnerability":"VCID-zbzh-czta-jkb5"},{"vulnerability":"VCID-zrkj-8k1q-xydc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvswitch@2.6.2~pre%252Bgit20161223-3"}],"aliases":["CVE-2016-2074"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c571-v4xn-zkc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97268?format=json","vulnerability_id":"VCID-wgfx-wf1d-y7ge","summary":"In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in `lib/flow.c` in the function `miniflow_extract`, permitting remote bypass of the access control list enforced by the switch.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10377.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10377.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10377","reference_id":"","reference_type":"","scores":[{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47624","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47688","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47689","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47671","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47641","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47653","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10377"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10377","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10377"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1457325","reference_id":"1457325","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1457325"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516208?format=json","purl":"pkg:deb/debian/openvswitch@2.6.2~pre%2Bgit20161223-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12e7-hcbz-gfed"},{"vulnerability":"VCID-3nx5-ydha-gyg7"},{"vulnerability":"VCID-7jvm-jcvu-cbfa"},{"vulnerability":"VCID-cdtd-518u-gbdm"},{"vulnerability":"VCID-ke62-emzb-syay"},{"vulnerability":"VCID-m4dj-9mux-9bev"},{"vulnerability":"VCID-qeh7-tbsd-13aw"},{"vulnerability":"VCID-r67r-aetd-uuea"},{"vulnerability":"VCID-rkpb-6znz-kkg7"},{"vulnerability":"VCID-sd4g-5s7t-sqce"},{"vulnerability":"VCID-syfb-t5kj-5ke3"},{"vulnerability":"VCID-u16h-gf84-wube"},{"vulnerability":"VCID-uwh3-a4rt-1fhu"},{"vulnerability":"VCID-uyrs-d9tt-gfe1"},{"vulnerability":"VCID-v2qh-74rq-byfb"},{"vulnerability":"VCID-v6k2-fgfb-zufk"},{"vulnerability":"VCID-xwyx-bpfb-eyew"},{"vulnerability":"VCID-zbzh-czta-jkb5"},{"vulnerability":"VCID-zrkj-8k1q-xydc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvswitch@2.6.2~pre%252Bgit20161223-3"}],"aliases":["CVE-2016-10377"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wgfx-wf1d-y7ge"}],"risk_score":"4.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvswitch@2.6.2~pre%252Bgit20161223-3"}