VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-49m4-33qk-wubn

Essentials
Severities (22)
References (20)
Severity details (21)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-49m4-33qk-wubn
Aliases	CVE-2021-36980
Summary	openvswitch: use-after-free in decode_NXAST_RAW_ENCAP during the decoding of a RAW_ENCAP action
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-416

Use After Free

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36980.json
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2021-36980
cvssv3.1	5.5	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27851
ssvc	Track	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27851
cvssv3.1	5.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	5.5	https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openvswitch/OSV-2020-2197.yaml
ssvc	Track	https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openvswitch/OSV-2020-2197.yaml
cvssv3.1	5.5	https://github.com/openvswitch/ovs/commit/38744b1bcb022c611712527f039722115300f58f
ssvc	Track	https://github.com/openvswitch/ovs/commit/38744b1bcb022c611712527f039722115300f58f
cvssv3.1	5.5	https://github.com/openvswitch/ovs/commit/65c61b0c23a0d474696d7b1cea522a5016a8aeb3
ssvc	Track	https://github.com/openvswitch/ovs/commit/65c61b0c23a0d474696d7b1cea522a5016a8aeb3
cvssv3.1	5.5	https://github.com/openvswitch/ovs/commit/6d67310f4d2524b466b98f05ebccc1add1e8cf35
ssvc	Track	https://github.com/openvswitch/ovs/commit/6d67310f4d2524b466b98f05ebccc1add1e8cf35
cvssv3.1	5.5	https://github.com/openvswitch/ovs/commit/77cccc74deede443e8b9102299efc869a52b65b2
ssvc	Track	https://github.com/openvswitch/ovs/commit/77cccc74deede443e8b9102299efc869a52b65b2
cvssv3.1	5.5	https://github.com/openvswitch/ovs/commit/8ce8dc34b5f73b30ce0c1869af9947013c3c6575
ssvc	Track	https://github.com/openvswitch/ovs/commit/8ce8dc34b5f73b30ce0c1869af9947013c3c6575
cvssv3.1	5.5	https://github.com/openvswitch/ovs/commit/9926637a80d0d243dbf9c49761046895e9d1a8e2
ssvc	Track	https://github.com/openvswitch/ovs/commit/9926637a80d0d243dbf9c49761046895e9d1a8e2
archlinux	Medium	https://security.archlinux.org/AVG-2177
cvssv3.1	5.5	https://security.gentoo.org/glsa/202311-16
ssvc	Track	https://security.gentoo.org/glsa/202311-16

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36980.json
		https://api.first.org/data/v1/epss?cve=CVE-2021-36980
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36980
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1984473		https://bugzilla.redhat.com/show_bug.cgi?id=1984473
38744b1bcb022c611712527f039722115300f58f		https://github.com/openvswitch/ovs/commit/38744b1bcb022c611712527f039722115300f58f
65c61b0c23a0d474696d7b1cea522a5016a8aeb3		https://github.com/openvswitch/ovs/commit/65c61b0c23a0d474696d7b1cea522a5016a8aeb3
6d67310f4d2524b466b98f05ebccc1add1e8cf35		https://github.com/openvswitch/ovs/commit/6d67310f4d2524b466b98f05ebccc1add1e8cf35
77cccc74deede443e8b9102299efc869a52b65b2		https://github.com/openvswitch/ovs/commit/77cccc74deede443e8b9102299efc869a52b65b2
8ce8dc34b5f73b30ce0c1869af9947013c3c6575		https://github.com/openvswitch/ovs/commit/8ce8dc34b5f73b30ce0c1869af9947013c3c6575
991308		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991308
9926637a80d0d243dbf9c49761046895e9d1a8e2		https://github.com/openvswitch/ovs/commit/9926637a80d0d243dbf9c49761046895e9d1a8e2
ASA-202107-40		https://security.archlinux.org/ASA-202107-40
AVG-2177		https://security.archlinux.org/AVG-2177
detail?id=27851		https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27851
GLSA-202311-16		https://security.gentoo.org/glsa/202311-16
OSV-2020-2197.yaml		https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openvswitch/OSV-2020-2197.yaml
RHSA-2021:3758		https://access.redhat.com/errata/RHSA-2021:3758
RHSA-2021:3942		https://access.redhat.com/errata/RHSA-2021:3942
USN-5065-1		https://usn.ubuntu.com/5065-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36980.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27851

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:15Z/ Found at https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27851

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openvswitch/OSV-2020-2197.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:15Z/ Found at https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openvswitch/OSV-2020-2197.yaml

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/openvswitch/ovs/commit/38744b1bcb022c611712527f039722115300f58f

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:15Z/ Found at https://github.com/openvswitch/ovs/commit/38744b1bcb022c611712527f039722115300f58f

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/openvswitch/ovs/commit/65c61b0c23a0d474696d7b1cea522a5016a8aeb3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:15Z/ Found at https://github.com/openvswitch/ovs/commit/65c61b0c23a0d474696d7b1cea522a5016a8aeb3

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/openvswitch/ovs/commit/6d67310f4d2524b466b98f05ebccc1add1e8cf35

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:15Z/ Found at https://github.com/openvswitch/ovs/commit/6d67310f4d2524b466b98f05ebccc1add1e8cf35

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/openvswitch/ovs/commit/77cccc74deede443e8b9102299efc869a52b65b2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:15Z/ Found at https://github.com/openvswitch/ovs/commit/77cccc74deede443e8b9102299efc869a52b65b2

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/openvswitch/ovs/commit/8ce8dc34b5f73b30ce0c1869af9947013c3c6575

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:15Z/ Found at https://github.com/openvswitch/ovs/commit/8ce8dc34b5f73b30ce0c1869af9947013c3c6575

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/openvswitch/ovs/commit/9926637a80d0d243dbf9c49761046895e9d1a8e2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:15Z/ Found at https://github.com/openvswitch/ovs/commit/9926637a80d0d243dbf9c49761046895e9d1a8e2

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://security.gentoo.org/glsa/202311-16

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:15Z/ Found at https://security.gentoo.org/glsa/202311-16

Exploit Prediction Scoring System (EPSS)

Percentile	0.22972
EPSS Score	0.00077
Published At	May 29, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-29T09:17:39.303769+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36980.json	38.6.0