diff --git a/SOURCES/openvswitch-3.3.0.patch b/SOURCES/openvswitch-3.3.0.patch
index f4dfc88..c05e89c 100644
--- a/SOURCES/openvswitch-3.3.0.patch
+++ b/SOURCES/openvswitch-3.3.0.patch
@@ -325,10 +325,85 @@ index 9af258917b..b8149e7897 100644
              bfd_put_details(&ds, bfd);
              VLOG_INFO("%s", ds_cstr(&ds));
 diff --git a/lib/conntrack.c b/lib/conntrack.c
-index 013709bd62..3c652aeb70 100644
+index 013709bd62..cf6e2919ba 100644
 --- a/lib/conntrack.c
 +++ b/lib/conntrack.c
-@@ -2572,7 +2572,9 @@ tuple_to_conn_key(const struct ct_dpif_tuple *tuple, uint16_t zone,
+@@ -941,6 +941,18 @@ conn_not_found(struct conntrack *ct, struct dp_packet *pkt,
+             nc->parent_key = alg_exp->parent_key;
+         }
+ 
++        ovs_mutex_init_adaptive(&nc->lock);
++        atomic_flag_clear(&nc->reclaimed);
++        fwd_key_node->dir = CT_DIR_FWD;
++        rev_key_node->dir = CT_DIR_REV;
++
++        if (zl) {
++            nc->admit_zone = zl->czl.zone;
++            nc->zone_limit_seq = zl->czl.zone_limit_seq;
++        } else {
++            nc->admit_zone = INVALID_ZONE;
++        }
++
+         if (nat_action_info) {
+             nc->nat_action = nat_action_info->nat_action;
+ 
+@@ -965,21 +977,15 @@ conn_not_found(struct conntrack *ct, struct dp_packet *pkt,
+             cmap_insert(&ct->conns, &rev_key_node->cm_node, rev_hash);
+         }
+ 
+-        ovs_mutex_init_adaptive(&nc->lock);
+-        atomic_flag_clear(&nc->reclaimed);
+-        fwd_key_node->dir = CT_DIR_FWD;
+-        rev_key_node->dir = CT_DIR_REV;
+         cmap_insert(&ct->conns, &fwd_key_node->cm_node, ctx->hash);
+         conn_expire_push_front(ct, nc);
+         atomic_count_inc(&ct->n_conn);
+-        ctx->conn = nc; /* For completeness. */
++
+         if (zl) {
+-            nc->admit_zone = zl->czl.zone;
+-            nc->zone_limit_seq = zl->czl.zone_limit_seq;
+             atomic_count_inc(&zl->czl.count);
+-        } else {
+-            nc->admit_zone = INVALID_ZONE;
+         }
++
++        ctx->conn = nc; /* For completeness. */
+     }
+ 
+     return nc;
+@@ -2290,7 +2296,9 @@ find_addr(const struct conn_key *key, union ct_addr *min,
+           uint32_t hash, bool ipv4,
+           const struct nat_action_info_t *nat_info)
+ {
+-    const union ct_addr zero_ip = {0};
++    union ct_addr zero_ip;
++
++    memset(&zero_ip, 0, sizeof zero_ip);
+ 
+     /* All-zero case. */
+     if (!memcmp(min, &zero_ip, sizeof *min)) {
+@@ -2382,14 +2390,18 @@ nat_get_unique_tuple(struct conntrack *ct, struct conn *conn,
+ {
+     struct conn_key *fwd_key = &conn->key_node[CT_DIR_FWD].key;
+     struct conn_key *rev_key = &conn->key_node[CT_DIR_REV].key;
+-    union ct_addr min_addr = {0}, max_addr = {0}, addr = {0};
+     bool pat_proto = fwd_key->nw_proto == IPPROTO_TCP ||
+                      fwd_key->nw_proto == IPPROTO_UDP ||
+                      fwd_key->nw_proto == IPPROTO_SCTP;
+     uint16_t min_dport, max_dport, curr_dport;
+     uint16_t min_sport, max_sport, curr_sport;
++    union ct_addr min_addr, max_addr, addr;
+     uint32_t hash;
+ 
++    memset(&min_addr, 0, sizeof min_addr);
++    memset(&max_addr, 0, sizeof max_addr);
++    memset(&addr, 0, sizeof addr);
++
+     hash = nat_range_hash(fwd_key, ct->hash_basis, nat_info);
+     min_addr = nat_info->min_addr;
+     max_addr = nat_info->max_addr;
+@@ -2572,7 +2584,9 @@ tuple_to_conn_key(const struct ct_dpif_tuple *tuple, uint16_t zone,
          key->src.icmp_type = tuple->icmp_type;
          key->src.icmp_code = tuple->icmp_code;
          key->dst.icmp_id = tuple->icmp_id;
@@ -339,7 +414,7 @@ index 013709bd62..3c652aeb70 100644
          key->dst.icmp_code = tuple->icmp_code;
      } else {
          key->src.port = tuple->src_port;
-@@ -2637,25 +2639,19 @@ conntrack_dump_start(struct conntrack *ct, struct conntrack_dump *dump,
+@@ -2637,25 +2651,19 @@ conntrack_dump_start(struct conntrack *ct, struct conntrack_dump *dump,
  
      dump->ct = ct;
      *ptot_bkts = 1; /* Need to clean up the callers. */
diff --git a/SPECS/openvswitch3.3.spec b/SPECS/openvswitch3.3.spec
index 0aece7d..db34811 100644
--- a/SPECS/openvswitch3.3.spec
+++ b/SPECS/openvswitch3.3.spec
@@ -57,7 +57,7 @@ Summary: Open vSwitch
 Group: System Environment/Daemons daemon/database/utilities
 URL: http://www.openvswitch.org/
 Version: 3.3.0
-Release: 17%{?dist}
+Release: 18%{?dist}
 
 # Nearly all of openvswitch is ASL 2.0.  The bugtool is LGPLv2+, and the
 # lib/sflow*.[ch] files are SISSL
@@ -767,6 +767,13 @@ exit 0
 %endif
 
 %changelog
+* Tue May 14 2024 Open vSwitch CI <ovs-ci@redhat.com> - 3.3.0-18
+- Merging upstream branch-3.3 [RH git: 2c450fb957]
+    Commit list:
+    bf1b16364b conntrack: Fully initialize conn struct before insertion.
+    cf461fe282 conntrack: Do not use {0} to initialize unions.
+
+
 * Tue May 07 2024 Open vSwitch CI <ovs-ci@redhat.com> - 3.3.0-17
 - Merging upstream branch-3.3 [RH git: a2b1d49351]
     Commit list: