CVE-2022-32166

{"id": "CVE-2022-32166", "metrics": {}, "published": "2022-09-28T10:15:09.560", "references": [{"url": "https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73", "tags": ["Patch", "Third Party Advisory"], "source": "vulnerabilitylab@mend.io"}, {"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "vulnerabilitylab@mend.io"}, {"url": "https://www.mend.io/vulnerability-database/CVE-2022-32166", "tags": ["Third Party Advisory"], "source": "vulnerabilitylab@mend.io"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "vulnerabilitylab@mend.io", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of \u201cminimasks\u201d function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution."}, {"lang": "es", "value": "ovs versiones v0.90.0 hasta v2.5.0, son vulnerables a una lectura excesiva del buffer de la pila en el archivo flow.c. Una comparaci\u00f3n no segura de la funci\u00f3n \"minimasks\" podr\u00eda conllevar a un acceso a una regi\u00f3n de memoria no mapeada. Esta vulnerabilidad es capaz de bloquear el software, modificar la memoria y una posible ejecuci\u00f3n remota"}], "lastModified": "2023-11-07T03:47:44.110", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cloudbase:open_vswitch:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8AEEEAC8-0D7E-4656-90B4-22D040FEA4BA", "versionEndIncluding": "2.5.0", "versionStartIncluding": "0.90.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}], "operator": "OR"}]}], "sourceIdentifier": "vulnerabilitylab@mend.io"}