In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.
CVSS
No CVSS.
References
Link | Resource |
---|---|
https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73 | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html | Mailing List Third Party Advisory |
https://www.mend.io/vulnerability-database/CVE-2022-32166 | Third Party Advisory |
Configurations
History
07 Nov 2023, 03:47
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
04 Nov 2022, 19:17
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* | |
First Time |
Debian debian Linux
Debian |
29 Oct 2022, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Sep 2022, 16:17
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:cloudbase:open_vswitch:*:*:*:*:*:*:*:* | |
First Time |
Cloudbase
Cloudbase open Vswitch |
|
References | (MISC) https://www.mend.io/vulnerability-database/CVE-2022-32166 - Third Party Advisory | |
References | (MISC) https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73 - Patch, Third Party Advisory |
28 Sep 2022, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-28 10:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-32166
Mitre link : CVE-2022-32166
CVE.ORG link : CVE-2022-32166
JSON object : View
Products Affected
cloudbase
- open_vswitch
debian
- debian_linux
CWE
CWE-125
Out-of-bounds Read