CVE Vulnerability

CVE-2022-32166

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.

8.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73 Patch Third Party Advisory
https://www.mend.io/vulnerability-database/CVE-2022-32166 Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html Mailing List Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:cloudbase:open_vswitch:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Information

Published : 2022-09-28 10:15

Updated : 2022-11-04 07:17

NVD link : CVE-2022-32166

Mitre link : CVE-2022-32166

Products Affected
No products.
CWE
CWE-125

Out-of-bounds Read