Vulnerability Description
In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cloudbase | Open Vswitch | >= 0.90.0, <= 2.5.0 |
| Debian | Debian Linux | 10.0 |
Related Weaknesses (CWE)
References
- https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73PatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2022/10/msg00036.htmlMailing ListThird Party Advisory
- https://www.mend.io/vulnerability-database/CVE-2022-32166Third Party Advisory
- https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73PatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2022/10/msg00036.htmlMailing ListThird Party Advisory
- https://www.mend.io/vulnerability-database/CVE-2022-32166Third Party Advisory
FAQ
What is CVE-2022-32166?
CVE-2022-32166 is a vulnerability with a CVSS score of 6.1 (MEDIUM). In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerabi...
How severe is CVE-2022-32166?
CVE-2022-32166 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-32166?
Check the references section above for vendor advisories and patch information. Affected products include: Cloudbase Open Vswitch, Debian Debian Linux.