Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2022-32166

Date: September 28, 2022

Overview

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c

Details

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c.
An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory.
This vulnerability is capable of crashing the software, memory modification, and possible remote execution.

Affected Environments

Ovs versions v0.90.0 through v2.5.0

Prevention

Upgrade to ovs version v2.5.1

Language: C

Good to know:

icon

Out-of-bounds Read

CWE-125
icon

Upgrade Version

Upgrade to version v2.5.1

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Related Resources (6)

https://www.mend.io/vulnerability-database/CVE-2022-32166
https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html
https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73
https://nvd.nist.gov/vuln/detail/CVE-2022-32166
https://access.redhat.com/security/cve/CVE-2022-32166
https://www.mend.io/vulnerability-database/CVE-2022-32166