Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-32166

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.

Published

2022-09-28T10:15:09.560

Last Modified

2025-05-21T15:15:56.693

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

Weaknesses

Type: Secondary
CWE-125

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cloudbase	open_vswitch	≤ 2.5.0	Yes
Operating System	debian	debian_linux	10.0	Yes

References

https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73 Patch, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html Mailing List, Third Party Advisory ([email protected])
https://www.mend.io/vulnerability-database/CVE-2022-32166 Third Party Advisory ([email protected])
https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.mend.io/vulnerability-database/CVE-2022-32166 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)