CVE-2022-32166
Summary
| CVE | CVE-2022-32166 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-09-28 10:15:00 UTC |
| Updated | 2023-11-07 03:47:00 UTC |
| Description | In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution. |
Risk And Classification
Problem Types: CWE-125
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cloudbase | Open Vswitch | All | All | All | All |
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [SECURITY] [DLA 3168-1] openvswitch security update | MLIST | lists.debian.org | |
| flow: Avoid unsafe comparison of minimasks. · cloudbase/ovs@2ed6505 · GitHub | MISC | github.com | |
| CVE-2022-32166 | Mend Vulnerability Database | MISC | www.mend.io | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Mend Vulnerability Research Team (MVR)
Legacy QID Mappings
- 181116 Debian Security Update for openvswitch (CVE-2022-32166)
- 181567 Debian Security Update for openvswitch (DLA 3168-1)
- 199005 Ubuntu Security Notification for Open vSwitch Vulnerability (USN-5698-1)
- 752933 SUSE Enterprise Linux Security Update for openvswitch (SUSE-SU-2022:4050-1)
- 754067 SUSE Enterprise Linux Security Update for openvswitch (SUSE-SU-2023:2360-1)