{"api_version":"1","generated_at":"2026-04-23T06:19:44+00:00","cve":"CVE-2022-32166","urls":{"html":"https://cve.report/CVE-2022-32166","api":"https://cve.report/api/cve/CVE-2022-32166.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-32166","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-32166"},"summary":{"title":"CVE-2022-32166","description":"In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.","state":"PUBLIC","assigner":"vulnerabilitylab@whitesourcesoftware.com","published_at":"2022-09-28 10:15:00","updated_at":"2023-11-07 03:47:00"},"problem_types":["CWE-125"],"metrics":[],"references":[{"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html","name":"[debian-lts-announce] 20221029 [SECURITY] [DLA 3168-1] openvswitch security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3168-1] openvswitch security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73","name":"https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73","refsource":"MISC","tags":[],"title":"flow: Avoid unsafe comparison of minimasks. · cloudbase/ovs@2ed6505 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.mend.io/vulnerability-database/CVE-2022-32166","name":"https://www.mend.io/vulnerability-database/CVE-2022-32166","refsource":"MISC","tags":[],"title":"CVE-2022-32166 | Mend Vulnerability Database","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-32166","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-32166","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"Mend Vulnerability Research Team (MVR)","lang":""}],"nvd_cpes":[{"cve_year":"2022","cve_id":"32166","vulnerable":"1","versionEndIncluding":"2.5.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cloudbase","cpe5":"open_vswitch","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"32166","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-32166","qid":"181116","title":"Debian Security Update for openvswitch (CVE-2022-32166)"},{"cve":"CVE-2022-32166","qid":"181567","title":"Debian Security Update for openvswitch (DLA 3168-1)"},{"cve":"CVE-2022-32166","qid":"199005","title":"Ubuntu Security Notification for Open vSwitch Vulnerability (USN-5698-1)"},{"cve":"CVE-2022-32166","qid":"752933","title":"SUSE Enterprise Linux Security Update for openvswitch (SUSE-SU-2022:4050-1)"},{"cve":"CVE-2022-32166","qid":"754067","title":"SUSE Enterprise Linux Security Update for openvswitch (SUSE-SU-2023:2360-1)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"vulnerabilitylab@whitesourcesoftware.com","ID":"CVE-2022-32166","STATE":"PUBLIC","DATE_PUBLIC":"Jun 1, 2022, 4:32:50 AM","TITLE":"ovs - buffer over-read"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"ovs","product":{"product_data":[{"product_name":"ovs","version":{"version_data":[{"version_value":"v0.90.0","version_affected":">="},{"version_value":"v2.5.0","version_affected":"<="}]}}]}}]}},"credit":[{"lang":"eng","value":"Mend Vulnerability Research Team (MVR)"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","version":3.1,"baseScore":8.8,"baseSeverity":"HIGH"}},"references":{"reference_data":[{"refsource":"MISC","url":"https://www.mend.io/vulnerability-database/CVE-2022-32166","name":"https://www.mend.io/vulnerability-database/CVE-2022-32166"},{"refsource":"MISC","url":"https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73","name":"https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73"},{"refsource":"MLIST","name":"[debian-lts-announce] 20221029 [SECURITY] [DLA 3168-1] openvswitch security update","url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html"}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-125 Out-of-bounds Read"}]}]},"solution":[{"lang":"eng","value":"Update version to v2.5.1 or later"}],"source":{"advisory":"https://www.mend.io/vulnerability-database/","discovery":"UNKNOWN"}},"nvd":{"publishedDate":"2022-09-28 10:15:00","lastModifiedDate":"2023-11-07 03:47:00","problem_types":["CWE-125"],"metrics":[],"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cloudbase:open_vswitch:*:*:*:*:*:*:*:*","versionStartIncluding":"0.90.0","versionEndIncluding":"2.5.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}