CVE-2022-32166

medium

Description

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.

References

https://www.mend.io/vulnerability-database/CVE-2022-32166

https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html

https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73

Details

Source: Mitre, NVD

Published: 2022-09-28

Updated: 2023-11-07

Risk Information

CVSS v2

Base Score: 5.2

Vector: CVSS2#AV:L/AC:L/Au:S/C:P/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

Severity: Medium