CVE-2022-32166

Source
https://cve.org/CVERecord?id=CVE-2022-32166
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-32166.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-32166
Downstream
Related
Published
2022-09-28T09:30:12.924Z
Modified
2026-07-08T23:34:33.094492Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVSS Calculator
Summary
ovs - buffer over-read
Details

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/32xxx/CVE-2022-32166.json",
    "cna_assigner": "Mend",
    "cwe_ids": [
        "CWE-125"
    ]
}
References

Affected packages

Git / github.com/cloudbase/ovs

Affected ranges

Type
GIT
Repo
https://github.com/cloudbase/ovs
Events
Database specific
{
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ],
    "cpe": "cpe:2.3:a:cloudbase:open_vswitch:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0.90.0"
        },
        {
            "last_affected": "2.5.0"
        }
    ]
}
Type
GIT
Repo
https://github.com/openvswitch/ovs
Events
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:cloudbase:open_vswitch:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0.90.0"
        },
        {
            "last_affected": "2.5.0"
        }
    ]
}

Affected versions

v0.*
v0.90.0
v0.90.4
v0.99.0
v0.99.1
v0.99.2
v1.*
v1.0.0
v1.0.1
v1.1.0pre1
v1.1.0pre2
v2.*
v2.5.0

Database specific

vanir_signatures_modified
"2026-07-08T23:34:33Z"
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-32166.json"
vanir_signatures
[
    {
        "id": "CVE-2022-32166-4d723460",
        "digest": {
            "function_hash": "208215384234482172340336223139379563494",
            "length": 164.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73",
        "deprecated": false,
        "target": {
            "function": "minimask_equal",
            "file": "lib/flow.c"
        }
    },
    {
        "id": "CVE-2022-32166-f1ea317a",
        "digest": {
            "line_hashes": [
                "41358173139995879416545344666372893953",
                "322584161329975065975638219048573548520",
                "268704611598834092544834149148232855461",
                "308131195466907709094624850125095216989",
                "148012374010338462517758330580087247405",
                "4946619544234895480100840852610817772"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73",
        "deprecated": false,
        "target": {
            "file": "lib/flow.c"
        }
    }
]