CVE-2022-32166

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-32166
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-32166.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-32166
Downstream
Related
Published
2022-09-28T10:15:09.560Z
Modified
2026-03-01T08:09:38.856847Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVSS Calculator
Summary
[none]
Details

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.

References

Affected packages

Git / github.com/openvswitch/ovs

Affected ranges

Type
GIT
Repo
https://github.com/openvswitch/ovs
Events
Introduced
064af42167bf4fc9aaea2702d80ce08074b889c0
Last affected
22d4614ddf83988a3771fb379ea029e663b4455a

Affected versions

v0.*
v0.90.0
v0.90.1
v0.90.2
v0.90.3
v0.90.4
v0.90.6
v0.90.7
v0.99.0
v0.99.1
v0.99.2
v1.*
v1.0.0
v1.0.1
v1.1.0pre1
v1.1.0pre2
v2.*
v2.5.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-32166.json"