| Vulnerability Name: | CVE-2022-32166 (CCN-237562) | ||||||||||||
| Assigned: | 2022-05-31 | ||||||||||||
| Published: | 2022-05-31 | ||||||||||||
| Updated: | 2022-11-04 | ||||||||||||
| Summary: | In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution. | ||||||||||||
| CVSS v3 Severity: | 8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-125 | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2022-32166 Source: XF Type: UNKNOWN ovs-cve202232166-bo(237562) Source: CCN Type: ovs GIT Repository flow: Avoid unsafe comparison of minimasks. Source: MISC Type: Patch, Third Party Advisory https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73 Source: MLIST Type: Mailing List, Third Party Advisory [debian-lts-announce] 20221029 [SECURITY] [DLA 3168-1] openvswitch security update Source: CCN Type: Mend Vulnerability Database CVE-2022-32166 Source: MISC Type: Third Party Advisory https://www.mend.io/vulnerability-database/CVE-2022-32166 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||