In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.
CVSS
No CVSS.
References
Link | Resource |
---|---|
https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73 | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html | Mailing List Third Party Advisory |
https://www.mend.io/vulnerability-database/CVE-2022-32166 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Mend
Published: 2022-06-01T00:00:00
Updated: 2022-10-29T00:00:00
Reserved: 2022-05-31T00:00:00
Link: CVE-2022-32166
JSON object: View
NVD Information
Status : Modified
Published: 2022-09-28T10:15:09.560
Modified: 2023-11-07T03:47:44.110
Link: CVE-2022-32166
JSON object: View
Redhat Information
No data.
CWE