In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.
References
Link | Resource |
---|---|
https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73 | Patch Third Party Advisory |
https://www.mend.io/vulnerability-database/CVE-2022-32166 | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html | Mailing List Third Party Advisory |
Information
Published : 2022-09-28 03:15
Updated : 2022-11-04 12:17
NVD link : CVE-2022-32166
Mitre link : CVE-2022-32166
JSON object : View
CWE
CWE-125
Out-of-bounds Read
Products Affected
debian
- debian_linux
cloudbase
- open_vswitch