{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-32166", "assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff", "assignerShortName": "Mend", "datePublished": "2022-09-28T09:30:12.924276Z", "dateUpdated": "2024-09-16T22:02:36.612Z", "dateReserved": "2022-05-31T00:00:00"}, "containers": {"cna": {"title": "ovs - buffer over-read", "datePublic": "2022-06-01T00:00:00", "providerMetadata": {"orgId": "478c68dd-22c1-4a41-97cd-654224dfacff", "shortName": "Mend", "dateUpdated": "2022-10-29T00:00:00"}, "descriptions": [{"lang": "en", "value": "In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of \u201cminimasks\u201d function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution."}], "affected": [{"vendor": "ovs", "product": "ovs", "versions": [{"version": "v0.90.0", "status": "affected", "lessThan": "unspecified", "versionType": "custom"}, {"version": "unspecified", "lessThanOrEqual": "v2.5.0", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://www.mend.io/vulnerability-database/CVE-2022-32166"}, {"url": "https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73"}, {"name": "[debian-lts-announce] 20221029 [SECURITY] [DLA 3168-1] openvswitch security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html"}], "credits": [{"lang": "en", "value": "Mend Vulnerability Research Team (MVR)"}], "metrics": [{"other": {"type": "unknown", "content": {"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "version": 3.1, "baseScore": 8.8, "baseSeverity": "HIGH"}}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-125 Out-of-bounds Read", "cweId": "CWE-125"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"advisory": "https://www.mend.io/vulnerability-database/", "discovery": "UNKNOWN"}, "solutions": [{"lang": "en", "value": "Update version to v2.5.1 or later"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:32:55.987Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.mend.io/vulnerability-database/CVE-2022-32166", "tags": ["x_transferred"]}, {"url": "https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20221029 [SECURITY] [DLA 3168-1] openvswitch security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cloudbase:open_vswitch:*:*:*:*:*:*:*:*", "matchCriteriaId": "8AEEEAC8-0D7E-4656-90B4-22D040FEA4BA", "versionEndIncluding": "2.5.0", "versionStartIncluding": "0.90.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of \u201cminimasks\u201d function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution."}, {"lang": "es", "value": "ovs versiones v0.90.0 hasta v2.5.0, son vulnerables a una lectura excesiva del buffer de la pila en el archivo flow.c. Una comparaci\u00f3n no segura de la funci\u00f3n \"minimasks\" podr\u00eda conllevar a un acceso a una regi\u00f3n de memoria no mapeada. Esta vulnerabilidad es capaz de bloquear el software, modificar la memoria y una posible ejecuci\u00f3n remota"}], "id": "CVE-2022-32166", "lastModified": "2023-11-07T03:47:44.110", "metrics": {}, "published": "2022-09-28T10:15:09.560", "references": [{"source": "vulnerabilitylab@mend.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73"}, {"source": "vulnerabilitylab@mend.io", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html"}, {"source": "vulnerabilitylab@mend.io", "tags": ["Third Party Advisory"], "url": "https://www.mend.io/vulnerability-database/CVE-2022-32166"}], "sourceIdentifier": "vulnerabilitylab@mend.io", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "vulnerabilitylab@mend.io", "type": "Primary"}]}

{"bugzilla": {"description": "openvswitch: Heap buffer over-read in flow.c", "id": "2130577", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130577"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "status": "draft"}, "cwe": "CWE-126", "details": ["In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of \u201cminimasks\u201d function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.", "A flaw was found in OpenVSwitch. Versions 0.90.0 through 2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of \u201cminimasks\u201d function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and remote execution."], "name": "CVE-2022-32166", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7::fastdatapath", "fix_state": "Not affected", "package_name": "openvswitch", "product_name": "Fast Datapath for RHEL 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7::fastdatapath", "fix_state": "Not affected", "package_name": "openvswitch2.10", "product_name": "Fast Datapath for RHEL 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7::fastdatapath", "fix_state": "Not affected", "package_name": "openvswitch2.11", "product_name": "Fast Datapath for RHEL 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7::fastdatapath", "fix_state": "Not affected", "package_name": "openvswitch2.12", "product_name": "Fast Datapath for RHEL 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7::fastdatapath", "fix_state": "Not affected", "package_name": "openvswitch2.13", "product_name": "Fast Datapath for RHEL 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "fix_state": "Not affected", "package_name": "openvswitch2.11", "product_name": "Fast Datapath for RHEL 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "fix_state": "Not affected", "package_name": "openvswitch2.12", "product_name": "Fast Datapath for RHEL 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "fix_state": "Not affected", "package_name": "openvswitch2.13", "product_name": "Fast Datapath for RHEL 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "fix_state": "Not affected", "package_name": "openvswitch2.15", "product_name": "Fast Datapath for RHEL 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "fix_state": "Not affected", "package_name": "openvswitch2.16", "product_name": "Fast Datapath for RHEL 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "fix_state": "Not affected", "package_name": "openvswitch2.17", "product_name": "Fast Datapath for RHEL 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9::fastdatapath", "fix_state": "Not affected", "package_name": "openvswitch2.17", "product_name": "Fast Datapath for RHEL 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "openvswitch", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openvswitch2.13", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openvswitch2.15", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openvswitch2.16", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openvswitch2.17", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Not affected", "package_name": "openvswitch", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Not affected", "package_name": "openvswitch2.11", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Not affected", "package_name": "rhosp-openvswitch", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Not affected", "package_name": "openvswitch2.10", "product_name": "Red Hat Virtualization 4"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Not affected", "package_name": "openvswitch2.11", "product_name": "Red Hat Virtualization 4"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Not affected", "package_name": "rhv-openvswitch", "product_name": "Red Hat Virtualization 4"}], "public_date": "2022-09-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-32166\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-32166"], "threat_severity": "Important", "upstream_fix": "openvswitch 2.5.0"}