CVE-2022-32166

Sažetak

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.

Reference

https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73
https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html
https://www.mend.io/vulnerability-database/CVE-2022-32166
https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73
https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html
https://www.mend.io/vulnerability-database/CVE-2022-32166

CVSS

Base:	6.1
Impact:	4.2
Exploitability:	1.8

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	NONE	HIGH

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

Zadnje važnije ažuriranje

21-05-2025 - 15:15

Objavljeno

28-09-2022 - 10:15