Skip to main content

Open Vswitch CVE-2022-32166

MEDIUM
Out-of-bounds Read (CWE-125)
2022-09-28 vulnerabilitylab@mend.io
6.1
CVSS 3.1 · Vendor: mend
Share

Severity by source

Vendor (mend) PRIMARY
6.1 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

Primary rating from Vendor (mend) · only source for this CVE.

CVSS VectorVendor: mend

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 28, 2022 - 10:15 cve.org
MEDIUM 6.1

DescriptionCVE.org

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.

AnalysisAI

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution. Affected products include: Cloudbase Open Vswitch, Debian Debian Linux.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

Share

CVE-2022-32166 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy