icon

We found results for “

CVE-2022-32166

Date: September 28, 2022

Overview

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c

Details

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c.
An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory.
This vulnerability is capable of crashing the software, memory modification, and possible remote execution.

Affected Environments

Ovs versions v0.90.0 through v2.5.0

Prevention

Upgrade to ovs version v2.5.1

Language: C

Good to know:

icon

Out-of-bounds Read

CWE-125
icon

Upgrade Version

Upgrade to version v2.5.1

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High