What is CVE-2022-32166?

CVE-2022-32166 is a medium-severity vulnerability in Cloudbase Open_vswitch, classified under Out-of-bounds Read. CVSS score: 6.1/10. Published 2022-09-28.

How severe is CVE-2022-32166?

Medium severity. CVSS v3 base score is 6.1 out of 10.

Out-of-bounds Read in Cloudbase Open_vswitch

CVE-2022-32166

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the softwar…

Vulnerability class: Buffer Overflow

EPSS: 0.005 (40.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H.

Affected products

Cloudbase Open_vswitch
Ovs — versions v0.90.0, unspecified
Debian Debian_linux — versions 10.0

Weakness classification (CWE)

CWE-125 — Out-of-bounds Read

References

vulnerabilitylab@mend.io (Third Party Advisory)
vulnerabilitylab@mend.io (Patch, Third Party Advisory)
vulnerabilitylab@mend.io (mailing-list, Mailing List, Third Party Advisory)

Frequently asked questions

What is CVE-2022-32166?: CVE-2022-32166 is a medium-severity vulnerability in Cloudbase Open_vswitch, classified under Out-of-bounds Read. CVSS score: 6.1/10. Published 2022-09-28.
How severe is CVE-2022-32166?: Medium severity. CVSS v3 base score is 6.1 out of 10.