CVE-2022-32166

Опубликовано: 28 сент. 2022

Источник: redhat

CVSS3: 8.6

EPSS Низкий

Описание

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.

A flaw was found in OpenVSwitch. Versions 0.90.0 through 2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and remote execution.

Затронутые пакеты

Платформа	Пакет	Состояние
Fast Datapath for RHEL 7	openvswitch	Not affected
Fast Datapath for RHEL 7	openvswitch2.10	Not affected
Fast Datapath for RHEL 7	openvswitch2.11	Not affected
Fast Datapath for RHEL 7	openvswitch2.12	Not affected
Fast Datapath for RHEL 7	openvswitch2.13	Not affected
Fast Datapath for RHEL 8	openvswitch2.11	Not affected
Fast Datapath for RHEL 8	openvswitch2.12	Not affected
Fast Datapath for RHEL 8	openvswitch2.13	Not affected
Fast Datapath for RHEL 8	openvswitch2.15	Not affected
Fast Datapath for RHEL 8	openvswitch2.16	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-126

https://bugzilla.redhat.com/show_bug.cgi?id=2130577openvswitch: Heap buffer over-read in flow.c

EPSS

Процентиль: 68%

0.00584

Низкий

8.6 High

CVSS3

Связанные уязвимости

CVE-2022-32166

CVSS3: 6.1

ubuntu

больше 3 лет назад

CVE-2022-32166

CVSS3: 6.1

nvd

больше 3 лет назад

CVE-2022-32166

CVSS3: 6.1

debian

больше 3 лет назад

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer o ...

SUSE-SU-2022:4050-1

suse-cvrf

около 3 лет назад

Security update for openvswitch

GHSA-3q99-mmr6-6chg

CVSS3: 8.8

github

больше 3 лет назад

EPSS

Процентиль: 68%

0.00584

Низкий

8.6 High

CVSS3