cve-2022-32166

Vulnerability from cvelistv5

Published

2022-09-28 09:30

Modified

2024-09-16 22:02

Severity ?

Summary

References

URL	Tags
vulnerabilitylab@mend.io	https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73	Patch, Third Party Advisory
vulnerabilitylab@mend.io	https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html	Mailing List, Third Party Advisory
vulnerabilitylab@mend.io	https://www.mend.io/vulnerability-database/CVE-2022-32166	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mend.io/vulnerability-database/CVE-2022-32166	Third Party Advisory

Impacted products

Vendor

Product

Version

▼

ovs

Version: v0.90.0 < unspecified
Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:32:55.987Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mend.io/vulnerability-database/CVE-2022-32166"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73"
          },
          {
            "name": "[debian-lts-announce] 20221029 [SECURITY] [DLA 3168-1] openvswitch security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ovs",
          "vendor": "ovs",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "v0.90.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "v2.5.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Mend Vulnerability Research Team (MVR)"
        }
      ],
      "datePublic": "2022-06-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of \u201cminimasks\u201d function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": 3.1
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-29T00:00:00",
        "orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
        "shortName": "Mend"
      },
      "references": [
        {
          "url": "https://www.mend.io/vulnerability-database/CVE-2022-32166"
        },
        {
          "url": "https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73"
        },
        {
          "name": "[debian-lts-announce] 20221029 [SECURITY] [DLA 3168-1] openvswitch security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Update version to v2.5.1 or later"
        }
      ],
      "source": {
        "advisory": "https://www.mend.io/vulnerability-database/",
        "discovery": "UNKNOWN"
      },
      "title": "ovs - buffer over-read",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
    "assignerShortName": "Mend",
    "cveId": "CVE-2022-32166",
    "datePublished": "2022-09-28T09:30:12.924276Z",
    "dateReserved": "2022-05-31T00:00:00",
    "dateUpdated": "2024-09-16T22:02:36.612Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudbase:open_vswitch:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"0.90.0\", \"versionEndIncluding\": \"2.5.0\", \"matchCriteriaId\": \"8AEEEAC8-0D7E-4656-90B4-22D040FEA4BA\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of \\u201cminimasks\\u201d function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.\"}, {\"lang\": \"es\", \"value\": \"ovs versiones v0.90.0 hasta v2.5.0, son vulnerables a una lectura excesiva del buffer de la pila en el archivo flow.c. Una comparaci\\u00f3n no segura de la funci\\u00f3n \\\"minimasks\\\" podr\\u00eda conllevar a un acceso a una regi\\u00f3n de memoria no mapeada. Esta vulnerabilidad es capaz de bloquear el software, modificar la memoria y una posible ejecuci\\u00f3n remota\"}]",
      "id": "CVE-2022-32166",
      "lastModified": "2024-11-21T07:05:51.930",
      "published": "2022-09-28T10:15:09.560",
      "references": "[{\"url\": \"https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73\", \"source\": \"vulnerabilitylab@mend.io\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html\", \"source\": \"vulnerabilitylab@mend.io\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://www.mend.io/vulnerability-database/CVE-2022-32166\", \"source\": \"vulnerabilitylab@mend.io\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://www.mend.io/vulnerability-database/CVE-2022-32166\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "vulnerabilitylab@mend.io",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"vulnerabilitylab@mend.io\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-32166\",\"sourceIdentifier\":\"vulnerabilitylab@mend.io\",\"published\":\"2022-09-28T10:15:09.560\",\"lastModified\":\"2024-11-21T07:05:51.930\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of \u201cminimasks\u201d function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.\"},{\"lang\":\"es\",\"value\":\"ovs versiones v0.90.0 hasta v2.5.0, son vulnerables a una lectura excesiva del buffer de la pila en el archivo flow.c. Una comparaci\u00f3n no segura de la funci\u00f3n \\\"minimasks\\\" podr\u00eda conllevar a un acceso a una regi\u00f3n de memoria no mapeada. Esta vulnerabilidad es capaz de bloquear el software, modificar la memoria y una posible ejecuci\u00f3n remota\"}],\"metrics\":{},\"weaknesses\":[{\"source\":\"vulnerabilitylab@mend.io\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudbase:open_vswitch:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"0.90.0\",\"versionEndIncluding\":\"2.5.0\",\"matchCriteriaId\":\"8AEEEAC8-0D7E-4656-90B4-22D040FEA4BA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73\",\"source\":\"vulnerabilitylab@mend.io\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html\",\"source\":\"vulnerabilitylab@mend.io\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.mend.io/vulnerability-database/CVE-2022-32166\",\"source\":\"vulnerabilitylab@mend.io\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.mend.io/vulnerability-database/CVE-2022-32166\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

gsd-2022-32166

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2022-32166

Aliases

CVE-2022-32166

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-32166",
    "description": "In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of \u201cminimasks\u201d function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.",
    "id": "GSD-2022-32166",
    "references": [
      "https://www.suse.com/security/cve/CVE-2022-32166.html",
      "https://ubuntu.com/security/CVE-2022-32166"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-32166"
      ],
      "details": "In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of \u201cminimasks\u201d function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.",
      "id": "GSD-2022-32166",
      "modified": "2023-12-13T01:19:12.678122Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
        "DATE_PUBLIC": "Jun 1, 2022, 4:32:50 AM",
        "ID": "CVE-2022-32166",
        "STATE": "PUBLIC",
        "TITLE": "ovs - buffer over-read"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "ovs",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003e=",
                          "version_value": "v0.90.0"
                        },
                        {
                          "version_affected": "\u003c=",
                          "version_value": "v2.5.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "ovs"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "Mend Vulnerability Research Team (MVR)"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of \u201cminimasks\u201d function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": 3.1
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-125 Out-of-bounds Read"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.mend.io/vulnerability-database/CVE-2022-32166",
            "refsource": "MISC",
            "url": "https://www.mend.io/vulnerability-database/CVE-2022-32166"
          },
          {
            "name": "https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73",
            "refsource": "MISC",
            "url": "https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73"
          },
          {
            "name": "[debian-lts-announce] 20221029 [SECURITY] [DLA 3168-1] openvswitch security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html"
          }
        ]
      },
      "solution": [
        {
          "lang": "eng",
          "value": "Update version to v2.5.1 or later"
        }
      ],
      "source": {
        "advisory": "https://www.mend.io/vulnerability-database/",
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cloudbase:open_vswitch:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.5.0",
                "versionStartIncluding": "0.90.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vulnerabilitylab@mend.io",
          "ID": "CVE-2022-32166"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of \u201cminimasks\u201d function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-125"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73"
            },
            {
              "name": "https://www.mend.io/vulnerability-database/CVE-2022-32166",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.mend.io/vulnerability-database/CVE-2022-32166"
            },
            {
              "name": "[debian-lts-announce] 20221029 [SECURITY] [DLA 3168-1] openvswitch security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-11-04T19:17Z",
      "publishedDate": "2022-09-28T10:15Z"
    }
  }
}

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution. cloudbase of open vswitch Products from other vendors have out-of-bounds read vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ========================================================================= Ubuntu Security Notice USN-5698-2 October 25, 2022

openvswitch vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 16.04 ESM

Summary:

Open vSwitch could be made to crash or run programs if it received specially crafted network traffic.

Software Description: - openvswitch: Ethernet virtual switch

Details:

USN-5698-1 fixed a vulnerability in Open. This update provides the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that Open vSwitch incorrectly handled comparison of certain minimasks. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 ESM: openvswitch-common 2.5.9-0ubuntu0.16.04.3+esm1

In general, a standard system update will make all the necessary changes.

References: https://ubuntu.com/security/notices/USN-5698-2 https://ubuntu.com/security/notices/USN-5698-1 CVE-2022-32166

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202209-1889",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "model": "open vswitch",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cloudbase",
        "version": "2.5.0"
      },
      {
        "model": "open vswitch",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cloudbase",
        "version": "0.90.0"
      },
      {
        "model": "gnu/linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "model": "open vswitch",
        "scope": null,
        "trust": 0.8,
        "vendor": "cloudbase",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-017950"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32166"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cloudbase:open_vswitch:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.5.0",
                "versionStartIncluding": "0.90.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-32166"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ubuntu",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "169511"
      },
      {
        "db": "PACKETSTORM",
        "id": "169509"
      }
    ],
    "trust": 0.2
  },
  "cve": "CVE-2022-32166",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "OTHER",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2022-017950",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "OTHER",
            "id": "JVNDB-2022-017950",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202209-2841",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-017950"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-2841"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of \u201cminimasks\u201d function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution. cloudbase of open vswitch Products from other vendors have out-of-bounds read vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. =========================================================================\nUbuntu Security Notice USN-5698-2\nOctober 25, 2022\n\nopenvswitch vulnerability\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n\nSummary:\n\nOpen vSwitch could be made to crash or run programs if it received\nspecially crafted network traffic. \n\nSoftware Description:\n- openvswitch: Ethernet virtual switch\n\nDetails:\n\nUSN-5698-1 fixed a vulnerability in Open. This update provides\nthe corresponding update for Ubuntu 16.04 ESM. \n\nOriginal advisory details:\n\n It was discovered that Open vSwitch incorrectly handled comparison of\n certain minimasks. A remote attacker could use this issue to cause Open\n vSwitch to crash, resulting in a denial of service, or possibly execute\n arbitrary code. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n  openvswitch-common              2.5.9-0ubuntu0.16.04.3+esm1\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n  https://ubuntu.com/security/notices/USN-5698-2\n  https://ubuntu.com/security/notices/USN-5698-1\n  CVE-2022-32166\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-32166"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-017950"
      },
      {
        "db": "VULHUB",
        "id": "VHN-424064"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32166"
      },
      {
        "db": "PACKETSTORM",
        "id": "169511"
      },
      {
        "db": "PACKETSTORM",
        "id": "169509"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-32166",
        "trust": 3.6
      },
      {
        "db": "PACKETSTORM",
        "id": "169511",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-017950",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.2040",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.5367",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.2982",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.6018",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.5452",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-2841",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "169509",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-424064",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32166",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424064"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32166"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-017950"
      },
      {
        "db": "PACKETSTORM",
        "id": "169511"
      },
      {
        "db": "PACKETSTORM",
        "id": "169509"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-2841"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32166"
      }
    ]
  },
  "id": "VAR-202209-1889",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424064"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-02-13T19:35:45.159000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Open vSwitch Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=209305"
      },
      {
        "title": "Red Hat: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2022-32166"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-32166"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-2841"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-125",
        "trust": 1.1
      },
      {
        "problemtype": "Out-of-bounds read (CWE-125) [ others ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424064"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-017950"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32166"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73"
      },
      {
        "trust": 2.6,
        "url": "https://www.mend.io/vulnerability-database/cve-2022-32166"
      },
      {
        "trust": 2.6,
        "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32166"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2022-32166"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.2040"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-32166/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/169511/ubuntu-security-notice-usn-5698-2.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.5452"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.5367"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/open-vswitch-buffer-overflow-via-minimasks-39722"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.6018"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.2982"
      },
      {
        "trust": 0.2,
        "url": "https://ubuntu.com/security/notices/usn-5698-1"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/125.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-5698-2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openvswitch/2.9.8-0ubuntu0.18.04.3"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424064"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32166"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-017950"
      },
      {
        "db": "PACKETSTORM",
        "id": "169511"
      },
      {
        "db": "PACKETSTORM",
        "id": "169509"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-2841"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32166"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-424064"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32166"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-017950"
      },
      {
        "db": "PACKETSTORM",
        "id": "169511"
      },
      {
        "db": "PACKETSTORM",
        "id": "169509"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-2841"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32166"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-09-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-424064"
      },
      {
        "date": "2022-09-28T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-32166"
      },
      {
        "date": "2023-10-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-017950"
      },
      {
        "date": "2022-10-26T12:51:17",
        "db": "PACKETSTORM",
        "id": "169511"
      },
      {
        "date": "2022-10-26T12:50:35",
        "db": "PACKETSTORM",
        "id": "169509"
      },
      {
        "date": "2022-09-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202209-2841"
      },
      {
        "date": "2022-09-28T10:15:09.560000",
        "db": "NVD",
        "id": "CVE-2022-32166"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-11-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-424064"
      },
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-32166"
      },
      {
        "date": "2023-10-17T08:05:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-017950"
      },
      {
        "date": "2023-05-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202209-2841"
      },
      {
        "date": "2023-11-07T03:47:44.110000",
        "db": "NVD",
        "id": "CVE-2022-32166"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "169511"
      },
      {
        "db": "PACKETSTORM",
        "id": "169509"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-2841"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "cloudbase\u00a0 of \u00a0open\u00a0vswitch\u00a0 Out-of-Bounds Read Vulnerability in Other Vendors\u0027 Products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-017950"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-2841"
      }
    ],
    "trust": 0.6
  }
}

ghsa-3q99-mmr6-6chg

Vulnerability from github

Published

2022-09-29 00:00

Modified

2022-10-29 19:00

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-32166"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-28T10:15:00Z",
    "severity": "HIGH"
  },
  "details": "In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of \u201cminimasks\u201d function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.",
  "id": "GHSA-3q99-mmr6-6chg",
  "modified": "2022-10-29T19:00:27Z",
  "published": "2022-09-29T00:00:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32166"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html"
    },
    {
      "type": "WEB",
      "url": "https://www.mend.io/vulnerability-database/CVE-2022-32166"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2022-32166

Vulnerability from fkie_nvd

Published

2022-09-28 10:15

Modified

2024-11-21 07:05

Severity ?

Summary

References

URL	Tags
vulnerabilitylab@mend.io	https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73	Patch, Third Party Advisory
vulnerabilitylab@mend.io	https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html	Mailing List, Third Party Advisory
vulnerabilitylab@mend.io	https://www.mend.io/vulnerability-database/CVE-2022-32166	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mend.io/vulnerability-database/CVE-2022-32166	Third Party Advisory

Impacted products

	Vendor	Product	Version
	cloudbase	open_vswitch	*
	debian	debian_linux	10.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cloudbase:open_vswitch:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AEEEAC8-0D7E-4656-90B4-22D040FEA4BA",
              "versionEndIncluding": "2.5.0",
              "versionStartIncluding": "0.90.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of \u201cminimasks\u201d function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution."
    },
    {
      "lang": "es",
      "value": "ovs versiones v0.90.0 hasta v2.5.0, son vulnerables a una lectura excesiva del buffer de la pila en el archivo flow.c. Una comparaci\u00f3n no segura de la funci\u00f3n \"minimasks\" podr\u00eda conllevar a un acceso a una regi\u00f3n de memoria no mapeada. Esta vulnerabilidad es capaz de bloquear el software, modificar la memoria y una posible ejecuci\u00f3n remota"
    }
  ],
  "id": "CVE-2022-32166",
  "lastModified": "2024-11-21T07:05:51.930",
  "metrics": {},
  "published": "2022-09-28T10:15:09.560",
  "references": [
    {
      "source": "vulnerabilitylab@mend.io",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73"
    },
    {
      "source": "vulnerabilitylab@mend.io",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html"
    },
    {
      "source": "vulnerabilitylab@mend.io",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.mend.io/vulnerability-database/CVE-2022-32166"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.mend.io/vulnerability-database/CVE-2022-32166"
    }
  ],
  "sourceIdentifier": "vulnerabilitylab@mend.io",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "vulnerabilitylab@mend.io",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2022-32166

Vulnerability from cvelistv5

gsd-2022-32166

Vulnerability from gsd

var-202209-1889

Vulnerability from variot

openvswitch vulnerability

ghsa-3q99-mmr6-6chg

Vulnerability from github

cve-2022-32166

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature