var-202209-1889
Vulnerability from variot
In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution. cloudbase of open vswitch Products from other vendors have out-of-bounds read vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ========================================================================= Ubuntu Security Notice USN-5698-2 October 25, 2022
openvswitch vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Open vSwitch could be made to crash or run programs if it received specially crafted network traffic.
Software Description: - openvswitch: Ethernet virtual switch
Details:
USN-5698-1 fixed a vulnerability in Open. This update provides the corresponding update for Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that Open vSwitch incorrectly handled comparison of certain minimasks. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: openvswitch-common 2.5.9-0ubuntu0.16.04.3+esm1
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5698-2 https://ubuntu.com/security/notices/USN-5698-1 CVE-2022-32166
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202209-1889",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "open vswitch",
"scope": "lte",
"trust": 1.0,
"vendor": "cloudbase",
"version": "2.5.0"
},
{
"model": "open vswitch",
"scope": "gte",
"trust": 1.0,
"vendor": "cloudbase",
"version": "0.90.0"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "open vswitch",
"scope": null,
"trust": 0.8,
"vendor": "cloudbase",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-017950"
},
{
"db": "NVD",
"id": "CVE-2022-32166"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cloudbase:open_vswitch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.5.0",
"versionStartIncluding": "0.90.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-32166"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "169511"
},
{
"db": "PACKETSTORM",
"id": "169509"
}
],
"trust": 0.2
},
"cve": "CVE-2022-32166",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-017950",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "OTHER",
"id": "JVNDB-2022-017950",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202209-2841",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-017950"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2841"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of \u201cminimasks\u201d function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution. cloudbase of open vswitch Products from other vendors have out-of-bounds read vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. =========================================================================\nUbuntu Security Notice USN-5698-2\nOctober 25, 2022\n\nopenvswitch vulnerability\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n\nSummary:\n\nOpen vSwitch could be made to crash or run programs if it received\nspecially crafted network traffic. \n\nSoftware Description:\n- openvswitch: Ethernet virtual switch\n\nDetails:\n\nUSN-5698-1 fixed a vulnerability in Open. This update provides\nthe corresponding update for Ubuntu 16.04 ESM. \n\nOriginal advisory details:\n\n It was discovered that Open vSwitch incorrectly handled comparison of\n certain minimasks. A remote attacker could use this issue to cause Open\n vSwitch to crash, resulting in a denial of service, or possibly execute\n arbitrary code. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n openvswitch-common 2.5.9-0ubuntu0.16.04.3+esm1\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5698-2\n https://ubuntu.com/security/notices/USN-5698-1\n CVE-2022-32166\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-32166"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017950"
},
{
"db": "VULHUB",
"id": "VHN-424064"
},
{
"db": "VULMON",
"id": "CVE-2022-32166"
},
{
"db": "PACKETSTORM",
"id": "169511"
},
{
"db": "PACKETSTORM",
"id": "169509"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-32166",
"trust": 3.6
},
{
"db": "PACKETSTORM",
"id": "169511",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017950",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2023.2040",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5367",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.2982",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.6018",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5452",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2841",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "169509",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-424064",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-32166",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424064"
},
{
"db": "VULMON",
"id": "CVE-2022-32166"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017950"
},
{
"db": "PACKETSTORM",
"id": "169511"
},
{
"db": "PACKETSTORM",
"id": "169509"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2841"
},
{
"db": "NVD",
"id": "CVE-2022-32166"
}
]
},
"id": "VAR-202209-1889",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-424064"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-13T19:35:45.159000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Open vSwitch Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=209305"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2022-32166"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-32166"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2841"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds read (CWE-125) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424064"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017950"
},
{
"db": "NVD",
"id": "CVE-2022-32166"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73"
},
{
"trust": 2.6,
"url": "https://www.mend.io/vulnerability-database/cve-2022-32166"
},
{
"trust": 2.6,
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32166"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-32166"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.2040"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-32166/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169511/ubuntu-security-notice-usn-5698-2.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5452"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5367"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/open-vswitch-buffer-overflow-via-minimasks-39722"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6018"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.2982"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5698-1"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5698-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openvswitch/2.9.8-0ubuntu0.18.04.3"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424064"
},
{
"db": "VULMON",
"id": "CVE-2022-32166"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017950"
},
{
"db": "PACKETSTORM",
"id": "169511"
},
{
"db": "PACKETSTORM",
"id": "169509"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2841"
},
{
"db": "NVD",
"id": "CVE-2022-32166"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-424064"
},
{
"db": "VULMON",
"id": "CVE-2022-32166"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017950"
},
{
"db": "PACKETSTORM",
"id": "169511"
},
{
"db": "PACKETSTORM",
"id": "169509"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2841"
},
{
"db": "NVD",
"id": "CVE-2022-32166"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-28T00:00:00",
"db": "VULHUB",
"id": "VHN-424064"
},
{
"date": "2022-09-28T00:00:00",
"db": "VULMON",
"id": "CVE-2022-32166"
},
{
"date": "2023-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-017950"
},
{
"date": "2022-10-26T12:51:17",
"db": "PACKETSTORM",
"id": "169511"
},
{
"date": "2022-10-26T12:50:35",
"db": "PACKETSTORM",
"id": "169509"
},
{
"date": "2022-09-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-2841"
},
{
"date": "2022-09-28T10:15:09.560000",
"db": "NVD",
"id": "CVE-2022-32166"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-04T00:00:00",
"db": "VULHUB",
"id": "VHN-424064"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-32166"
},
{
"date": "2023-10-17T08:05:00",
"db": "JVNDB",
"id": "JVNDB-2022-017950"
},
{
"date": "2023-05-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-2841"
},
{
"date": "2023-11-07T03:47:44.110000",
"db": "NVD",
"id": "CVE-2022-32166"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "169511"
},
{
"db": "PACKETSTORM",
"id": "169509"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2841"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cloudbase\u00a0 of \u00a0open\u00a0vswitch\u00a0 Out-of-Bounds Read Vulnerability in Other Vendors\u0027 Products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-017950"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-2841"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.