QwikSec

Security Database

CVE

CWE

Training

CVE-2022-32166

Published: Sep 28, 2022

Modified: May 21, 2025

PUBLISHED

Description

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.

Vendor	Product	Versions
ovs	ovs	affected `v0.90.0 - < unspecified` affected `unspecified - <= v2.5.0`

Weaknesses (CWE)

References

https://www.mend.io/vulnerability-database/CVE-2022-32166

https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73

[debian-lts-announce] 20221029 [SECURITY] [DLA 3168-1] openvswitch security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.