CVE-2022-32166

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-32166
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-32166.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-32166
Downstream
Related
Published
2022-09-28T10:15:09Z
Modified
2025-09-19T13:58:42.148675Z
Summary
[none]
Details

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.

References

Affected packages

Git / github.com/cloudbase/ovs

Affected ranges

Type
GIT
Repo
https://github.com/cloudbase/ovs
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
2ed6505555cdcb46f9b1f0329d1491b75290fc73
Type
GIT
Repo
https://github.com/openvswitch/ovs
Events
Introduced
064af42167bf4fc9aaea2702d80ce08074b889c0
Last affected
22d4614ddf83988a3771fb379ea029e663b4455a

Affected versions

v0.*

v0.90.0
v0.90.1
v0.90.2
v0.90.3
v0.90.4
v0.90.6
v0.90.7
v0.99.0
v0.99.1
v0.99.2

v1.*

v1.0.0
v1.0.1
v1.1.0pre1
v1.1.0pre2

v2.*

v2.5.0

Database specific 

{
    "vanir_signatures": [
        {
            "source": "https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73",
            "target": {
                "file": "lib/flow.c",
                "function": "minimask_equal"
            },
            "deprecated": false,
            "signature_version": "v1",
            "digest": {
                "length": 164.0,
                "function_hash": "208215384234482172340336223139379563494"
            },
            "signature_type": "Function",
            "id": "CVE-2022-32166-4d723460"
        },
        {
            "source": "https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73",
            "target": {
                "file": "lib/flow.c"
            },
            "deprecated": false,
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "41358173139995879416545344666372893953",
                    "322584161329975065975638219048573548520",
                    "268704611598834092544834149148232855461",
                    "308131195466907709094624850125095216989",
                    "148012374010338462517758330580087247405",
                    "4946619544234895480100840852610817772"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "id": "CVE-2022-32166-f1ea317a"
        }
    ]
}