DEBIAN-CVE-2022-32166

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2022-32166

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-32166.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2022-32166

Upstream

CVE-2022-32166

Published

2022-09-28T10:15:09Z

Modified

2025-09-19T06:04:46Z

Summary

[none]

Details

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.

References

https://security-tracker.debian.org/tracker/CVE-2022-32166

Affected packages

Debian:11 / openvswitch

Package

Name: openvswitch
Purl: pkg:deb/debian/openvswitch?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.13.0+dfsg1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / openvswitch

Package

Name: openvswitch
Purl: pkg:deb/debian/openvswitch?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.13.0+dfsg1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / openvswitch

Package

Name: openvswitch
Purl: pkg:deb/debian/openvswitch?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.13.0+dfsg1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / openvswitch

Package

Name: openvswitch
Purl: pkg:deb/debian/openvswitch?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.13.0+dfsg1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}