← back
CVE-2022-32166

ovs - buffer over-read

CVSS 6.1 MEDIUMEPSS 0.5%CWE-125
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.1EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
28 Sep 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Affected products
ovs · ovs