CVE-2022-32166
ovs - buffer over-read
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.1EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
28 Sep 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Affected products
ovs · ovs