Sign-up

ID

VAR-202209-1889


CVE

CVE-2022-32166


TITLE

cloudbase  of  open vswitch  Out-of-Bounds Read Vulnerability in Other Vendors' Products

Trust: 0.8

sources: JVNDB: JVNDB-2022-017950

DESCRIPTION

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution. cloudbase of open vswitch Products from other vendors have out-of-bounds read vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ========================================================================= Ubuntu Security Notice USN-5698-2 October 25, 2022 openvswitch vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: Open vSwitch could be made to crash or run programs if it received specially crafted network traffic. Software Description: - openvswitch: Ethernet virtual switch Details: USN-5698-1 fixed a vulnerability in Open. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that Open vSwitch incorrectly handled comparison of certain minimasks. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: openvswitch-common 2.5.9-0ubuntu0.16.04.3+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5698-2 https://ubuntu.com/security/notices/USN-5698-1 CVE-2022-32166

Trust: 1.98

sources: NVD: CVE-2022-32166 // JVNDB: JVNDB-2022-017950 // VULHUB: VHN-424064 // VULMON: CVE-2022-32166 // PACKETSTORM: 169511 // PACKETSTORM: 169509

AFFECTED PRODUCTS

vendor:cloudbasemodel:open vswitchscope:lteversion:2.5.0

Trust: 1.0

vendor:cloudbasemodel:open vswitchscope:gteversion:0.90.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:cloudbasemodel:open vswitchscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-017950 // NVD: CVE-2022-32166

CVSS

SEVERITY

CVSSV2

CVSSV3

OTHER: JVNDB-2022-017950
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202209-2841
value: HIGH

Trust: 0.6

OTHER: JVNDB-2022-017950
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-017950 // CNNVD: CNNVD-202209-2841

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.1

problemtype:Out-of-bounds read (CWE-125) [ others ]

Trust: 0.8

sources: VULHUB: VHN-424064 // JVNDB: JVNDB-2022-017950 // NVD: CVE-2022-32166

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 169511 // PACKETSTORM: 169509 // CNNVD: CNNVD-202209-2841

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202209-2841

PATCH

title:Open vSwitch Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=209305

Trust: 0.6

title:Red Hat: url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2022-32166

Trust: 0.1

sources: VULMON: CVE-2022-32166 // CNNVD: CNNVD-202209-2841

EXTERNAL IDS

db:NVDid:CVE-2022-32166

Trust: 3.6

db:PACKETSTORMid:169511

Trust: 0.8

db:JVNDBid:JVNDB-2022-017950

Trust: 0.8

db:AUSCERTid:ESB-2023.2040

Trust: 0.6

db:AUSCERTid:ESB-2022.5367

Trust: 0.6

db:AUSCERTid:ESB-2023.2982

Trust: 0.6

db:AUSCERTid:ESB-2022.6018

Trust: 0.6

db:AUSCERTid:ESB-2022.5452

Trust: 0.6

db:CNNVDid:CNNVD-202209-2841

Trust: 0.6

db:PACKETSTORMid:169509

Trust: 0.2

db:VULHUBid:VHN-424064

Trust: 0.1

db:VULMONid:CVE-2022-32166

Trust: 0.1

sources: VULHUB: VHN-424064 // VULMON: CVE-2022-32166 // JVNDB: JVNDB-2022-017950 // PACKETSTORM: 169511 // PACKETSTORM: 169509 // CNNVD: CNNVD-202209-2841 // NVD: CVE-2022-32166

REFERENCES

url:https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73

Trust: 2.6

url:https://www.mend.io/vulnerability-database/cve-2022-32166

Trust: 2.6

url:https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html

Trust: 2.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-32166

Trust: 1.0

url:https://access.redhat.com/security/cve/cve-2022-32166

Trust: 0.7

url:https://www.auscert.org.au/bulletins/esb-2023.2040

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-32166/

Trust: 0.6

url:https://packetstormsecurity.com/files/169511/ubuntu-security-notice-usn-5698-2.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5452

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5367

Trust: 0.6

url:https://vigilance.fr/vulnerability/open-vswitch-buffer-overflow-via-minimasks-39722

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.6018

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.2982

Trust: 0.6

url:https://ubuntu.com/security/notices/usn-5698-1

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/125.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5698-2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openvswitch/2.9.8-0ubuntu0.18.04.3

Trust: 0.1

sources: VULHUB: VHN-424064 // VULMON: CVE-2022-32166 // JVNDB: JVNDB-2022-017950 // PACKETSTORM: 169511 // PACKETSTORM: 169509 // CNNVD: CNNVD-202209-2841 // NVD: CVE-2022-32166

CREDITS

Ubuntu

Trust: 0.2

sources: PACKETSTORM: 169511 // PACKETSTORM: 169509

SOURCES

db:VULHUBid:VHN-424064
db:VULMONid:CVE-2022-32166
db:JVNDBid:JVNDB-2022-017950
db:PACKETSTORMid:169511
db:PACKETSTORMid:169509
db:CNNVDid:CNNVD-202209-2841
db:NVDid:CVE-2022-32166

LAST UPDATE DATE

2024-08-14T13:16:53.729000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-424064date:2022-11-04T00:00:00
db:VULMONid:CVE-2022-32166date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2022-017950date:2023-10-17T08:05:00
db:CNNVDid:CNNVD-202209-2841date:2023-05-23T00:00:00
db:NVDid:CVE-2022-32166date:2023-11-07T03:47:44.110

SOURCES RELEASE DATE

db:VULHUBid:VHN-424064date:2022-09-28T00:00:00
db:VULMONid:CVE-2022-32166date:2022-09-28T00:00:00
db:JVNDBid:JVNDB-2022-017950date:2023-10-17T00:00:00
db:PACKETSTORMid:169511date:2022-10-26T12:51:17
db:PACKETSTORMid:169509date:2022-10-26T12:50:35
db:CNNVDid:CNNVD-202209-2841date:2022-09-28T00:00:00
db:NVDid:CVE-2022-32166date:2022-09-28T10:15:09.560