{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T07:06:45.318","vulnerabilities":[{"cve":{"id":"CVE-2022-32166","sourceIdentifier":"vulnerabilitylab@mend.io","published":"2022-09-28T10:15:09.560","lastModified":"2025-05-21T15:15:56.693","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution."},{"lang":"es","value":"ovs versiones v0.90.0 hasta v2.5.0, son vulnerables a una lectura excesiva del buffer de la pila en el archivo flow.c. Una comparación no segura de la función \"minimasks\" podría conllevar a un acceso a una región de memoria no mapeada. Esta vulnerabilidad es capaz de bloquear el software, modificar la memoria y una posible ejecución remota"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":4.2}]},"weaknesses":[{"source":"vulnerabilitylab@mend.io","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cloudbase:open_vswitch:*:*:*:*:*:*:*:*","versionStartIncluding":"0.90.0","versionEndIncluding":"2.5.0","matchCriteriaId":"8AEEEAC8-0D7E-4656-90B4-22D040FEA4BA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}]}]}],"references":[{"url":"https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73","source":"vulnerabilitylab@mend.io","tags":["Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html","source":"vulnerabilitylab@mend.io","tags":["Mailing List","Third Party Advisory"]},{"url":"https://www.mend.io/vulnerability-database/CVE-2022-32166","source":"vulnerabilitylab@mend.io","tags":["Third Party Advisory"]},{"url":"https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://www.mend.io/vulnerability-database/CVE-2022-32166","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}