Auto-merge PR#7466

2025-06-10 02:04:31 +00:00 · 2022-09-28 05:30:28 -04:00 · 2022-09-28 05:30:28 -04:00 · 992f58f307
commit 992f58f307
parent 91926bbdcd cb619d0bdb
1 changed files with 83 additions and 14 deletions
--- a/2022/32xxx/CVE-2022-32166.json
+++ b/2022/32xxx/CVE-2022-32166.json
@ -1,18 +1,87 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2022-32166",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
-            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+  "CVE_data_meta" : {
+    "ASSIGNER" : "vulnerabilitylab@mend.io",
+    "ID" : "CVE-2022-32166",
+    "STATE" : "PUBLIC",
+    "DATE_PUBLIC" : "Jun 1, 2022, 4:32:50 AM",
+    "TITLE" : "ovs - buffer over-read"
+  },
+  "affects" : {
+    "vendor" : {
+      "vendor_data" : [ {
+        "vendor_name" : "ovs",
+        "product" : {
+          "product_data" : [ {
+            "product_name" : "ovs",
+            "version" : {
+              "version_data" : [ {
+                "version_value" : "v0.90.0",
+                "version_affected" : ">="
+              }, {
+                "version_value" : "v2.5.0",
+                "version_affected" : "<="
+              } ]
            }
-        ]
+          } ]
+        }
+      } ]
    }
+  },
+  "credit" : [ {
+    "lang" : "eng",
+    "value" : "Mend Vulnerability Research Team (MVR)"
+  } ],
+  "data_format" : "MITRE",
+  "data_type" : "CVE",
+  "data_version" : "4.0",
+  "description" : {
+    "description_data" : [ {
+      "lang" : "eng",
+      "value" : "In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c.  An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory.  This vulnerability is capable of crashing the software, memory modification, and possible remote execution."
+    } ]
+  },
+  "generator" : {
+    "engine" : "Vulnogram 0.0.9"
+  },
+  "impact" : {
+    "cvss" : {
+      "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+      "attackComplexity" : "LOW",
+      "attackVector" : "NETWORK",
+      "availabilityImpact" : "HIGH",
+      "confidentialityImpact" : "HIGH",
+      "integrityImpact" : "HIGH",
+      "privilegesRequired" : "LOW",
+      "scope" : "UNCHANGED",
+      "userInteraction" : "NONE",
+      "version" : 3.1,
+      "baseScore" : 8.8,
+      "baseSeverity" : "HIGH"
+    }
+  },
+  "references" : {
+    "reference_data" : [ {
+      "refsource" : "MISC",
+      "url" : "https://www.mend.io/vulnerability-database/CVE-2022-32166"
+    }, {
+      "refsource" : "CONFIRM",
+      "url" : "https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73"
+    } ]
+  },
+  "problemtype" : {
+    "problemtype_data" : [ {
+      "description" : [ {
+        "lang" : "eng",
+        "value" : "CWE-125 Out-of-bounds Read"
+      } ]
+    } ]
+  },
+  "solution" : [ {
+    "lang" : "eng",
+    "value" : "Update version to v2.5.1 or later"
+  } ],
+  "source" : {
+    "advisory" : "https://www.mend.io/vulnerability-database/",
+    "discovery" : "UNKNOWN"
+  }
 }