Vulnerability Database

309,961

Total vulnerabilities in the database

CVE-2022-32166

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.

Published: Sep 28, 2022
Updated: Nov 16, 2025
CVE: CVE-2022-32166
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

CWEs:

CWE-125

Affected Software
References

Software	From	Fixed in
cloudbase / open_vswitch	0.90.0	2.5.0.x
debian / debian_linux	10.0	10.0.x

https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73
https://lists.debian.org/debian-lts-announce/2022/10/msg00036.html
https://www.mend.io/vulnerability-database/CVE-2022-32166

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo