Lucene search
Copyright (C) 2022 Greenbone AGOPENVAS:1361412562310893168HistoryOct 30, 2022 - 12:00 a.m.
Debian: Security Advisory (DLA-3168-1)
2022-10-3000:00:00
Copyright (C) 2022 Greenbone AG
plugins.openvas.org
3
The remote host is missing an update for the Debian
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.893168");
script_cve_id("CVE-2022-32166");
script_tag(name:"creation_date", value:"2022-10-30 02:00:19 +0000 (Sun, 30 Oct 2022)");
script_version("2024-01-12T16:12:11+0000");
script_tag(name:"last_modification", value:"2024-01-12 16:12:11 +0000 (Fri, 12 Jan 2024)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_name("Debian: Security Advisory (DLA-3168-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB10");
script_xref(name:"Advisory-ID", value:"DLA-3168-1");
script_xref(name:"URL", value:"https://www.debian.org/lts/security/2022/DLA-3168-1");
script_xref(name:"URL", value:"https://security-tracker.debian.org/tracker/openvswitch");
script_xref(name:"URL", value:"https://wiki.debian.org/LTS");
script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'openvswitch' package(s) announced via the DLA-3168-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"An issue has been found in openvswitch, a software-based, Ethernet virtual switch.
This issue is about a heap buffer over-read in flow.c, which could lead to access to an unmapped region of memory. This could result in crashing the software, memory modification, or possible remote execution.
For Debian 10 buster, this problem has been fixed in version 2.10.7+ds1-0+deb10u2.
We recommend that you upgrade your openvswitch packages.
For the detailed security status of openvswitch please refer to its security tracker page at: [link moved to references]
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: [link moved to references]");
script_tag(name:"affected", value:"'openvswitch' package(s) on Debian 10.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "DEB10") {
if(!isnull(res = isdpkgvuln(pkg:"openvswitch-common", ver:"2.10.7+ds1-0+deb10u2", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openvswitch-dbg", ver:"2.10.7+ds1-0+deb10u2", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openvswitch-dev", ver:"2.10.7+ds1-0+deb10u2", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openvswitch-pki", ver:"2.10.7+ds1-0+deb10u2", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openvswitch-switch", ver:"2.10.7+ds1-0+deb10u2", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openvswitch-testcontroller", ver:"2.10.7+ds1-0+deb10u2", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openvswitch-vtep", ver:"2.10.7+ds1-0+deb10u2", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"ovn-central", ver:"2.10.7+ds1-0+deb10u2", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"ovn-controller-vtep", ver:"2.10.7+ds1-0+deb10u2", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"ovn-host", ver:"2.10.7+ds1-0+deb10u2", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"python-openvswitch", ver:"2.10.7+ds1-0+deb10u2", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"python3-openvswitch", ver:"2.10.7+ds1-0+deb10u2", rls:"DEB10"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
cvelist
cvelist
CVE-2022-32166 ovs - buffer over-read
2022-06-01 00:00:00
ubuntu
ubuntu
Open vSwitch vulnerability
2022-10-25 00:00:00
Open vSwitch vulnerability
2022-10-25 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:4050-1)
2022-11-18 00:00:00
Ubuntu: Security Advisory (USN-5698-2)
2022-10-26 00:00:00
Ubuntu: Security Advisory (USN-5698-1)
2022-10-26 00:00:00
nessus
nessus
Ubuntu 16.04 ESM : Open vSwitch vulnerability (USN-5698-2)
2022-10-25 00:00:00
Debian DLA-3168-1 : openvswitch - LTS security update
2022-10-30 00:00:00
Ubuntu 18.04 LTS : Open vSwitch vulnerability (USN-5698-1)
2022-10-25 00:00:00
redhatcve
redhatcve
CVE-2022-32166
2022-09-28 13:48:58
debian
debian
[SECURITY] [DLA 3168-1] openvswitch security update
2022-10-29 09:30:27
osv
osv
openvswitch - security update
2022-10-29 00:00:00
openvswitch vulnerability
2022-10-25 12:47:42
CVE-2022-32166
2022-09-28 10:15:09
debiancve
debiancve
CVE-2022-32166
2022-09-28 10:15:09
ubuntucve
ubuntucve
CVE-2022-32166
2022-09-28 00:00:00
nvd
nvd
CVE-2022-32166
2022-09-28 10:15:09
prion
prion
Heap overflow
2022-09-28 10:15:00
cve
cve
CVE-2022-32166
2022-09-28 10:15:09
9.5 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
40.7%
Related for OPENVAS:1361412562310893168