8.6

CVE-2022-2132

Exploit

A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.

Data is provided by the National Vulnerability Database (NVD)
DpdkData Plane Development Kit Version < 19.11
DpdkData Plane Development Kit Version >= 20.0 < 20.11
DpdkData Plane Development Kit Version >= 21.0 < 21.11
FedoraprojectFedora Version36
DebianDebian Linux Version10.0
RedhatOpenstack Platform Version13.0
RedhatVirtualization Version4.0
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.69% 0.709
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.6 3.9 4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CWE-791 Incomplete Filtering of Special Elements

The product receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component.

https://bugs.dpdk.org/show_bug.cgi?id=1031
Patch
Vendor Advisory
Exploit
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=2099475
Third Party Advisory
Exploit
Issue Tracking