8.6

CVE-2022-2132

Exploit
A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DpdkData Plane Development Kit Version < 19.11
DpdkData Plane Development Kit Version >= 20.0 < 20.11
DpdkData Plane Development Kit Version >= 21.0 < 21.11
FedoraprojectFedora Version36
DebianDebian Linux Version10.0
RedhatOpenstack Platform Version13.0
RedhatVirtualization Version4.0
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.77% 0.754
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.6 3.9 4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CWE-791 Incomplete Filtering of Special Elements

The product receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component.

https://bugs.dpdk.org/show_bug.cgi?id=1031
Patch
Vendor Advisory
Exploit
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=2099475
Third Party Advisory
Exploit
Issue Tracking
https://lists.debian.org/debian-lts-announce/2022/09/msg00000.html
Third Party Advisory
Mailing List