exploitDog

CVE-2019-9547

Опубликовано: 01 мар. 2019

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

In Storage Performance Development Kit (SPDK) before 19.01, a malicious vhost client (i.e., virtual machine) could carefully construct a circular descriptor chain that would result in a partial denial of service in the SPDK vhost target, because the vhost target did not properly detect such chains.

Ссылки

https://github.com/spdk/spdk/commit/eca42c66092b9031711afe215fbc1891ee55f143
Third Party Advisory
https://github.com/spdk/spdk/releases/tag/v19.01
Third Party Advisory
https://github.com/spdk/spdk/commit/eca42c66092b9031711afe215fbc1891ee55f143
Third Party Advisory
https://github.com/spdk/spdk/releases/tag/v19.01
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:spdk:storage_performance_development_kit:*:*:*:*:*:*:*:*

Версия до 19.01 (исключая)

EPSS

Процентиль: 53%

0.00305

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-834

Связанные уязвимости

GHSA-m5p3-37gc-m3x3

CVSS3: 5.3

github

больше 3 лет назад

In Storage Performance Development Kit (SPDK) before 19.01, a malicious vhost client (i.e., virtual machine) could carefully construct a circular descriptor chain that would result in a partial denial of service in the SPDK vhost target, because the vhost target did not properly detect such chains.

EPSS

Процентиль: 53%

0.00305

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-834