Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-14377

Опубликовано: 30 сент. 2020
Источник: nvd
CVSS3: 7.1
CVSS2: 3.6
EPSS Низкий

Описание

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an attacker in a virtual machine to read significant amounts of host memory. The highest threat from this vulnerability is to data confidentiality and system availability.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:*
Версия от 18.02.1 (включая) до 18.11.10 (исключая)
cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:*
Версия от 19.02 (включая) до 19.11.5 (исключая)
Конфигурация 2
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

EPSS

Процентиль: 20%
0.00064
Низкий

7.1 High

CVSS3

3.6 Low

CVSS2

Дефекты

CWE-125
CWE-125

Связанные уязвимости

ubuntu логотип

CVE-2020-14377

CVSS3: 7.1
ubuntu
больше 5 лет назад

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an attacker in a virtual machine to read significant amounts of host memory. The highest threat from this vulnerability is to data confidentiality and system availability.

redhat логотип

CVE-2020-14377

CVSS3: 7.1
redhat
больше 5 лет назад

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an attacker in a virtual machine to read significant amounts of host memory. The highest threat from this vulnerability is to data confidentiality and system availability.

debian логотип

CVE-2020-14377

CVSS3: 7.1
debian
больше 5 лет назад

A flaw was found in dpdk in versions before 18.11.10 and before 19.11. ...

github логотип

GHSA-79mp-xxw2-fgf4

github
больше 3 лет назад

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an attacker in a virtual machine to read significant amounts of host memory. The highest threat from this vulnerability is to data confidentiality and system availability.

suse-cvrf логотип

openSUSE-SU-2020:1599-1

suse-cvrf
больше 5 лет назад

Security update for dpdk

EPSS

Процентиль: 20%
0.00064
Низкий

7.1 High

CVSS3

3.6 Low

CVSS2

Дефекты

CWE-125
CWE-125