CVE-2020-14374

Published: Sep 30, 2020Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability: 2.0 / Impact: 6.0

Source: NVD

Description

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhost_crypto application. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Affected (5)

Products: Dpdk: Data Plane Development Kit · Canonical: Ubuntu Linux · Opensuse: Leap

1 product

Data Plane Development Kit

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Dpdk Data Plane Development Kit	From 18.02.1 to 18.11.10
Dpdk Data Plane Development Kit	From 19.02 to 19.11.5

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 20.04
Opensuse Leap	Version 15.1
Opensuse Leap	Version 15.2

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (14)

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html

Source: secalert@redhat.com

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/01/04/1

Source: secalert@redhat.com

Mailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/01/04/2

Source: secalert@redhat.com

Mailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/01/04/5

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1879466

Source: secalert@redhat.com

Issue TrackingTool Signature

https://www.openwall.com/lists/oss-security/2020/09/28/3

Source: secalert@redhat.com

Mailing ListPatchThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/01/04/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/01/04/2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/01/04/5

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1879466

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingTool Signature

https://www.openwall.com/lists/oss-security/2020/09/28/3

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

Timeline

No history available yet.