CVE-2020-14376

Published: Sep 30, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability: 1.1 / Impact: 6.0

Source: NVD

Description

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Affected (5)

Products: Dpdk: Data Plane Development Kit · Canonical: Ubuntu Linux · Opensuse: Leap

1 product

Data Plane Development Kit

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Dpdk Data Plane Development Kit	From 18.02.1 to 18.11.10
Dpdk Data Plane Development Kit	From 19.02 to 19.11.5

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 20.04
Opensuse Leap	Version 15.1
Opensuse Leap	Version 15.2

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (16)

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html

Source: secalert@redhat.com

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html

Source: secalert@redhat.com

Third Party Advisory

http://www.openwall.com/lists/oss-security/2021/01/04/1

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/01/04/2

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/01/04/5

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1879470

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://usn.ubuntu.com/4550-1/

Source: secalert@redhat.com

Third Party Advisory

https://www.openwall.com/lists/oss-security/2020/09/28/3

Source: secalert@redhat.com

Mailing ListPatchThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.openwall.com/lists/oss-security/2021/01/04/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/01/04/2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/01/04/5

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1879470

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://usn.ubuntu.com/4550-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.openwall.com/lists/oss-security/2020/09/28/3

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

Timeline

No history available yet.