CVE-2022-2132

2022-08-3116:15:10

CWE-791

[email protected]

web.nvd.nist.gov

110

dpdk

cve-2022-2132

allowed inputs

denial of service

remote attacker

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.9%

JSON

A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.

Affected configurations

Vulners

NVD

Node

dpdkdpdkRange≤21.11

dpdkdpdkRange≤20.11

dpdkdpdkRange≤19.11

VendorProductVersionCPE
dpdkdpdk*cpe:2.3:o:dpdk:dpdk:*:*:*:*:*:*:*:*
dpdkdpdk*cpe:2.3:o:dpdk:dpdk:*:*:*:*:*:*:*:*
dpdkdpdk*cpe:2.3:o:dpdk:dpdk:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dpdk	dpdk	*	cpe:2.3:o:dpdk:dpdk::::::::
dpdk	dpdk	*	cpe:2.3:o:dpdk:dpdk::::::::
dpdk	dpdk	*	cpe:2.3:o:dpdk:dpdk::::::::

CNA Affected

[
  {
    "product": "dpdk",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "dpdk 21.11, dpdk 20.11, dpdk 19.11"
      }
    ]
  }
]