Skip to main content

Data Plane Development Kit CVE-2020-10724

MEDIUM
Integer Overflow or Wraparound (CWE-190)
2020-05-19 secalert@redhat.com
4.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.4 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
May 19, 2020 - 19:15 nvd
MEDIUM 4.4

DescriptionNVD

A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read.

AnalysisAI

A vulnerability was found in DPDK versions 18.11 and above. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Technical ContextAI

This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read. Affected products include: Dpdk Data Plane Development Kit, Canonical Ubuntu Linux, Fedoraproject Fedora.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.

CVE-2022-2132 HIGH POC
8.6 Aug 31

A permissive list of allowed inputs flaw was found in DPDK. Rated high severity (CVSS 8.6), this vulnerability is remote

CVE-2020-14374 HIGH
8.8 Sep 30

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Rated high severity (CVSS 8.8), this vulnerabil

CVE-2020-14376 HIGH
7.8 Sep 30

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Rated high severity (CVSS 7.8). This Buffer Cop

CVE-2020-14375 HIGH
7.8 Sep 30

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Rated high severity (CVSS 7.8).

CVE-2020-10725 HIGH
7.7 May 20

A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhos

CVE-2019-14818 HIGH
7.5 Nov 14

A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x bef

CVE-2020-14377 HIGH
7.1 Sep 30

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Rated high severity (CVSS 7.1), this vulnerabil

CVE-2020-10723 MEDIUM
6.7 May 19

A memory corruption issue was found in DPDK versions 17.05 and above. Rated medium severity (CVSS 6.7), this vulnerabili

CVE-2020-10722 MEDIUM
6.7 May 19

A vulnerability was found in DPDK versions 18.05 and above. Rated medium severity (CVSS 6.7), this vulnerability is low

CVE-2022-28199 MEDIUM
6.5 Sep 01

NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where

CVE-2022-0669 MEDIUM
6.5 Aug 29

A flaw was found in dpdk. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Uncontroll

CVE-2018-1059 MEDIUM
6.1 Apr 24

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contigu

Share

CVE-2020-10724 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy