All the vulnerabilites related to redhat - enterprise_linux_fast_datapath
Vulnerability from fkie_nvd
Published
2022-08-23 16:15
Modified
2024-11-21 06:22
Severity ?
Summary
A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2021-3839 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2025882 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://github.com/DPDK/dpdk/commit/6442c329b9d2ded0f44b27d2016aaba8ba5844c5 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2021-3839 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2025882 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/DPDK/dpdk/commit/6442c329b9d2ded0f44b27d2016aaba8ba5844c5 | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dpdk | data_plane_development_kit | * | |
| dpdk | data_plane_development_kit | 22.03 | |
| dpdk | data_plane_development_kit | 22.03 | |
| dpdk | data_plane_development_kit | 22.03 | |
| fedoraproject | fedora | 35 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 | |
| redhat | enterprise_linux_fast_datapath | 7.0 | |
| redhat | enterprise_linux_fast_datapath | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A0B4C63-3F60-4058-AF0C-F5AEE921CB01",
"versionEndExcluding": "22.03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CB0AB20E-A20A-4087-B944-6A1B6E7E936B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4A0E6108-A040-4749-85A6-C1DA127F482A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc3:*:*:*:*:*:*",
"matchCriteriaId": "844676DA-EA6F-4DA7-8248-6AD0139CC919",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:enterprise_linux_fast_datapath:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "559A4609-EC7E-40CD-9165-5DA68CBCEE9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:enterprise_linux_fast_datapath:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BAE5723C-165D-4427-A8DF-82662A2E7A9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg-\u003epayload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability."
},
{
"lang": "es",
"value": "Se ha encontrado un fallo en la biblioteca vhost de DPDK. La funci\u00f3n vhost_user_set_inflight_fd() no comprueba \"msg-)payload.inflight.num_queues\", causando posiblemente una lectura/escritura de memoria fuera de l\u00edmites. Cualquier software usando la biblioteca DPDK vhost puede fallar como resultado de esta vulnerabilidad."
}
],
"id": "CVE-2021-3839",
"lastModified": "2024-11-21T06:22:36.400",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-23T16:15:10.087",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3839"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025882"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/DPDK/dpdk/commit/6442c329b9d2ded0f44b27d2016aaba8ba5844c5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/DPDK/dpdk/commit/6442c329b9d2ded0f44b27d2016aaba8ba5844c5"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-24 18:29
Modified
2024-11-21 03:59
Severity ?
Summary
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | ubuntu_linux | 17.10 | |
| canonical | ubuntu_linux | 18.04 | |
| redhat | ceph_storage | 3.0 | |
| redhat | enterprise_linux_fast_datapath | 7.0 | |
| redhat | openshift | 3.0 | |
| redhat | openstack | 8 | |
| redhat | openstack | 9 | |
| redhat | openstack | 10 | |
| redhat | openstack | 11 | |
| redhat | openstack | 12 | |
| redhat | virtualization | 4.0 | |
| redhat | virtualization | 4.1 | |
| redhat | virtualization_manager | 4.1 | |
| redhat | enterprise_linux | 7.0 | |
| dpdk | data_plane_development_kit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "516F4E8E-ED2F-4282-9DAB-D8B378F61258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:enterprise_linux_fast_datapath:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "559A4609-EC7E-40CD-9165-5DA68CBCEE9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "45690263-84D9-45A1-8C30-3ED2F0F11F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B8C725-34CF-4340-BE7B-37E58CF706D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*",
"matchCriteriaId": "F40C26BE-56CB-4022-A1D8-3CA0A8F87F4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*",
"matchCriteriaId": "E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*",
"matchCriteriaId": "4E9AF77C-5D49-4842-9817-AD710A919073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4AC996-B340-4A14-86F7-FF83B4D5EC8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:virtualization:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03EB0F63-DB24-4240-BC44-C92BAE7EAF42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:virtualization_manager:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF786B57-02C3-48B7-B902-318356B3A3B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "723DDE45-6CD8-4486-B742-FCFA0EA88873",
"versionEndExcluding": "18.02.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable."
},
{
"lang": "es",
"value": "La interfaz vhost de usuario de DPDK no verifica que el rango f\u00edsico invitado solicitado est\u00e9 mapeado y sea contiguo al realizar traducciones de direcciones f\u00edsicas de invitado a direcciones virtuales del host. Esto podr\u00eda conducir a que un invitado malicioso exponga la memoria del proceso del backend del usuario vhost. Todas las versiones anteriores a la 18.02.1 son vulnerables."
}
],
"id": "CVE-2018-1059",
"lastModified": "2024-11-21T03:59:05.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-24T18:29:00.233",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1267"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2018:2038"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2018:2102"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2018:2524"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2018-1059"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1544298"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3642-1/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3642-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2018:2038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2018:2102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2018:2524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2018-1059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1544298"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3642-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3642-2/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-14 17:15
Modified
2024-11-21 04:27
Severity ?
Summary
A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dpdk | data_plane_development_kit | * | |
| dpdk | data_plane_development_kit | * | |
| dpdk | data_plane_development_kit | * | |
| dpdk | data_plane_development_kit | * | |
| redhat | enterprise_linux_fast_datapath | 7.0 | |
| redhat | enterprise_linux_fast_datapath | 8.0 | |
| redhat | openstack | 10 | |
| redhat | virtualization_eus | 4.2 | |
| fedoraproject | fedora | 31 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "122B11D1-C06A-4502-B91D-587FAF4EF42B",
"versionEndExcluding": "16.11.10",
"versionStartIncluding": "16.04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D206630-55D1-494F-9387-FA39BDBBF83B",
"versionEndExcluding": "17.11.8",
"versionStartIncluding": "17.02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4470ED65-4A5E-4A73-81F8-36A74F810923",
"versionEndExcluding": "18.11.4",
"versionStartIncluding": "18.02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3285324-00CB-4F5C-BF3C-096804336F99",
"versionEndExcluding": "19.08.1",
"versionStartIncluding": "19.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:enterprise_linux_fast_datapath:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "559A4609-EC7E-40CD-9165-5DA68CBCEE9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:enterprise_linux_fast_datapath:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BAE5723C-165D-4427-A8DF-82662A2E7A9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*",
"matchCriteriaId": "E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:virtualization_eus:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "366EA5C8-C014-477E-9567-C0F67D112E87",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en todas las versiones de dpdk 17.xx anteriores a 17.11.8, versiones 16.xx anteriores a 16.11.10, versiones 18.xx anteriores a 18.11.4 y versiones 19.xx anteriores a 19.08.1, donde un maestro malicioso o un contenedor con acceso al socket vhost_user, puede enviar mensajes de VRING_SET_NUM especialmente dise\u00f1ados, resultando en una p\u00e9rdida de memoria incluyendo descriptores de archivo. Este fallo podr\u00eda conllevar a una condici\u00f3n de denegaci\u00f3n de servicio."
}
],
"id": "CVE-2019-14818",
"lastModified": "2024-11-21T04:27:25.607",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-14T17:15:14.757",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0165"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0166"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0168"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0171"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0172"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=363"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14818"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ULJ3C7OVBOEVDGSHYC3VCLSUHANGTFFP/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ULJ3C7OVBOEVDGSHYC3VCLSUHANGTFFP/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-23 16:15
Modified
2024-11-21 06:22
Severity ?
Summary
A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openvswitch | openvswitch | * | |
| redhat | enterprise_linux_fast_datapath | 7.0 | |
| redhat | enterprise_linux_fast_datapath | 8.0 | |
| canonical | ubuntu_linux | 21.10 | |
| fedoraproject | fedora | 35 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59369EE4-B970-4222-AA4E-276928B1016B",
"versionEndExcluding": "2.17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:enterprise_linux_fast_datapath:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "559A4609-EC7E-40CD-9165-5DA68CBCEE9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:enterprise_linux_fast_datapath:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BAE5723C-165D-4427-A8DF-82662A2E7A9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AAE4D2D0-CEEB-416F-8BC5-A7987DF56190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments."
},
{
"lang": "es",
"value": "Se ha encontrado una p\u00e9rdida de memoria en Open vSwitch (OVS) durante el procesamiento de la fragmentaci\u00f3n IP en el espacio de usuario. Un atacante podr\u00eda usar este fallo para agotar potencialmente la memoria disponible al seguir enviando fragmentos de paquetes."
}
],
"id": "CVE-2021-3905",
"lastModified": "2024-11-21T06:22:44.723",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-23T16:15:10.177",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3905"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019692"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openvswitch/ovs-issues/issues/226"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/202311-16"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://ubuntu.com/security/CVE-2021-3905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openvswitch/ovs-issues/issues/226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202311-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://ubuntu.com/security/CVE-2021-3905"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-31 16:15
Modified
2024-11-21 07:00
Severity ?
Summary
A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugs.dpdk.org/show_bug.cgi?id=1031 | Exploit, Issue Tracking, Patch, Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2099475 | Exploit, Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2022/09/msg00000.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.dpdk.org/show_bug.cgi?id=1031 | Exploit, Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2099475 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/09/msg00000.html | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dpdk | data_plane_development_kit | * | |
| dpdk | data_plane_development_kit | * | |
| dpdk | data_plane_development_kit | * | |
| fedoraproject | fedora | 36 | |
| debian | debian_linux | 10.0 | |
| redhat | enterprise_linux_fast_datapath | 7.0 | |
| redhat | enterprise_linux_fast_datapath | 8.0 | |
| redhat | enterprise_linux_fast_datapath | 9.0 | |
| redhat | openshift_container_platform | 4.0 | |
| redhat | openstack_platform | 13.0 | |
| redhat | virtualization | 4.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8A8EE19-B645-42D8-BA6E-D2A8274D332A",
"versionEndExcluding": "19.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA708F93-E77D-46C8-A9D7-F4AA3CA0B6A4",
"versionEndExcluding": "20.11",
"versionStartIncluding": "20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2219AA25-C6E6-4CF3-BFC5-C22E927EF104",
"versionEndExcluding": "21.11",
"versionStartIncluding": "21.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:enterprise_linux_fast_datapath:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "559A4609-EC7E-40CD-9165-5DA68CBCEE9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:enterprise_linux_fast_datapath:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BAE5723C-165D-4427-A8DF-82662A2E7A9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:enterprise_linux_fast_datapath:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "43EF9495-C5E2-4C57-9565-28668BE1EBD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack_platform:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52600BF-9E87-4CD2-91F3-685AFE478C1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK."
},
{
"lang": "es",
"value": "Se ha encontrado un fallo en la lista de entradas permitidas en DPDK. Este problema permite a un atacante remoto causar una denegaci\u00f3n de servicio al enviar un encabezado Vhost dise\u00f1ado a DPDK"
}
],
"id": "CVE-2022-2132",
"lastModified": "2024-11-21T07:00:23.680",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-31T16:15:10.770",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=1031"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099475"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=1031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099475"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00000.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-791"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2018-1059
Vulnerability from cvelistv5
Published
2018-04-24 18:00
Modified
2024-09-17 00:46
Severity ?
EPSS score ?
Summary
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:2524 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2018:2102 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/cve-2018-1059 | x_refsource_MISC | |
| https://usn.ubuntu.com/3642-2/ | vendor-advisory, x_refsource_UBUNTU | |
| https://access.redhat.com/errata/RHSA-2018:2038 | vendor-advisory, x_refsource_REDHAT | |
| https://usn.ubuntu.com/3642-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://access.redhat.com/errata/RHSA-2018:1267 | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1544298 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Red Hat, Inc. | DPDK |
Version: before 18.02.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:44:11.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:2524",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2524"
},
{
"name": "RHSA-2018:2102",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2102"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2018-1059"
},
{
"name": "USN-3642-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3642-2/"
},
{
"name": "RHSA-2018:2038",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2038"
},
{
"name": "USN-3642-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3642-1/"
},
{
"name": "RHSA-2018:1267",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1267"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1544298"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DPDK",
"vendor": "Red Hat, Inc.",
"versions": [
{
"status": "affected",
"version": "before 18.02.1"
}
]
}
],
"datePublic": "2018-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-21T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2018:2524",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2524"
},
{
"name": "RHSA-2018:2102",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2102"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2018-1059"
},
{
"name": "USN-3642-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3642-2/"
},
{
"name": "RHSA-2018:2038",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2038"
},
{
"name": "USN-3642-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3642-1/"
},
{
"name": "RHSA-2018:1267",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1267"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1544298"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-04-23T00:00:00",
"ID": "CVE-2018-1059",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DPDK",
"version": {
"version_data": [
{
"version_value": "before 18.02.1"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:2524",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2524"
},
{
"name": "RHSA-2018:2102",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2102"
},
{
"name": "https://access.redhat.com/security/cve/cve-2018-1059",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2018-1059"
},
{
"name": "USN-3642-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3642-2/"
},
{
"name": "RHSA-2018:2038",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2038"
},
{
"name": "USN-3642-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3642-1/"
},
{
"name": "RHSA-2018:1267",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1267"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1544298",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1544298"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-1059",
"datePublished": "2018-04-24T18:00:00Z",
"dateReserved": "2017-12-04T00:00:00",
"dateUpdated": "2024-09-17T00:46:47.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3839
Vulnerability from cvelistv5
Published
2022-08-23 15:52
Modified
2024-08-03 17:09
Severity ?
EPSS score ?
Summary
A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2025882 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/CVE-2021-3839 | x_refsource_MISC | |
| https://github.com/DPDK/dpdk/commit/6442c329b9d2ded0f44b27d2016aaba8ba5844c5 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025882"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3839"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/DPDK/dpdk/commit/6442c329b9d2ded0f44b27d2016aaba8ba5844c5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dpdk",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in dpdk v22.03"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg-\u003epayload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 - Out-of-bounds Read | CWE-787 - Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-23T15:52:42",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025882"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3839"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/DPDK/dpdk/commit/6442c329b9d2ded0f44b27d2016aaba8ba5844c5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dpdk",
"version": {
"version_data": [
{
"version_value": "Fixed in dpdk v22.03"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg-\u003epayload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 - Out-of-bounds Read | CWE-787 - Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2025882",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025882"
},
{
"name": "https://access.redhat.com/security/cve/CVE-2021-3839",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/CVE-2021-3839"
},
{
"name": "https://github.com/DPDK/dpdk/commit/6442c329b9d2ded0f44b27d2016aaba8ba5844c5",
"refsource": "MISC",
"url": "https://github.com/DPDK/dpdk/commit/6442c329b9d2ded0f44b27d2016aaba8ba5844c5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3839",
"datePublished": "2022-08-23T15:52:42",
"dateReserved": "2021-09-29T00:00:00",
"dateUpdated": "2024-08-03T17:09:09.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14818
Vulnerability from cvelistv5
Published
2019-11-14 00:00
Modified
2024-08-05 00:26
Severity ?
EPSS score ?
Summary
A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:26:39.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2019-019df9a459",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ULJ3C7OVBOEVDGSHYC3VCLSUHANGTFFP/"
},
{
"name": "RHSA-2020:0166",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0166"
},
{
"name": "RHSA-2020:0165",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0165"
},
{
"name": "RHSA-2020:0168",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0168"
},
{
"name": "RHSA-2020:0172",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0172"
},
{
"name": "RHSA-2020:0171",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0171"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14818"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=363"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dpdk",
"vendor": "DPDK",
"versions": [
{
"status": "affected",
"version": "all dpdk version 17.x.x before 17.11.8"
},
{
"status": "affected",
"version": "all dpdk version 16.x.x before 16.11.10"
},
{
"status": "affected",
"version": "all dpdk version 18.x.x before 18.11.4"
},
{
"status": "affected",
"version": "all dpdk version 19.x.x before 19.08.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2019-019df9a459",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ULJ3C7OVBOEVDGSHYC3VCLSUHANGTFFP/"
},
{
"name": "RHSA-2020:0166",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0166"
},
{
"name": "RHSA-2020:0165",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0165"
},
{
"name": "RHSA-2020:0168",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0168"
},
{
"name": "RHSA-2020:0172",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0172"
},
{
"name": "RHSA-2020:0171",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0171"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14818"
},
{
"url": "https://bugs.dpdk.org/show_bug.cgi?id=363"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-14818",
"datePublished": "2019-11-14T00:00:00",
"dateReserved": "2019-08-10T00:00:00",
"dateUpdated": "2024-08-05T00:26:39.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2132
Vulnerability from cvelistv5
Published
2022-08-31 15:32
Modified
2024-08-03 00:24
Severity ?
EPSS score ?
Summary
A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2099475 | x_refsource_MISC | |
| https://bugs.dpdk.org/show_bug.cgi?id=1031 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2022/09/msg00000.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099475"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=1031"
},
{
"name": "[debian-lts-announce] 20220902 [SECURITY] [DLA 3092-1] dpdk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dpdk",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "dpdk 21.11, dpdk 20.11, dpdk 19.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-791",
"description": "CWE-791-\u003eCWE-183-\u003eCWE-641-\u003eCWE-770",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-02T06:06:28",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099475"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=1031"
},
{
"name": "[debian-lts-announce] 20220902 [SECURITY] [DLA 3092-1] dpdk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2022-2132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dpdk",
"version": {
"version_data": [
{
"version_value": "dpdk 21.11, dpdk 20.11, dpdk 19.11"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-791-\u003eCWE-183-\u003eCWE-641-\u003eCWE-770"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2099475",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099475"
},
{
"name": "https://bugs.dpdk.org/show_bug.cgi?id=1031",
"refsource": "MISC",
"url": "https://bugs.dpdk.org/show_bug.cgi?id=1031"
},
{
"name": "[debian-lts-announce] 20220902 [SECURITY] [DLA 3092-1] dpdk security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-2132",
"datePublished": "2022-08-31T15:32:58",
"dateReserved": "2022-06-20T00:00:00",
"dateUpdated": "2024-08-03T00:24:44.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3905
Vulnerability from cvelistv5
Published
2022-08-23 00:00
Modified
2024-08-03 17:09
Severity ?
EPSS score ?
Summary
A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | openvswitch (ovs) |
Version: Fixed in v2.17.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019692"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3905"
},
{
"tags": [
"x_transferred"
],
"url": "https://ubuntu.com/security/CVE-2021-3905"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openvswitch/ovs-issues/issues/226"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349"
},
{
"name": "GLSA-202311-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openvswitch (ovs)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in v2.17.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 - Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-26T11:06:13.552890",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019692"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-3905"
},
{
"url": "https://ubuntu.com/security/CVE-2021-3905"
},
{
"url": "https://github.com/openvswitch/ovs-issues/issues/226"
},
{
"url": "https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349"
},
{
"name": "GLSA-202311-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-16"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3905",
"datePublished": "2022-08-23T00:00:00",
"dateReserved": "2021-10-26T00:00:00",
"dateUpdated": "2024-08-03T17:09:09.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}