8.8 - CVE-2020-14374

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Informations
Name	CVE-2020-14374	First vendor Publication	2020-09-30
Vendor	Cve	Last vendor Modification	2022-10-29

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Overall CVSS Score	8.8
Base Score	8.8	Environmental Score	8.8
impact SubScore	6	Temporal Score	8.8
Exploitabality Sub Score	2

Attack Vector	Local	Attack Complexity	Low
Privileges Required	Low	User Interaction	None
Scope	Changed	Confidentiality Impact	High
Integrity Impact	High	Availability Impact	High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	7.2	Attack Range	Local
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	3.9	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhost_crypto application. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14374

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

Type	Description	Count
Application	Dpdk Data Plane Development Kit cpe:2.3:a:dpdk:data_plane_development_kit:19.11:::::::* cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc1:::::: cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc2:::::: cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc3:::::: cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc4:::::: cpe:2.3:a:dpdk:data_plane_development_kit::::::::	6
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::	1
Os	Opensuse Leap cpe:2.3:o:opensuse:leap:15.2:::::::* cpe:2.3:o:opensuse:leap:15.1:::::::*	2

Sources (Detail)

Source	Url
MISC	https://bugzilla.redhat.com/show_bug.cgi?id=1879466 https://www.openwall.com/lists/oss-security/2020/09/28/3
MLIST	http://www.openwall.com/lists/oss-security/2021/01/04/1 http://www.openwall.com/lists/oss-security/2021/01/04/2 http://www.openwall.com/lists/oss-security/2021/01/04/5
SUSE	http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html

Alert History

If you want to see full details history, please login or register.

Date	Informations
2022-10-29 09:28:03	Multiple Updates
2022-09-02 01:50:54	Multiple Updates
2021-05-04 13:47:57	Multiple Updates
2021-04-22 02:59:06	Multiple Updates
2021-01-04 21:23:16	Multiple Updates
2020-10-08 17:22:49	Multiple Updates
2020-10-04 12:28:04	Multiple Updates
2020-10-03 17:22:53	Multiple Updates
2020-10-01 17:22:50	Multiple Updates
2020-10-01 05:22:50	First insertion

Type	Count
CWE ID(s)	1
CPE ID(s)	9
Sources(s)	7

8.8 - CVE-2020-14374

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Sources (Detail)

Alert History

Global Informations

Open Standards

COMPANY

STANDARDS

RECENT POSTS

MENU