Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-14377

EPSS 0.06% · P20
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-14377

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an attacker in a virtual machine to read significant amounts of host memory. The highest threat from this vulnerability is to data confidentiality and system availability.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨界内存读
Source: NVD (National Vulnerability Database)
Vulnerability Title
Ubuntu DPDK 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
DPDK是一款基于Linux平台的数据平面开发套件。该产品支持在多种CPU架构上执行数据包处理。 DPDK 18.11.10之前版本和19.11.5之前版本存在缓冲区错误漏洞。该漏洞源于DPDK未能正确处理 vhost crypto,攻击者可以利用该漏洞发起拒绝服务攻击、信息泄露、远程代码执行等攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-dpdk All dpdk versions before 18.11.10 and before 19.11.5 -

II. Public POCs for CVE-2020-14377

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2020-14377

登录查看更多情报信息。

Same Patch Batch · n/a · 2020-09-30 · 45 CVEs total

CVE-2020-261607.5 HIGHjwt-go 安全漏洞
CVE-2020-15849desk2.3 SettingsController SQL注入漏洞
CVE-2020-13951Apache OpenMeetings 安全漏洞
CVE-2020-25816HashiCorp Vault和Vault Enterprise 安全漏洞
CVE-2020-25830MantisBT 跨站脚本漏洞
CVE-2020-12870RainbowFish PacsOne Server SQL注入漏洞
CVE-2020-12715RainbowFish PacsOne Server 代码问题漏洞
CVE-2020-13952Apache Superset 安全漏洞
CVE-2020-12869RainbowFish PacsOne Server 跨站脚本漏洞
CVE-2020-25781MantisBT 安全漏洞
CVE-2020-14375Ubuntu DPDK 代码问题漏洞
CVE-2020-14374Ubuntu DPDK copy_data安全漏洞
CVE-2020-15488desk 代码问题漏洞
CVE-2020-15487Desk SQL注入漏洞
CVE-2020-19676Nacos 信息泄露漏洞
CVE-2020-24721Google Apple GAEN 安全漏洞
CVE-2020-19672Niushop B2B2C 代码问题漏洞
CVE-2019-18991Qualcomm 芯片和D-Link DWR-116授权问题漏洞
CVE-2019-18990多款 Realtek 授权问题漏洞
CVE-2019-18989Mediatek MT7620N 授权问题漏洞

Showing top 20 of 45 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: dpdk
Same vendor: n/a
Same weakness: CWE-125

V. Comments for CVE-2020-14377

No comments yet

Leave a comment