CVE-2022-2132

CVE Database · CVE-2022-2132

CVE-2022-2132

· HIGHModified

CVSS v3.1

8.6

EPSS

1.71%

Published

Aug 31, 2022

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Weaknesses (CWE)

CWE-791

Affected Products (14)

dpdk · data_plane_development_kit (up to 19.11)vulnerable

dpdk · data_plane_development_kit (up to 20.11)vulnerable

dpdk · data_plane_development_kit (up to 21.11)vulnerable

fedoraproject · fedoravulnerable

debian · debian_linuxvulnerable

redhat · enterprise_linux_fast_datapathvulnerable

redhat · openshift_container_platformvulnerable

References (6)

https://bugs.dpdk.org/show_bug.cgi?id=1031

ExploitIssue TrackingPatch

https://bugzilla.redhat.com/show_bug.cgi?id=2099475

ExploitIssue TrackingThird Party Advisory

https://lists.debian.org/debian-lts-announce/2022/09/msg00000.html

Mailing ListThird Party Advisory

https://bugs.dpdk.org/show_bug.cgi?id=1031

ExploitIssue TrackingPatch

https://bugzilla.redhat.com/show_bug.cgi?id=2099475

Exploit

KEV Catalog EPSS Scores Vendors All CVEs