CVE-2019-9547 — Excessive Iteration in Storage Performance Development KIT

CWE-834 — Excessive Iteration2 documents2 sources

Severity

5.3MEDIUMNVD

EPSS

0.3%

top 46.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Spdk Storage Performance Development KIT

Timeline

PublishedMar 1

Latest updateMay 13

Description

In Storage Performance Development Kit (SPDK) before 19.01, a malicious vhost client (i.e., virtual machine) could carefully construct a circular descriptor chain that would result in a partial denial of service in the SPDK vhost target, because the vhost target did not properly detect such chains.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

▶NVDspdk/storage_performance_development_kit< 19.01

🔴Vulnerability Details

GHSA

GHSA-m5p3-37gc-m3x3: In Storage Performance Development Kit (SPDK) before 19↗2022-05-13

▶