CVE-2020-10723
published 2020-05-19CVE-2020-10723: A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain…
medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | dpdk | < dpdk 19.11.2-1 (bookworm) | dpdk 19.11.2-1 (bookworm) |
| dpdk | data_plane_development_kit | <= 17.05 | — |
| dpdk | dpdk | >= 0 < 19.11.2-1 | 19.11.2-1 |
| dpdk | dpdk | >= 0 < 19.11.2-1 | 19.11.2-1 |
| dpdk | dpdk | >= 0 < 19.11.2-1 | 19.11.2-1 |
| dpdk | dpdk | >= 0 < 19.11.2-1 | 19.11.2-1 |
| dpdk | dpdk | >= 0 < 17.11.9-0ubuntu18.04.2 | 17.11.9-0ubuntu18.04.2 |
| dpdk | dpdk | >= 0 < 19.11.1-0ubuntu1.1 | 19.11.1-0ubuntu1.1 |
| fedoraproject | fedora | — | — |
| msrc | azl3_ceph_18.2.2-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_ceph_18.2.2-8_on_azure_linux_3.0 | — | — |
| msrc | cbl2_ceph_16.2.10-7_on_cbl_mariner_2.0 | — | — |
| opensuse | leap | — | — |
| oracle | communications_session_border_controller | 8.2 – 8.4 | — |
| oracle | enterprise_communications_broker | — | — |
| oracle | enterprise_communications_broker | — | — |
CVSS provenance
nvdv3.16.7MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
osv6.7MEDIUM