CVE-2020-10723

CWE-190 — Integer Overflow13 documents10 sources

Severity

6.7MEDIUM

EPSS

0.1%

top 66.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dpdk Data Plane Development KIT Oracle Communications Session Border Controller [unknown] Dpdk +4 more

Timeline

PublishedMay 19

Latest updateMay 24

Description

A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:HExploitability: 0.8 | Impact: 4.2

Affected Packages7 packages

▶Debiandpdk< 19.11.2-1+3

▶Ubuntudpdk< 17.11.9-0ubuntu18.04.2+1

▶NVDdpdk/data_plane_development_kit17.05

▶CVEListV5[unknown]/dpdk18.11.8, 19.11.2, 20.02.1+2

▶NVDoracle/communications_session_border_controller8.2 — 8.4

Also affects: Fedora 32, Ubuntu Linux 18.04, 19.10, 20.04

Patches

Patch: bugs.dpdk.org ↗Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-4gq2-9rxc-45pg: A memory corruption issue was found in DPDK versions 17↗2022-05-24

▶

CVEList

CVE-2020-10723: A memory corruption issue was found in DPDK versions 17↗2020-05-19

▶

OSV

CVE-2020-10723: A memory corruption issue was found in DPDK versions 17↗2020-05-19

▶

OSV

dpdk vulnerabilities↗2020-05-18

▶

📋Vendor Advisories

Oracle

Oracle Oracle Communications Risk Matrix: System (DPDK) — CVE-2020-10723↗2021-01-15

▶

Red Hat

dpdk: librte_vhost Integer truncation in vhost_user_check_and_alloc_queue_pair()↗2020-05-18

▶

Ubuntu

DPDK vulnerabilities↗2020-05-18

▶

Microsoft

A memory corruption issue was found in DPDK versions 17.05 and above↗2020-05-12

▶

Debian

CVE-2020-10723: dpdk - A memory corruption issue was found in DPDK versions 17.05 and above. This flaw ...↗2020

▶

💬Community

Bugzilla

Update to dpdk-19.11.3↗2020-09-01

▶

Bugzilla

CVE-2020-10723 dpdk: librte_vhost Integer truncation in vhost_user_check_and_alloc_queue_pair() [fedora-all]↗2020-05-18

▶

Bugzilla

CVE-2020-10723 dpdk: librte_vhost Integer truncation in vhost_user_check_and_alloc_queue_pair()↗2020-04-28

▶