Vulnerabilities > CVE-2019-9547 - Excessive Iteration vulnerability in Spdk Storage Performance Development KIT

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

LOW

network

low complexity

spdk

CWE-834

NVD

Published: 2019-03-01

Updated: 2021-07-21

Summary

In Storage Performance Development Kit (SPDK) before 19.01, a malicious vhost client (i.e., virtual machine) could carefully construct a circular descriptor chain that would result in a partial denial of service in the SPDK vhost target, because the vhost target did not properly detect such chains.

Vulnerable Configurations

Part	Description	Count
Application	Spdk Spdk Storage Performance Development KIT 1.0.0 Spdk Storage Performance Development KIT 1.2.0 Spdk Storage Performance Development KIT 16.06 Spdk Storage Performance Development KIT 16.08 Spdk Storage Performance Development KIT 16.12 Spdk Storage Performance Development KIT 17.03 Spdk Storage Performance Development KIT 17.07 Spdk Storage Performance Development KIT 17.07.1 Spdk Storage Performance Development KIT 17.10 Spdk Storage Performance Development KIT 17.10.1 Spdk Storage Performance Development KIT 18.01 Spdk Storage Performance Development KIT 18.01.1 Spdk Storage Performance Development KIT 18.04 Spdk Storage Performance Development KIT 18.04.1 Spdk Storage Performance Development KIT 18.07 Spdk Storage Performance Development KIT 18.07.1 Spdk Storage Performance Development KIT 18.10 Spdk Storage Performance Development KIT 18.10.1	18

Common Weakness Enumeration (CWE)

CWE-834 - Excessive Iteration

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References