Permissive List of Allowed Inputs

CVE-2022-2132

High

8.6/10

Summary

A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK. The affected versions are prior to 19.11.13, 20.x prior to 20.11.6, and 21.x prior to 21.11.2.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: CHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-183 - Permissive List of Allowed Inputs

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because the inputs are assumed to be safe, but the list is too permissive - that is, it allows an input that is unsafe, leading to resultant weaknesses.

References

Issue
Issue
Advisory

Advisory Timeline

Published Aug 31, 2022

Permissive List of Allowed Inputs

CVE-2022-2132

Summary

CWE-183 - Permissive List of Allowed Inputs

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS