Skip to main content

Permissive List of Allowed Inputs


Severity High
Score 8.6/10


A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK. The affected versions are prior to 19.11.13, 20.x prior to 20.11.6, and 21.x prior to 21.11.2.

  • LOW
  • NONE
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-183 - Permissive List of Allowed Inputs

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because the inputs are assumed to be safe, but the list is too permissive - that is, it allows an input that is unsafe, leading to resultant weaknesses.

Advisory Timeline

  • Published