CVE-2019-9547

{"id": "CVE-2019-9547", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2019-03-01T22:29:00.277", "references": [{"url": "https://github.com/spdk/spdk/commit/eca42c66092b9031711afe215fbc1891ee55f143", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/spdk/spdk/releases/tag/v19.01", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/spdk/spdk/commit/eca42c66092b9031711afe215fbc1891ee55f143", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/spdk/spdk/releases/tag/v19.01", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-834"}]}], "descriptions": [{"lang": "en", "value": "In Storage Performance Development Kit (SPDK) before 19.01, a malicious vhost client (i.e., virtual machine) could carefully construct a circular descriptor chain that would result in a partial denial of service in the SPDK vhost target, because the vhost target did not properly detect such chains."}, {"lang": "es", "value": "En Storage Performance Development Kit (SPDK), en versiones anteriores a la 19.01, un cliente vhost malicioso (m\u00e1quina virtual) podr\u00eda construir cuidadosamente una cadena de descriptor circular que resultar\u00eda en una denegaci\u00f3n de servicio (DoS) parcial en el objetivo vhost de SPDK. Esto se debe a que el objetivo vhost no detect\u00f3 correctamente tales cadenas."}], "lastModified": "2024-11-21T04:51:50.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:spdk:storage_performance_development_kit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3112653E-39EC-42B4-B710-3B0937CA6F76", "versionEndExcluding": "19.01"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}