x/vulndb: potential Go vuln in github.com/spdk/spdk: CVE-2019-14940 #2241

tatianab · 2023-11-08T22:04:26Z

CVE-2019-14940 references github.com/spdk/spdk, which may be a Go module.

Description:
In Storage Performance Development Kit (SPDK) before 19.07, a user of a vhost can cause a crash if the target is sent invalid input.

References:

NIST: https://nvd.nist.gov/vuln/detail/CVE-2019-14940
web: https://github.com/spdk/spdk/releases/tag/v19.07
Imported by: https://pkg.go.dev/github.com/spdk/spdk?tab=importedby

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/spdk/spdk
      vulnerable_at: 19.10.1+incompatible
      packages:
        - package: n/a
cves:
    - CVE-2019-14940
references:
    - web: https://github.com/spdk/spdk/releases/tag/v19.07

The text was updated successfully, but these errors were encountered:

gopherbot · 2023-11-08T22:28:41Z

Change https://go.dev/cl/540721 mentions this issue: data/excluded: batch add 135 excluded reports

tatianab added the excluded: LEGACY_FALSE_POSITIVE (DO NOT USE) Vulnerability marked as false positive before we introduced the triage process label Nov 8, 2023

gopherbot closed this as completed in 497caf9 Nov 8, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/spdk/spdk: CVE-2019-14940 #2241

x/vulndb: potential Go vuln in github.com/spdk/spdk: CVE-2019-14940 #2241

tatianab commented Nov 8, 2023

gopherbot commented Nov 8, 2023

x/vulndb: potential Go vuln in github.com/spdk/spdk: CVE-2019-14940 #2241

x/vulndb: potential Go vuln in github.com/spdk/spdk: CVE-2019-14940 #2241

Comments

tatianab commented Nov 8, 2023

gopherbot commented Nov 8, 2023