PT-2021-17848 · Unknown · Storage Performance Development Kit

Published

2021-03-13

Updated

2021-03-18

CVE-2021-28361

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Storage Performance Development Kit (SPDK) versions prior to 20.01.01

Description: An issue was discovered in the Storage Performance Development Kit (SPDK). If a PDU is sent to the iSCSI target with a zero length (but data is expected), the iSCSI target can crash with a NULL pointer dereference.

Recommendations: For versions prior to 20.01.01, update to version 20.01.01 or later to resolve the issue. As a temporary workaround, consider restricting access to the iSCSI target to minimize the risk of exploitation.

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

AZL-38836

AZL-39466

CVE-2021-28361

Affected Products

Storage Performance Development Kit

PT-2021-17848 · Unknown · Storage Performance Development Kit

CVE-2021-28361

Weakness Enumeration

Related Identifiers

Affected Products

References · 7