Vulnerability Details CVE-2021-28361
An issue was discovered in Storage Performance Development Kit (SPDK) before 20.01.01. If a PDU is sent to the iSCSI target with a zero length (but data is expected), the iSCSI target can crash with a NULL pointer dereference.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.7%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2021-28361
-
cpe:2.3:a:spdk:storage_performance_development_kit:1.0.0
-
cpe:2.3:a:spdk:storage_performance_development_kit:1.2.0
-
cpe:2.3:a:spdk:storage_performance_development_kit:16.06
-
cpe:2.3:a:spdk:storage_performance_development_kit:16.08
-
cpe:2.3:a:spdk:storage_performance_development_kit:16.12
-
cpe:2.3:a:spdk:storage_performance_development_kit:17.03
-
cpe:2.3:a:spdk:storage_performance_development_kit:17.07
-
cpe:2.3:a:spdk:storage_performance_development_kit:17.07.1
-
cpe:2.3:a:spdk:storage_performance_development_kit:17.10
-
cpe:2.3:a:spdk:storage_performance_development_kit:17.10.1
-
cpe:2.3:a:spdk:storage_performance_development_kit:18.01
-
cpe:2.3:a:spdk:storage_performance_development_kit:18.01.1
-
cpe:2.3:a:spdk:storage_performance_development_kit:18.04
-
cpe:2.3:a:spdk:storage_performance_development_kit:18.04.1
-
cpe:2.3:a:spdk:storage_performance_development_kit:18.07
-
cpe:2.3:a:spdk:storage_performance_development_kit:18.07.1
-
cpe:2.3:a:spdk:storage_performance_development_kit:18.10
-
cpe:2.3:a:spdk:storage_performance_development_kit:18.10.1
-
cpe:2.3:a:spdk:storage_performance_development_kit:19.01
-
cpe:2.3:a:spdk:storage_performance_development_kit:19.04
-
cpe:2.3:a:spdk:storage_performance_development_kit:19.04.1
-
cpe:2.3:a:spdk:storage_performance_development_kit:19.07
-
cpe:2.3:a:spdk:storage_performance_development_kit:19.07.1
-
cpe:2.3:a:spdk:storage_performance_development_kit:19.10
-
cpe:2.3:a:spdk:storage_performance_development_kit:19.10.1
-
cpe:2.3:a:spdk:storage_performance_development_kit:20.01