GHSA-5m5w-w2h2-fqgq

Suggest an improvement
Source
https://github.com/advisories/GHSA-5m5w-w2h2-fqgq
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/10/GHSA-5m5w-w2h2-fqgq/GHSA-5m5w-w2h2-fqgq.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-5m5w-w2h2-fqgq
Aliases
Published
2025-10-01T15:30:34Z
Modified
2025-10-22T00:25:52.460697Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H CVSS Calculator
Summary
SPDK is vulnerable to buffer overflow in the NVMe-oF target component
Details

Storage Performance Development Kit (SPDK) 25.05 is vulnerable to Buffer Overflow in the NVMe-oF target component in SPDK - lib/nvmf.

Database specific 
{
    "github_reviewed_at": "2025-10-01T19:43:22Z",
    "cwe_ids": [
        "CWE-119",
        "CWE-120"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "nvd_published_at": "2025-10-01T15:15:47Z"
}
References

Affected packages

PyPI / spdk

Package

Name
spdk
View open source insights on deps.dev
Purl
pkg:pypi/spdk

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
25.9

Affected versions

25.*

25.5
25.5.1