CVE-2015-0847 — NBD vulnerability

CWE-1710 documents6 sources

Severity

7.8HIGHNVD

OSV7.5

EPSS

2.6%

top 14.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wouter Verhelst NBD Debian NBD Canonical Ubuntu Linux

Timeline

PublishedMay 29

Latest updateMay 17

Description

nbd-server.c in Network Block Device (nbd-server) before 3.11 does not properly handle signals, which allows remote attackers to cause a denial of service (deadlock) via unspecified vectors.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages4 packages

▶debiandebian/nbd< nbd 1:3.10-1 (bookworm)

▶Debianwouter_verhelst/nbd< 1:3.10-1+3

▶Ubuntuwouter_verhelst/nbd< 1:3.7-1ubuntu0.1

▶NVDwouter_verhelst/nbd3.10

Also affects: Ubuntu Linux 12.04, 14.04, 14.10, 15.04

Patches

Patch: sourceforge.net ↗Patch: sourceforge.net ↗

🔴Vulnerability Details

GHSA

GHSA-m79m-w7q9-8mx9: nbd-server↗2022-05-17

▶

OSV

nbd vulnerabilities↗2015-07-22

▶

OSV

CVE-2015-0847: nbd-server↗2015-05-29

▶

📋Vendor Advisories

Ubuntu

NBD vulnerabilities↗2015-07-22

▶

Debian

CVE-2015-0847: nbd - nbd-server.c in Network Block Device (nbd-server) before 3.11 does not properly ...↗2015

▶

💬Community

Bugzilla

CVE-2015-0847 nbd: nbd-server denial of service due to unsafe signal handlers [fedora-all]↗2015-05-15

▶

Bugzilla

CVE-2015-0847 nbd: nbd-server denial of service due to unsafe signal handlers↗2015-05-15

▶

Bugzilla

CVE-2015-0847 nbd: nbd-server denial of service due to unsafe signal handlers [epel-6]↗2015-05-15

▶

Bugzilla

CVE-2015-0847 nbd: nbd-server denial of service due to unsafe signal handlers [epel-7]↗2015-05-15

▶