CVE-2022-0485

CWE-252Unchecked Return Value6 documents6 sources
Severity
4.8MEDIUM
EPSS
0.1%
top 68.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Redhat LibnbdRedhat Enterprise Linux
Timeline
PublishedAug 29

Description

A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the silent creation of a corrupted destination image.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 2.2 | Impact: 2.5

Affected Packages3 packages

NVDredhat/libnbd< 1.11.8
Debianlibnbd< 1.10.5-1+2
CVEListV5libnbdFixed in libnbd v1.11.8

Also affects: Enterprise Linux 8.0

Patches

Patch: gitlab.comPatch: listman.redhat.comPatch: gitlab.com

🔴Vulnerability Details

3
OSV
CVE-2022-0485: A flaw was found in the copying tool `nbdcopy` of libnbd2022-08-29
GHSA
GHSA-cfv5-3vm4-4jfp: A flaw was found in the copying tool `nbdcopy` of libnbd2022-08-29
CVEList
CVE-2022-0485: A flaw was found in the copying tool `nbdcopy` of libnbd2022-08-29

📋Vendor Advisories

2
Red Hat
libnbd: nbdcopy: missing error handling may create corrupted destination image2022-01-27
Debian
CVE-2022-0485: libnbd - A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-...2022
CVE-2022-0485 (MEDIUM CVSS 4.8) | A flaw was found in the copying too | cvebase.io