CVE-2022-26495 — Integer Overflow or Wraparound in Block Device Project Network Block Device

CWE-190 — Integer Overflow or Wraparound5 documents5 sources

Severity

9.8CRITICALNVD

EPSS

0.2%

top 55.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wouter Verhelst NBD Network Block Device Project Network Block Device Debian NBD +2 more

Timeline

PublishedMar 6

Latest updateMar 14

Description

In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/nbd< nbd 1:3.24-1 (bookworm)

▶NVDnetwork_block_device_project/network_block_device< 3.24

▶Debianwouter_verhelst/nbd< 1:3.21-1+deb11u1+3

Also affects: Debian Linux 10.0, 11.0, 9.0, Fedora 34, 35, 36

🔴Vulnerability Details

GHSA

GHSA-q9rw-8758-hccj: In nbd-server in nbd before 3↗2022-03-07

▶

OSV

CVE-2022-26495: In nbd-server in nbd before 3↗2022-03-06

▶

📋Vendor Advisories

Ubuntu

NBD vulnerabilities↗2022-03-14

▶

Debian

CVE-2022-26495: nbd - In nbd-server in nbd before 3.24, there is an integer overflow with a resultant ...↗2022

▶