CVE-2023-5215

CWE-241CWE-252Unchecked Return Value7 documents7 sources
Severity
6.5MEDIUM
EPSS
0.0%
top 85.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Redhat LibnbdRedhat Enterprise Linux
Timeline
PublishedSep 28

Description

A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbd_get_size() function correctly.

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 1.6 | Impact: 3.6

Affected Packages2 packages

NVDredhat/libnbd< 1.18.0
Debianlibnbd< 1.16.5-1+1

Also affects: Enterprise Linux 8.0, 9.0

Patches

Patch: listman.redhat.comPatch: listman.redhat.com

🔴Vulnerability Details

3
CVEList
Libnbd: crash or misbehaviour when nbd server returns an unexpected block size2023-09-28
OSV
CVE-2023-5215: A flaw was found in libnbd2023-09-28
GHSA
GHSA-fj2q-5f6j-5xf4: A flaw was found in libnbd2023-09-28

📋Vendor Advisories

3
Red Hat
libnbd: Crash or misbehaviour when NBD server returns an unexpected block size2023-09-21
Microsoft
Libnbd: crash or misbehaviour when nbd server returns an unexpected block size2023-09-12
Debian
CVE-2023-5215: libnbd - A flaw was found in libnbd. A server can reply with a block size larger than 2^6...2023
CVE-2023-5215 (MEDIUM CVSS 6.5) | A flaw was found in libnbd | cvebase.io