CVE-2025-47711
published 2025-06-09CVE-2025-47711: There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a…
medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical internal error, leading to a denial-of-service.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nbdkit | < nbdkit 1.42.3-1 (forky) | nbdkit 1.42.3-1 (forky) |
| msrc | azl3_nbdkit_1.35.3-7_on_azure_linux_3.0 | — | — |
| msrc | cbl2_nbdkit_1.35.3-4_on_cbl_mariner_2.0 | — | — |
| msrc | cm2_nbdkit_1.35.3-4_on_cbl_mariner_2.0 | — | — |
| nbdkit_project | nbdkit | >= 0 < 1.42.3-1 | 1.42.3-1 |
| nbdkit_project | nbdkit | >= 0 < 1.42.3-1 | 1.42.3-1 |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux_advanced_virtualization | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv6.5MEDIUM