Redhat Libnbd vulnerabilities

5 known vulnerabilities affecting redhat/libnbd.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM3LOW1

Vulnerabilities

Page 1 of 1
CVE-2023-5871MEDIUMCVSS 5.3≥ 1.17.4, < 1.18.2v1.19.12023-11-27
CVE-2023-5871 [MEDIUM] CWE-617 CVE-2023-5871: A flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing A flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing Block Devices such as hard disks over a Network. This issue may allow a malicious NBD server to cause a Denial of Service.
nvd
CVE-2023-5215MEDIUMCVSS 6.5fixed in 1.18.02023-09-28
CVE-2023-5215 [MEDIUM] CWE-241 CVE-2023-5215: A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec stat A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbd_get_size() function correctly.
nvd
CVE-2022-0485MEDIUMCVSS 4.8fixed in 1.11.82022-08-29
CVE-2022-0485 [MEDIUM] CWE-252 CVE-2022-0485: A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies usin A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the silent creation of a corrupted destination image.
nvd
CVE-2021-20286LOWCVSS 2.7fixed in 1.7.32021-03-15
CVE-2021-20286 [LOW] CWE-617 CVE-2021-20286: A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead to denial of service.
nvd
CVE-2019-14842CRITICALCVSS 9.8fixed in 1.0.32019-11-26
CVE-2019-14842 [CRITICAL] CWE-681 CVE-2019-14842: Structured reply is a feature of the newstyle NBD protocol allowing the server to send a reply in ch Structured reply is a feature of the newstyle NBD protocol allowing the server to send a reply in chunks. A bounds check which was supposed to test for chunk offsets smaller than the beginning of the request did not work because of signed/unsigned confusion. If one of these chunks contains a negative offset then data under control of the server is
nvd