Wouter Verhelst Nbd vulnerabilities

CVE-2022-26495 [CRITICAL] CVE-2022-26495: In nbd-server in nbd before 3 In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages.

CVE-2022-26496 [CRITICAL] CVE-2022-26496: In nbd-server in nbd before 3 In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name.

CVE-2015-0847 [HIGH] CWE-17 CVE-2015-0847: nbd-server.c in Network Block Device (nbd-server) before 3.11 does not properly handle signals, whic nbd-server.c in Network Block Device (nbd-server) before 3.11 does not properly handle signals, which allows remote attackers to cause a denial of service (deadlock) via unspecified vectors.

CVE-2013-7441 [HIGH] CWE-399 CVE-2013-7441: The modern style negotiation in Network Block Device (nbd-server) 2.9.22 through 3.3 allows remote a The modern style negotiation in Network Block Device (nbd-server) 2.9.22 through 3.3 allows remote attackers to cause a denial of service (root process termination) by (1) closing the connection during negotiation or (2) specifying a name for a non-existent export.

CVE-2013-6410 [HIGH] CWE-264 CVE-2013-6410: nbd-server in Network Block Device (nbd) before 3.5 does not properly check IP addresses, which migh nbd-server in Network Block Device (nbd) before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partial match in the authfile configuration file.

CVE-2011-1925 [MEDIUM] CVE-2011-1925: nbd-server.c in Network Block Device (nbd-server) 2.9.21 allows remote attackers to cause a denial o nbd-server.c in Network Block Device (nbd-server) 2.9.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by causing a negotiation failure, as demonstrated by specifying a name for a non-existent export.

CVE-2011-0530 [HIGH] CVE-2011-0530: Buffer overflow in the mainloop function in nbd-server.c in the server in Network Block Device (nbd) Buffer overflow in the mainloop function in nbd-server.c in the server in Network Block Device (nbd) before 2.9.20 might allow remote attackers to execute arbitrary code via a long request. NOTE: this issue exists because of a CVE-2005-3534 regression.

CVE-2005-3534 [HIGH] CWE-119 CVE-2005-3534: Buffer overflow in the Network Block Device (nbd) server 2.7.5 and earlier, and 2.8.0 through 2.8.2, Buffer overflow in the Network Block Device (nbd) server 2.7.5 and earlier, and 2.8.0 through 2.8.2, allows remote attackers to execute arbitrary code via a large request, which is written past the end of the buffer because nbd does not account for memory taken by the reply header.