Lucene search

Alpine Linux Development TeamALPINE:CVE-2023-5215

HistorySep 28, 2023 - 2:15 p.m.

CVE-2023-5215

2023-09-2814:15:26

Alpine Linux Development Team

security.alpinelinux.org

libnbd flaw

cve-2023-5215

nbd clients

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.3

Confidence

High

EPSS

Percentile

10.3%

JSON

A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn’t treat the return value of the nbd_get_size() function correctly.

OSVersionArchitecturePackageVersionFilename
Alpineedge-communitynoarchlibnbd< 1.18.0-r0UNKNOWN
Alpine3.20-communitynoarchlibnbd< 1.18.0-r0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	edge-community	noarch	libnbd	< 1.18.0-r0	UNKNOWN
Alpine	3.20-community	noarch	libnbd	< 1.18.0-r0	UNKNOWN

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.3

Confidence

High

EPSS

Percentile

10.3%

JSON

Related for ALPINE:CVE-2023-5215