CVE-2013-7441

2015-05-2915:59:00

CWE-399

[email protected]

web.nvd.nist.gov

cve-2013-7441

nbd server

denial of service

remote attack

6.5 Medium

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.042 Low

EPSS

Percentile

92.2%

JSON

The modern style negotiation in Network Block Device (nbd-server) 2.9.22 through 3.3 allows remote attackers to cause a denial of service (root process termination) by (1) closing the connection during negotiation or (2) specifying a name for a non-existent export.

CPENameOperatorVersion
wouter_verhelst:nbdwouter verhelst nbdeq2.9.25
wouter_verhelst:nbdwouter verhelst nbdeq3.1
wouter_verhelst:nbdwouter verhelst nbdeq2.9.3
wouter_verhelst:nbdwouter verhelst nbdeq2.9.6
wouter_verhelst:nbdwouter verhelst nbdeq3.1.1
wouter_verhelst:nbdwouter verhelst nbdeq2.9.7
wouter_verhelst:nbdwouter verhelst nbdeq3.3
wouter_verhelst:nbdwouter verhelst nbdeq3.2
wouter_verhelst:nbdwouter verhelst nbdeq2.9.9
wouter_verhelst:nbdwouter verhelst nbdeq2.9.4

CPE	Name	Operator	Version
wouter_verhelst:nbd	wouter verhelst nbd	eq	2.9.25
wouter_verhelst:nbd	wouter verhelst nbd	eq	3.1
wouter_verhelst:nbd	wouter verhelst nbd	eq	2.9.3
wouter_verhelst:nbd	wouter verhelst nbd	eq	2.9.6
wouter_verhelst:nbd	wouter verhelst nbd	eq	3.1.1
wouter_verhelst:nbd	wouter verhelst nbd	eq	2.9.7
wouter_verhelst:nbd	wouter verhelst nbd	eq	3.3
wouter_verhelst:nbd	wouter verhelst nbd	eq	3.2
wouter_verhelst:nbd	wouter verhelst nbd	eq	2.9.9
wouter_verhelst:nbd	wouter verhelst nbd	eq	2.9.4