DebianDEBIAN:DLA-2944-1:4E747[SECURITY] [DLA 2944-1] nbd security update
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
73.4%
Debian LTS Advisory DLA-2944-1 [email protected]
https://www.debian.org/lts/security/ Chris Lamb
March 10, 2022 https://wiki.debian.org/LTS
Package : nbd
Version : 1:3.15.2-3+deb9u1
CVE ID : CVE-2022-26495
Debian Bugs : #1003863 #1006915
An integer overflow (with a resultant heap-based buffer overflow)
was discovered in the nbd Network Block Device server. A value of
0xffffffff in the name length field could have caused a zero-sized
buffer to be allocated for the name, resulting in a write to a
dangling pointer.
For Debian 9 "Stretch", this problem has been fixed in version
1:3.15.2-3+deb9u1.
We recommend that you upgrade your nbd packages.
For the detailed security status of nbd please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/nbd
Thanks to Wouter Verhelst for help in preparing this update.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 11 | armhf | nbd-client-udeb | < 1:3.21-1+deb11u1 | nbd-client-udeb_1:3.21-1+deb11u1_armhf.deb |
| Debian | 9 | armel | nbd-server | < 1:3.15.2-3+deb9u1 | nbd-server_1:3.15.2-3+deb9u1_armel.deb |
| Debian | 10 | mips64el | nbd-client-dbgsym | < 1:3.19-3+deb10u1 | nbd-client-dbgsym_1:3.19-3+deb10u1_mips64el.deb |
| Debian | 9 | armel | nbd-client-udeb | < 1:3.15.2-3+deb9u1 | nbd-client-udeb_1:3.15.2-3+deb9u1_armel.deb |
| Debian | 11 | mips64el | nbd-client-dbgsym | < 1:3.21-1+deb11u1 | nbd-client-dbgsym_1:3.21-1+deb11u1_mips64el.deb |
| Debian | 10 | mipsel | nbd-client-dbgsym | < 1:3.19-3+deb10u1 | nbd-client-dbgsym_1:3.19-3+deb10u1_mipsel.deb |
| Debian | 11 | armhf | nbd-server-dbgsym | < 1:3.21-1+deb11u1 | nbd-server-dbgsym_1:3.21-1+deb11u1_armhf.deb |
| Debian | 11 | amd64 | nbd-client-udeb | < 1:3.21-1+deb11u1 | nbd-client-udeb_1:3.21-1+deb11u1_amd64.deb |
| Debian | 9 | armhf | nbd-client | < 1:3.15.2-3+deb9u1 | nbd-client_1:3.15.2-3+deb9u1_armhf.deb |
| Debian | 10 | amd64 | nbd-client | < 1:3.19-3+deb10u1 | nbd-client_1:3.19-3+deb10u1_amd64.deb |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
73.4%