7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.214 Low
EPSS
Percentile
96.4%
The NBD Tools are the Network Block Device utilities allowing one to use remote block devices over a TCP/IP network. It includes a userland NBD server.
Kurt Fitzner discovered that the NBD server allocates a request buffer that fails to take into account the size of the reply header.
A remote attacker could send a malicious request that can result in the execution of arbitrary code with the rights of the NBD server.
There is no known workaround at this time.
All NBD Tools users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-block/nbd-2.8.2-r1"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | sys-block/nbd | < 2.8.2-r1 | UNKNOWN |