CVE-2023-5215

2023-09-2814:15:26

CWE-252

CWE-241

[email protected]

web.nvd.nist.gov

libnbd

block size

nbd clients

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

5.6

Confidence

High

EPSS

Percentile

10.3%

JSON

A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn’t treat the return value of the nbd_get_size() function correctly.

Affected configurations

Nvd

Node

redhatlibnbdRange<1.18.0

redhatenterprise_linuxMatch8.0

redhatenterprise_linuxMatch9.0

VendorProductVersionCPE
redhatlibnbd*cpe:2.3:a:redhat:libnbd:*:*:*:*:*:*:*:*
redhatenterprise_linux8.0cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
redhatenterprise_linux9.0cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	libnbd	*	cpe:2.3:a:redhat:libnbd::::::::
redhat	enterprise_linux	8.0	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
redhat	enterprise_linux	9.0	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*