2 matches found
CVE-2022-26495
The CVE-2022-26495 issue affects the NBD Tools’ server (nbd-server) in versions before 3.24, caused by an integer overflow in the name length handling that yields a heap-based buffer overflow. Specifically, a name length value of 0xffffffff can allocate a zero-sized buffer for the name, leading t...
CVE-2022-26496
The CVE-2022-26496 issue affects nbd-server prior to 3.24, causing a stack-based buffer overflow when parsing the name field. An attacker can trigger the overflow by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with a large value for the name length, potentially leading to code execution ...