5 matches found
CVE-2022-0485
CVE-2022-0485 affects the libnbd nbdcopy tool. The root cause is that during multi-threaded copies, asynchronous nbd command completions were treated as success without validating the error parameter, which could silently corrupt the destination image. No explicit patch/version information or exp...
CVE-2023-5215
A vulnerability CVE-2023-5215 affects libnbd where a server may reply with a block size larger than 2^63, violating the 64-bit unsigned size expectation in nbd_get_size() and potentially causing an application crash or other unintended behavior in NBD clients that mishandle the return value. Conn...
CVE-2023-5871
CVE-2023-5871: libnbd vulnerability where a malicious NBD server can crash or misbehave libnbd, causing a Denial of Service. Affected software includes libnbd in multiple distros (e.g., Red Hat/RHEL 9, Oracle Linux, AlmaLinux, SUSE/openSUSE, MiracleLinux) with advisories noting fixes in libnbd (e...
CVE-2021-20286
CVE-2021-20286 affects libnbd 1.7.3, with an assertion failure in nbd_unlocked_opt_go (ilb/opt.c) that may lead to denial of service. Connected advisories/documentation show multiple distros affected (e.g., openSUSE SUSE-SU-2021:2274-1; CBL Mariner 2.0; Red Hat/RHEL entries) and indicate upgrades...
CVE-2019-14842
CVE-2019-14842 is a memory-safety fault in the NBD protocol handling (Structured reply feature). The issue arises from a signed/unsigned mismatch in a bounds check for chunk offsets in the server’s reply path; a chunk with a negative offset can cause data to be written outside the intended read b...