5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.9 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
23.0%
libnbd is vulnerable to Denial of Service (DoS). The vulnerability is due to a flaw in the handling of 64-bit extended headers in the NBD protocol when dealing with large flag values in the server’s reply to the NBD_CMD_BLOCK_STATUS command.
access.redhat.com/errata/RHSA-2024:2204
access.redhat.com/security/cve/CVE-2023-5871
bugzilla.redhat.com/show_bug.cgi?id=2247308
bugzilla.suse.com/show_bug.cgi?id=1216769
gitlab.com/nbdkit/libnbd/-/commit/4451e5b61ca07771ceef3e012223779e7a0c7701
lists.libguestfs.org/archives/list/[email protected]/thread/PFVUCMPFQUDC23JXSCUUPXIGDZ7XCFMD/
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.9 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
23.0%