Search CVE reports
1 – 10 of 19 results
CVE-2024-7383
Medium priorityA flaw was found in libnbd. The client did not always correctly verify the NBD server's certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traffic.
1 affected package
libnbd
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libnbd | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
CVE-2023-5871
Medium priorityA flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing Block Devices such as hard disks over a Network. This issue may allow a malicious NBD server to cause a Denial of Service.
1 affected package
libnbd
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libnbd | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
CVE-2023-5215
Medium priorityA flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD...
1 affected package
libnbd
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libnbd | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
CVE-2022-0485
Medium priorityA flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than...
1 affected package
libnbd
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libnbd | Needs evaluation | Needs evaluation | Needs evaluation | — | Ignored |
CVE-2022-26496
Medium prioritySome fixes available 9 of 11
In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the...
1 affected package
nbd
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nbd | Fixed | Fixed | Fixed | Fixed | Vulnerable |
CVE-2022-26495
Medium prioritySome fixes available 9 of 11
In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a...
1 affected package
nbd
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nbd | Fixed | Fixed | Fixed | Fixed | Vulnerable |
CVE-2021-3716
Medium priorityA flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a...
1 affected package
nbdkit
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nbdkit | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Needs evaluation |
CVE-2019-14851
Medium priorityA denial of service vulnerability was discovered in nbdkit. A client issuing a certain sequence of commands could possibly trigger an assertion failure, causing nbdkit to exit. This issue only affected nbdkit versions 1.12.7,...
1 affected package
nbdkit
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nbdkit | Not affected | Not affected | Not affected | Not in release | Vulnerable |
CVE-2019-14850
Medium priorityA denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by...
1 affected package
nbdkit
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nbdkit | Not affected | Needs evaluation | Needs evaluation | Not in release | Needs evaluation |
CVE-2021-20286
Medium priorityA flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead to denial of service.
1 affected package
libnbd
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libnbd | Not affected | Not affected | Needs evaluation | Not in release | Not in release |