Search CVE reports


Toggle filters

1 – 10 of 19 results


CVE-2024-7383

Medium priority
Needs evaluation

A flaw was found in libnbd. The client did not always correctly verify the NBD server's certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traffic.

1 affected package

libnbd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libnbd Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-5871

Medium priority
Needs evaluation

A flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing Block Devices such as hard disks over a Network. This issue may allow a malicious NBD server to cause a Denial of Service.

1 affected package

libnbd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libnbd Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
Show less packages

CVE-2023-5215

Medium priority
Needs evaluation

A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD...

1 affected package

libnbd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libnbd Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
Show less packages

CVE-2022-0485

Medium priority
Needs evaluation

A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than...

1 affected package

libnbd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libnbd Needs evaluation Needs evaluation Needs evaluation Ignored
Show less packages

CVE-2022-26496

Medium priority

Some fixes available 9 of 11

In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the...

1 affected package

nbd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nbd Fixed Fixed Fixed Fixed Vulnerable
Show less packages

CVE-2022-26495

Medium priority

Some fixes available 9 of 11

In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a...

1 affected package

nbd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nbd Fixed Fixed Fixed Fixed Vulnerable
Show less packages

CVE-2021-3716

Medium priority
Needs evaluation

A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a...

1 affected package

nbdkit

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nbdkit Needs evaluation Needs evaluation Needs evaluation Not in release Needs evaluation
Show less packages

CVE-2019-14851

Medium priority
Vulnerable

A denial of service vulnerability was discovered in nbdkit. A client issuing a certain sequence of commands could possibly trigger an assertion failure, causing nbdkit to exit. This issue only affected nbdkit versions 1.12.7,...

1 affected package

nbdkit

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nbdkit Not affected Not affected Not affected Not in release Vulnerable
Show less packages

CVE-2019-14850

Medium priority
Needs evaluation

A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by...

1 affected package

nbdkit

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nbdkit Not affected Needs evaluation Needs evaluation Not in release Needs evaluation
Show less packages

CVE-2021-20286

Medium priority
Needs evaluation

A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead to denial of service.

1 affected package

libnbd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libnbd Not affected Not affected Needs evaluation Not in release Not in release
Show less packages