Nixpkgs security tracker

Untriaged

Permalink CVE-2023-5215

5.3 MEDIUM

CVSS version: 3.1
Attack vector (AV): ADJACENT_NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 1 year, 1 month ago

Libnbd: crash or misbehaviour when nbd server returns an unexpected block size

A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbd_get_size() function correctly.

References

RHSA-2024:2204 vendor-advisoryx_transferredx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-5215 x_transferredvdb-entryx_refsource_REDHAT
RHBZ#2241041 x_transferredissue-trackingx_refsource_REDHAT
https://listman.redhat.com/archives/libguestfs/2023-September/032635.html x_transferred

Affected products

libnbd

==1.18.0
*

virt:av/libnbd

virt:rhel/libnbd

virt-devel:av/libnbd

Matching in nixpkgs

pkgs.libnbd

Network Block Device client library in userspace

nixos-unstable 1.20.2
- nixpkgs-unstable 1.20.2
- nixos-unstable-small 1.20.2

pkgs.python311Packages.libnbd

Network Block Device client library in userspace

nixos-unstable 1.20.2
- nixpkgs-unstable 1.20.2
- nixos-unstable-small 1.20.2

pkgs.python312Packages.libnbd

Network Block Device client library in userspace

nixos-unstable 1.20.2
- nixpkgs-unstable 1.20.2
- nixos-unstable-small 1.20.2

Package maintainers

@akshatagarwl Akshat Agarwal <humancalico@disroot.org>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.libnbd

pkgs.python311Packages.libnbd

pkgs.python312Packages.libnbd

Package maintainers