Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

Untriaged
Filter by:
With package: python313Packages.libnbd

Found 3 matching suggestions

View:
Compact
Detailed
Permalink CVE-2025-14946
4.8 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 3 months, 3 weeks ago
Libnbd: libnbd: arbitrary code execution via ssh argument injection through a malicious uri

A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier (URI). This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure Shell (SSH) process, rather than as hostnames. This could lead to arbitrary code execution with the privileges of the user running libnbd.

Affected products

libnbd
  • <1.22.5
  • <1.23.9
virt:rhel/libnbd
container-native-virtualization/virt-cdi-cloner
container-native-virtualization/virt-cdi-importer
container-native-virtualization/virt-cdi-operator
container-native-virtualization/virt-cdi-apiserver
container-native-virtualization/virt-cdi-controller
container-native-virtualization/virt-cdi-uploadproxy
container-native-virtualization/virt-cdi-cloner-rhel9
container-native-virtualization/virt-cdi-uploadserver
container-native-virtualization/virt-cdi-importer-rhel9
container-native-virtualization/virt-cdi-operator-rhel9
container-native-virtualization/virt-cdi-apiserver-rhel9
container-native-virtualization/virt-cdi-controller-rhel9
container-native-virtualization/virt-cdi-uploadproxy-rhel9
container-native-virtualization/virt-cdi-uploadserver-rhel9

Matching in nixpkgs

pkgs.libnbd

Network Block Device client library in userspace

Package maintainers

Permalink CVE-2023-5871
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 8 months, 2 weeks ago
Libnbd: malicious nbd server may crash libnbd

A flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing Block Devices such as hard disks over a Network. This issue may allow a malicious NBD server to cause a Denial of Service.

References

Affected products

libnbd
  • *
  • ==1.18.2
virt:rhel/libnbd

Matching in nixpkgs

pkgs.libnbd

Network Block Device client library in userspace

Package maintainers

Permalink CVE-2024-7383
7.4 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 10 months, 3 weeks ago
Libnbd: nbd server improper certificate validation

A flaw was found in libnbd. The client did not always correctly verify the NBD server's certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traffic.

Affected products

libnbd
  • <1.18.5
  • <1.20.2
  • *
virt:rhel
  • *
virt:av/libnbd
virt-devel:rhel
  • *
virt:rhel/libnbd

Matching in nixpkgs

pkgs.libnbd

Network Block Device client library in userspace

Package maintainers