Kurt Fitzner

**Name of the Vulnerable Software and Affected Versions** nbd-server versions 2.7.5 and earlier nbd-server versions 2.8.0 through 2.8.2 nbd-client versions prior to 2.8.2-r1 **Description** The issue affects the nbd-server and nbd-client packages in Debian GNU/Linux and Gentoo Linux operating systems. It allows remote attackers to exploit multiple vulnerabilities, potentially leading to breaches of confidentiality, integrity, and availability of protected information. The vulnerability can be exploited remotely. A buffer overflow in the Network Block Device (nbd) server is caused by a large request that is written past the end of the buffer because nbd does not account for memory taken by the reply header. **Recommendations** For nbd-server versions 2.7.5 and earlier, update to a version later than 2.7.5. For nbd-server versions 2.8.0 through 2.8.2, update to a version later than 2.8.2. For nbd-client versions prior to 2.8.2-r1, update to version 2.8.2-r1 or later. As a temporary workaround, consider restricting access to the nbd-server and nbd-client to minimize the risk of exploitation.