PT-2023-9291 · Libnbd+5 · Libnbd+5

Pedro Sampaio

Publicado

2023-09-28

Atualizado

2024-08-06

CVE-2023-5215

CVSS v3.1

6.5

Média

Vetor

AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libnbd (affected versions not specified)

Description A flaw was found in libnbd where a server can reply with a block size larger than 2^63, which is a 64-bit unsigned value according to the NBD spec. This issue could lead to an application crash or other unintended behavior for NBD clients that do not treat the return value of the nbd get size() function correctly.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Unchecked Return Value

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-241CWE-252

Identificadores relacionados

ALSA-2024:2204

AZL-31095

AZL-34933

BDU:2024-06033

CVE-2023-5215

INFSA-2024_2204

MGASA-2024-0174

OPENSUSE-SU-2023_4222-1

OPENSUSE-SU-2024:13278-1

RHSA-2024:2204

RHSA-2024_2204

SUSE-SU-2023:4222-1

Produtos afetados

Almalinux

Debian

Red Hat

Red Os

Suse

Libnbd

PT-2023-9291 · Libnbd+5 · Libnbd+5

CVE-2023-5215

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 40