王多

**Name of the Vulnerable Software and Affected Versions** nbd versions prior to 3.24 **Description** The issue is related to an integer overflow in the implementation of network block devices (nbd), which can lead to a heap-based buffer overflow. This can be exploited by a remote attacker by sending specially crafted messages, including NBD OPT INFO, NBD OPT GO, and NBD OPT EXPORT NAME, allowing the execution of arbitrary code. A specific value of 0xffffffff in the name length field can cause a zero-sized buffer to be allocated, resulting in a write to a dangling pointer. **Recommendations** For versions prior to 3.24, update to version 3.24 or later to resolve the issue. As a temporary workaround, consider restricting access to the NBD OPT INFO, NBD OPT GO, and NBD OPT EXPORT NAME messages until a patch is available. Avoid using the `name length` field with a value of 0xffffffff in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** nbd versions prior to 3.24 **Description** The issue is related to a stack-based buffer overflow in the nbd-server. An attacker can cause a buffer overflow by sending a crafted NBD OPT INFO or NBD OPT GO message with a large value as the length of the `name` field. This could potentially allow a remote attacker to execute arbitrary code. **Recommendations** For versions prior to 3.24, update to version 3.24 or later to resolve the issue. As a temporary workaround, consider restricting access to the nbd-server to minimize the risk of exploitation. Avoid using large values for the `name` field in NBD OPT INFO or NBD OPT GO messages until the issue is resolved.