CVE-2019-14842

Name of the Vulnerable Software and Affected Versions nbd (affected versions not specified)

Description The issue is related to the Structured reply feature of the newstyle NBD protocol, which allows the server to send a reply in chunks. A bounds check error due to signed/unsigned confusion can cause data under the server's control to be written to memory before the read buffer supplied by the client. If the read buffer is on the stack, this can allow the stack return address from nbd pread() to be modified, enabling arbitrary code execution under the server's control. If the buffer is on the heap, other memory objects before the buffer can be overwritten, usually leading to arbitrary code execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.