CVE-2023-5215

CVSS v3.1

6.5

Medium

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libnbd (affected versions not specified)

Description A flaw was found in libnbd where a server can reply with a block size larger than 2^63, which is a 64-bit unsigned value according to the NBD spec. This issue could lead to an application crash or other unintended behavior for NBD clients that do not treat the return value of the nbd get size() function correctly.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Unchecked Return Value

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-241CWE-252

Related Identifiers

ALSA-2024:2204

AZL-31095

AZL-34933

BDU:2024-06033

CVE-2023-5215

INFSA-2024_2204

MGASA-2024-0174

OPENSUSE-SU-2023_4222-1

OPENSUSE-SU-2024:13278-1

RHSA-2024:2204

RHSA-2024_2204

SUSE-SU-2023:4222-1

Affected Products

Almalinux

Debian

Red Hat

Red Os

Suse

Libnbd

CVE-2023-5215

Weakness Enumeration

Related Identifiers

Affected Products

References · 40