CVE-2022-26495

moderate-risk
Published 2022-03-06

In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages.

Do I need to act?

-
0.22% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: ca2b9b33890e430a76b57f83cdabe80c64b12829
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (7)

Network Block Device

Affected Vendors

Debian Fedoraproject Network Block Device Project

References (16)

Mailing List https://lists.debian.org/debian-lts-announce/2022/03/msg00014.html
Exploit https://lists.debian.org/nbd/2022/01/msg00037.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
https://security.gentoo.org/glsa/202402-10
Product https://sourceforge.net/projects/nbd/files/nbd/
Third Party Advisory https://www.debian.org/security/2022/dsa-5100
Mailing List https://lists.debian.org/debian-lts-announce/2022/03/msg00014.html
Exploit https://lists.debian.org/nbd/2022/01/msg00037.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
https://security.gentoo.org/glsa/202402-10
Product https://sourceforge.net/projects/nbd/files/nbd/
Third Party Advisory https://www.debian.org/security/2022/dsa-5100
47
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 1/34 · Minimal
Exposure 14/34 · Moderate