Libnbd
CVE-2023-5215
MEDIUM
Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbd_get_size() function correctly.
AnalysisAI
A flaw was found in libnbd. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-241. A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbd_get_size() function correctly. Affected products include: Redhat Libnbd, Redhat Enterprise Linux.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Structured reply is a feature of the newstyle NBD protocol allowing the server to send a reply in chunks. Rated critical
A flaw was found in the copying tool `nbdcopy` of libnbd. Rated medium severity (CVSS 4.8), this vulnerability is remote
A flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing Block Devices such a
A flaw was found in libnbd 1.7.3. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack
Same weakness CWE-241 – Improper Handling of Unexpected Data Type
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today