Eric Blake

5 exploits Active since Jul 2018
CVE-2021-3716 WRITEUP LOW WRITEUP
nbdkit 1.11.8-1.24.6 - Denial of Service via STARTTLS Plaintext Injection
A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability is to system availability.
CVSS 3.1
CVE-2021-20286 WRITEUP LOW WRITEUP
libnbd < 1.7.3 - Denial of Service via Assertion Failure in nbd_unlocked_opt_go
A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead to denial of service.
CVSS 2.7
CVE-2021-3716 WRITEUP LOW WRITEUP
nbdkit 1.11.8-1.24.6 - Denial of Service via STARTTLS Plaintext Injection
A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability is to system availability.
CVSS 3.1
CVE-2022-0485 WRITEUP MEDIUM WRITEUP
libnbd - Unchecked Return Value in nbdcopy Multi-threaded Copy Operation
A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the silent creation of a corrupted destination image.
CVSS 4.8
CVE-2017-15118 EXPLOITDB HIGH text WRITEUP
qemu < 2.11 - Stack-based Buffer Overflow in NBD Server Export Name Handling
A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS.
CVSS 8.3