Eric Blake

4 exploits Active since Jul 2018
CVE-2021-20286 WRITEUP LOW WRITEUP
Redhat Libnbd < 1.7.3 - Reachable Assertion
A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead to denial of service.
CVSS 2.7
CVE-2021-3716 WRITEUP LOW WRITEUP
nbdkit - Info Disclosure
A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability is to system availability.
CVSS 3.1
CVE-2022-0485 WRITEUP MEDIUM WRITEUP
libnbd - Copying Tool Vuln
A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the silent creation of a corrupted destination image.
CVSS 4.8
CVE-2017-15118 EXPLOITDB HIGH text WRITEUP
Qemu < 2.11 - Out-of-Bounds Write
A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS.
CVSS 8.3