CVE-2022-26495
CRITICALnetwork_block_device < 3.24 - Heap-Based Buffer Overflow via Integer Overflow in Name Length Field
Title source: llmDescription
In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages.
References (8)
Core 8
Core References
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/03/msg00014.html
Third Party Advisory vendor-advisory
https://www.debian.org/security/2022/dsa-5100
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZHR73XMAJTCFGKUZRXVTZKCK2X3IFNA/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU5JFD4PEJED72TZLZ5R2Q2SFXICU5I5/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G2UPX62BIWOOHSACGUDB7E3O4URNN37F/
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202402-10
Exploit, Mailing List, Third Party Advisory
https://lists.debian.org/nbd/2022/01/msg00037.html
Product, Release Notes, Third Party Advisory
https://sourceforge.net/projects/nbd/files/nbd/
Scores
CVSS v3
9.8
EPSS
0.0019
EPSS Percentile
39.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-190
Status
published
Products (7)
debian/debian_linux
9.0
debian/debian_linux
10.0
debian/debian_linux
11.0
fedoraproject/fedora
34
fedoraproject/fedora
35
fedoraproject/fedora
36
network_block_device_project/network_block_device
< 3.24
Published
Mar 06, 2022
Tracked Since
Feb 18, 2026