Описание
There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical internal error, leading to a denial-of-service.
Отчет
This vulnerability was rated as a Moderate severity by the Red Hat Product Security team. Based on the fact that while this vulnerability can be exploited remotely (AV:N) with relative ease (AC:L), it does require the attacker to have valid credentials to the target (PR:L). The primary impact is a temporary denial-of-service (A:L), meaning the server becomes unavailable, potentially disrupting dependent services. However, this exploitation does not lead to any compromise of data confidentiality (C:N) or integrity (I:N).
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | nbdkit | Fix deferred | ||
| Red Hat Enterprise Linux 7 | nbdkit | Out of support scope | ||
| Red Hat Enterprise Linux 8 | virt:rhel/nbdkit | Out of support scope | ||
| Red Hat Enterprise Linux 8 Advanced Virtualization | virt:8.2/nbdkit | Out of support scope | ||
| Red Hat Enterprise Linux 8 Advanced Virtualization | virt:av/nbdkit | Out of support scope | ||
| Red Hat Enterprise Linux 9 | nbdkit | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS3
Связанные уязвимости
There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical internal error, leading to a denial-of-service.
There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical internal error, leading to a denial-of-service.
There's a flaw in the nbdkit server when handling responses from its p ...
There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical internal error, leading to a denial-of-service.
EPSS
4.3 Medium
CVSS3