CVE-2025-47712

Опубликовано: 23 апр. 2025

Источник: redhat

CVSS3: 4.3

Описание

A flaw exists in the nbdkit "blocksize" filter that can be triggered by a specific type of client request. When a client requests block status information for a very large data range, exceeding a certain limit, it causes an internal error in the nbdkit, leading to a denial of service.

Отчет

This flaw was rated as having a Moderate severity by Red Hat Product Security team. While it can be triggered remotely (AV:N) with relative ease (AC:L), it requires the attacker to have valid credentials to the target (PR:L). Importantly, successful exploitation only leads to a temporary loss of service availability (A:L) and does not compromise data confidentiality (C:N) or integrity (I:N).

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	nbdkit	Fix deferred
Red Hat Enterprise Linux 7	nbdkit	Out of support scope
Red Hat Enterprise Linux 8	virt:rhel/nbdkit	Out of support scope
Red Hat Enterprise Linux 8 Advanced Virtualization	virt:8.2/nbdkit	Out of support scope
Red Hat Enterprise Linux 8 Advanced Virtualization	virt:av/nbdkit	Out of support scope
Red Hat Enterprise Linux 9	nbdkit	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-190

https://bugzilla.redhat.com/show_bug.cgi?id=2365724nbd: nbdkit: Integer overflow triggers an assertion resulting in Denial of Service

4.3 Medium

CVSS3

Связанные уязвимости

CVE-2025-47712

CVSS3: 4.3

ubuntu

10 дней назад

CVE-2025-47712

CVSS3: 4.3

nvd

10 дней назад

CVE-2025-47712

CVSS3: 4.3

debian

10 дней назад

A flaw exists in the nbdkit "blocksize" filter that can be triggered b ...

GHSA-fpfc-3gjg-hfhp

CVSS3: 4.3

github

10 дней назад

SUSE-SU-2025:01889-1

suse-cvrf

8 дней назад

Security update for nbdkit

4.3 Medium

CVSS3