Описание
In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:3.16.2-1ubuntu0.2 |
| devel | released | 1:3.23-3ubuntu1 |
| esm-infra-legacy/trusty | needed | |
| esm-infra/bionic | not-affected | 1:3.16.2-1ubuntu0.2 |
| esm-infra/focal | not-affected | 1:3.20-1ubuntu0.1 |
| esm-infra/xenial | needed | |
| focal | released | 1:3.20-1ubuntu0.1 |
| impish | released | 1:3.21-1ubuntu0.1 |
| jammy | released | 1:3.23-3ubuntu1 |
| kinetic | released | 1:3.23-3ubuntu1 |
Показывать по
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name.
In nbd-server in nbd before 3.24, there is a stack-based buffer overfl ...
In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name.
Уязвимость реализации сетевых блочных устройств nbd, связанная с переполнением буфера в стека, позволяющая нарушителю выполнить произвольный код
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3