Untriaged
Permalink
CVE-2025-47711
4.3 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): LOW
Nbdkit: nbdkit-server: off-by-one error when processing block status may lead to a denial of service
There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical internal error, leading to a denial-of-service.
References
- https://access.redhat.com/security/cve/CVE-2025-47711 x_refsource_REDHAT vdb-entry
- RHBZ#2365687 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-47711 x_refsource_REDHAT vdb-entry
- RHBZ#2365687 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-47711 x_refsource_REDHAT vdb-entry
- RHBZ#2365687 issue-tracking x_refsource_REDHAT
- RHBZ#2365687 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-47711 x_refsource_REDHAT vdb-entry
- https://access.redhat.com/security/cve/CVE-2025-47711 x_refsource_REDHAT vdb-entry
- RHBZ#2365687 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-47711 x_refsource_REDHAT vdb-entry
- RHBZ#2365687 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-47711 x_refsource_REDHAT vdb-entry
- RHBZ#2365687 issue-tracking x_refsource_REDHAT
- RHBZ#2365687 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-47711 x_refsource_REDHAT vdb-entry
Affected products
nbdkit
- <1.42.3
- <1.40.6
- <1.38.6
virt:av/nbdkit
virt:8.2/nbdkit
virt:rhel/nbdkit
Package maintainers
-
@lukts30 lukts30 <llukas21307@gmail.com>