Untriaged
Permalink
CVE-2023-5215
5.3 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): ADJACENT_NETWORK
- Attack complexity (AC): HIGH
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): HIGH
Libnbd: nbs server does not return expeted block size
A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbd_get_size() function correctly.
References
- RHBZ#2241041 issue-tracking x_refsource_REDHAT
- https://listman.redhat.com/archives/libguestfs/2023-September/032635.html
- https://access.redhat.com/security/cve/CVE-2023-5215 x_refsource_REDHAT vdb-entry
- https://access.redhat.com/security/cve/CVE-2023-5215 x_refsource_REDHAT vdb-entry
- RHBZ#2241041 issue-tracking x_refsource_REDHAT
- https://listman.redhat.com/archives/libguestfs/2023-September/032635.html
- https://access.redhat.com/security/cve/CVE-2023-5215 x_refsource_REDHAT vdb-entry
- RHBZ#2241041 issue-tracking x_refsource_REDHAT
- https://listman.redhat.com/archives/libguestfs/2023-September/032635.html
- https://access.redhat.com/security/cve/CVE-2023-5215 x_refsource_REDHAT vdb-entry
- RHBZ#2241041 issue-tracking x_refsource_REDHAT
- https://listman.redhat.com/archives/libguestfs/2023-September/032635.html
- https://access.redhat.com/security/cve/CVE-2023-5215 x_refsource_REDHAT vdb-entry
- RHBZ#2241041 issue-tracking x_refsource_REDHAT
- https://listman.redhat.com/archives/libguestfs/2023-September/032635.html
- https://access.redhat.com/security/cve/CVE-2023-5215 x_refsource_REDHAT vdb-entry
- RHBZ#2241041 issue-tracking x_refsource_REDHAT
- https://listman.redhat.com/archives/libguestfs/2023-September/032635.html
- RHBZ#2241041 issue-tracking x_refsource_REDHAT
- https://listman.redhat.com/archives/libguestfs/2023-September/032635.html
- RHSA-2024:2204 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-5215 x_refsource_REDHAT vdb-entry
- RHBZ#2241041 issue-tracking x_refsource_REDHAT
- https://listman.redhat.com/archives/libguestfs/2023-September/032635.html
- RHSA-2024:2204 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-5215 x_refsource_REDHAT vdb-entry
- RHSA-2024:2204 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-5215 x_refsource_REDHAT vdb-entry
- RHBZ#2241041 issue-tracking x_refsource_REDHAT
- https://listman.redhat.com/archives/libguestfs/2023-September/032635.html
- RHSA-2024:2204 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-5215 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2241041 issue-tracking x_refsource_REDHAT x_transferred
- https://listman.redhat.com/archives/libguestfs/2023-September/032635.html x_transferred
- RHSA-2024:2204 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-5215 x_refsource_REDHAT vdb-entry
- RHBZ#2241041 issue-tracking x_refsource_REDHAT
- https://listman.redhat.com/archives/libguestfs/2023-September/032635.html
- RHSA-2024:2204 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-5215 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2241041 issue-tracking x_refsource_REDHAT x_transferred
- https://listman.redhat.com/archives/libguestfs/2023-September/032635.html x_transferred
- RHSA-2024:2204 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-5215 x_refsource_REDHAT vdb-entry
- RHBZ#2241041 issue-tracking x_refsource_REDHAT
- https://listman.redhat.com/archives/libguestfs/2023-September/032635.html
- https://listman.redhat.com/archives/libguestfs/2023-September/032635.html x_transferred
- RHSA-2024:2204 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-5215 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2241041 issue-tracking x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2023-5215 x_refsource_REDHAT vdb-entry
- RHBZ#2241041 issue-tracking x_refsource_REDHAT
- https://listman.redhat.com/archives/libguestfs/2023-September/032635.html
- RHSA-2024:2204 x_refsource_REDHAT vendor-advisory
- RHSA-2024:2204 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-5215 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2241041 issue-tracking x_refsource_REDHAT x_transferred
- https://listman.redhat.com/archives/libguestfs/2023-September/032635.html x_transferred
- RHBZ#2241041 issue-tracking x_refsource_REDHAT
- https://listman.redhat.com/archives/libguestfs/2023-September/032635.html
- RHSA-2024:2204 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-5215 x_refsource_REDHAT vdb-entry
- RHSA-2024:2204 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-5215 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2241041 issue-tracking x_refsource_REDHAT x_transferred
- https://listman.redhat.com/archives/libguestfs/2023-September/032635.html x_transferred
- RHSA-2024:2204 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-5215 x_refsource_REDHAT vdb-entry
- RHBZ#2241041 issue-tracking x_refsource_REDHAT
- https://listman.redhat.com/archives/libguestfs/2023-September/032635.html
- https://access.redhat.com/security/cve/CVE-2023-5215 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2241041 issue-tracking x_refsource_REDHAT x_transferred
- https://listman.redhat.com/archives/libguestfs/2023-September/032635.html x_transferred
- RHSA-2024:2204 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:2204 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-5215 x_refsource_REDHAT vdb-entry
- RHBZ#2241041 issue-tracking x_refsource_REDHAT
- https://listman.redhat.com/archives/libguestfs/2023-September/032635.html
- RHSA-2024:2204 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-5215 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2241041 issue-tracking x_refsource_REDHAT x_transferred
- https://listman.redhat.com/archives/libguestfs/2023-September/032635.html x_transferred
- RHSA-2024:2204 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-5215 x_refsource_REDHAT vdb-entry
- RHBZ#2241041 issue-tracking x_refsource_REDHAT
- https://listman.redhat.com/archives/libguestfs/2023-September/032635.html
- https://listman.redhat.com/archives/libguestfs/2023-September/032635.html x_transferred
- RHSA-2024:2204 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-5215 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2241041 issue-tracking x_refsource_REDHAT x_transferred
- RHSA-2024:2204 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-5215 x_refsource_REDHAT vdb-entry
- RHBZ#2241041 issue-tracking x_refsource_REDHAT
- https://listman.redhat.com/archives/libguestfs/2023-September/032635.html
- RHSA-2024:2204 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-5215 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2241041 issue-tracking x_refsource_REDHAT x_transferred
- https://listman.redhat.com/archives/libguestfs/2023-September/032635.html x_transferred
- RHSA-2024:2204 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-5215 x_refsource_REDHAT vdb-entry
- RHBZ#2241041 issue-tracking x_refsource_REDHAT
- https://listman.redhat.com/archives/libguestfs/2023-September/032635.html
- RHSA-2024:2204 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-5215 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2241041 issue-tracking x_refsource_REDHAT x_transferred
- https://listman.redhat.com/archives/libguestfs/2023-September/032635.html x_transferred
- https://listman.redhat.com/archives/libguestfs/2023-September/032635.html
- RHSA-2024:2204 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-5215 x_refsource_REDHAT vdb-entry
- RHBZ#2241041 issue-tracking x_refsource_REDHAT
- RHSA-2024:2204 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-5215 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2241041 issue-tracking x_refsource_REDHAT x_transferred
- https://listman.redhat.com/archives/libguestfs/2023-September/032635.html x_transferred
Affected products
libnbd
- ==1.18.0
- *
virt:av/libnbd
virt:rhel/libnbd
virt-devel:av/libnbd
Matching in nixpkgs
pkgs.libnbd
Network Block Device client library in userspace
-
nixos-unstable -
- nixpkgs-unstable 1.22.1
pkgs.python312Packages.libnbd
Network Block Device client library in userspace
-
nixos-unstable -
- nixpkgs-unstable 1.22.1
pkgs.python313Packages.libnbd
Network Block Device client library in userspace
-
nixos-unstable -
- nixpkgs-unstable 1.22.1
Package maintainers
-
@akshatagarwl Akshat Agarwal <humancalico@disroot.org>