NIXPKGS-2026-0010

published on

Permalink CVE-2025-14946

4.8 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): Low (L)
Availability (A): Low (L)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): Low (L)
Modified Availability (MA): Low (L)

updated 4 months, 2 weeks ago by @LeSuisse Activity log

Created suggestion 4 months, 2 weeks ago
@LeSuisse ignored
3 packages
- ocamlPackages.nbd
- python312Packages.libnbd
- python313Packages.libnbd
4 months, 2 weeks ago
@LeSuisse deleted maintainer @akshatagarwl 4 months, 2 weeks ago maintainer.delete
@LeSuisse accepted 4 months, 2 weeks ago
@LeSuisse published on GitHub 4 months, 2 weeks ago

Libnbd: libnbd: arbitrary code execution via ssh argument injection through a malicious uri

A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier (URI). This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure Shell (SSH) process, rather than as hostnames. This could lead to arbitrary code execution with the privileges of the user running libnbd.

References

https://access.redhat.com/security/cve/CVE-2025-14946 vdb-entryx_refsource_REDHAT
RHBZ#2423789 issue-trackingx_refsource_REDHAT
https://libguestfs.org/libnbd-release-notes-1.24.1.html#Security

Affected products

libnbd

<1.23.9
<1.22.5

virt:rhel/libnbd

container-native-virtualization/virt-cdi-cloner

container-native-virtualization/virt-cdi-importer

container-native-virtualization/virt-cdi-operator

container-native-virtualization/virt-cdi-apiserver

container-native-virtualization/virt-cdi-controller

container-native-virtualization/virt-cdi-uploadproxy

container-native-virtualization/virt-cdi-cloner-rhel9

container-native-virtualization/virt-cdi-uploadserver

container-native-virtualization/virt-cdi-importer-rhel9

container-native-virtualization/virt-cdi-operator-rhel9

container-native-virtualization/virt-cdi-apiserver-rhel9

container-native-virtualization/virt-cdi-controller-rhel9

container-native-virtualization/virt-cdi-uploadproxy-rhel9

container-native-virtualization/virt-cdi-uploadserver-rhel9

Matching in nixpkgs

pkgs.libnbd

Network Block Device client library in userspace

nixos-unstable 1.22.1
- nixpkgs-unstable 1.22.1
- nixos-unstable-small 1.22.1

Ignored packages (3)

pkgs.ocamlPackages.nbd

Network Block Device client library in userspace

nixos-unstable 1.22.1
- nixpkgs-unstable 1.22.1
- nixos-unstable-small 1.22.1

pkgs.python312Packages.libnbd

Network Block Device client library in userspace

nixos-unstable 1.22.1
- nixpkgs-unstable 1.22.1
- nixos-unstable-small 1.22.1

pkgs.python313Packages.libnbd

Network Block Device client library in userspace

nixos-unstable 1.22.1
- nixpkgs-unstable 1.22.1
- nixos-unstable-small 1.22.1

Package maintainers

Ignored maintainers (1)

@akshatagarwl Akshat Agarwal <humancalico@disroot.org>

https://lists.libguestfs.org/archives/list/guestfs@lists.libguestfs.org/message/WTUYQOUVHYQVGER3G2AFWN3IYSIU3KTO/

Nixpkgs security tracker

Details of issue NIXPKGS-2026-0010

References

Affected products

Matching in nixpkgs

pkgs.libnbd

pkgs.ocamlPackages.nbd

pkgs.python312Packages.libnbd

pkgs.python313Packages.libnbd

Package maintainers