Nixpkgs Security Tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: libnbd

Found 4 matching suggestions

Published
Permalink CVE-2025-14946
updated 1 month, 1 week ago by @LeSuisse Activity log
  • Created automatic suggestion 1 month, 1 week ago
  • @LeSuisse removed
    3 packages
    • ocamlPackages.nbd
    • python312Packages.libnbd
    • python313Packages.libnbd
    1 month, 1 week ago
  • @LeSuisse removed maintainer @akshatagarwl 1 month, 1 week ago
  • @LeSuisse accepted 1 month, 1 week ago
  • @LeSuisse published on GitHub 1 month, 1 week ago
Libnbd: libnbd: arbitrary code execution via ssh argument injection through a malicious uri

A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier (URI). This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure Shell (SSH) process, rather than as hostnames. This could lead to arbitrary code execution with the privileges of the user running libnbd.

Affected products

libnbd
  • <1.22.5
  • <1.23.9
virt:rhel/libnbd
container-native-virtualization/virt-cdi-cloner
container-native-virtualization/virt-cdi-importer
container-native-virtualization/virt-cdi-operator
container-native-virtualization/virt-cdi-apiserver
container-native-virtualization/virt-cdi-controller
container-native-virtualization/virt-cdi-uploadproxy
container-native-virtualization/virt-cdi-cloner-rhel9
container-native-virtualization/virt-cdi-uploadserver
container-native-virtualization/virt-cdi-importer-rhel9
container-native-virtualization/virt-cdi-operator-rhel9
container-native-virtualization/virt-cdi-apiserver-rhel9
container-native-virtualization/virt-cdi-controller-rhel9
container-native-virtualization/virt-cdi-uploadproxy-rhel9
container-native-virtualization/virt-cdi-uploadserver-rhel9

Matching in nixpkgs

Package maintainers

Ignored maintainers (1) 
https://lists.libguestfs.org/archives/list/guestfs@lists.libguestfs.org/message/WTUYQOUVHYQVGER3G2AFWN3IYSIU3KTO/
Untriaged
Permalink CVE-2024-7383
created 5 months ago
Libnbd: nbd server improper certificate validation

A flaw was found in libnbd. The client did not always correctly verify the NBD server's certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traffic.

Affected products

libnbd
  • <1.20.2
  • <1.18.5
  • *
virt:rhel
  • *
virt:av/libnbd
virt-devel:rhel
  • *
virt:rhel/libnbd

Matching in nixpkgs

pkgs.libnbd

Network Block Device client library in userspace

  • nixos-unstable -

Package maintainers

Untriaged
Permalink CVE-2023-5871
created 5 months ago
Libnbd: a malicious nbd server may crash libnbd

A flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing Block Devices such as hard disks over a Network. This issue may allow a malicious NBD server to cause a Denial of Service.

Affected products

libnbd
  • ==1.18.2
  • *
virt:rhel/libnbd

Matching in nixpkgs

pkgs.libnbd

Network Block Device client library in userspace

  • nixos-unstable -

Package maintainers

Untriaged
Permalink CVE-2023-5215
created 5 months ago
Libnbd: nbs server does not return expeted block size

A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbd_get_size() function correctly.

Affected products

libnbd
  • ==1.18.0
  • *
virt:av/libnbd
virt:rhel/libnbd
virt-devel:av/libnbd

Matching in nixpkgs

pkgs.libnbd

Network Block Device client library in userspace

  • nixos-unstable -

Package maintainers