Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2022-26495

Published: 06/03/2022 Updated: 04/02/2024
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Network Block Device

Vulnerability Summary

In nbd-server in nbd prior to 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

network block device project network block device

debian debian linux 9.0

debian debian linux 10.0

debian debian linux 11.0

fedoraproject fedora 34

fedoraproject fedora 35

fedoraproject fedora 36

Vendor Advisories

Debian CVElist Bug Report Logs: security issues in nbd-server: CVE-2022-26495 CVE-2022-26496
Debian Bug report logs - #1006915 security issues in nbd-server: CVE-2022-26495 CVE-2022-26496 Package: src:nbd; Maintainer for src:nbd is Wouter Verhelst <wouter@debianorg>; Reported by: Wouter Verhelst <wouter@debianorg> Date: Tue, 8 Mar 2022 08:09:01 UTC Severity: serious Tags: fixed-upstream, security, upstrea ...
Debian Security Advisories: DSA-5100-1 nbd -- security update
Two vulnerabilities were discovered in the server for the Network Block Device (NBD), which could result in the execution of arbitrary code For the oldstable distribution (buster), these problems have been fixed in version 1:319-3+deb10u1 For the stable distribution (bullseye), these problems have been fixed in version 1:321-1+deb11u1 We recom ...

References

CWE-190https://sourceforge.net/projects/nbd/files/nbd/https://lists.debian.org/nbd/2022/01/msg00037.htmlhttps://lists.debian.org/debian-lts-announce/2022/03/msg00014.htmlhttps://www.debian.org/security/2022/dsa-5100https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZHR73XMAJTCFGKUZRXVTZKCK2X3IFNA/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU5JFD4PEJED72TZLZ5R2Q2SFXICU5I5/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G2UPX62BIWOOHSACGUDB7E3O4URNN37F/https://security.gentoo.org/glsa/202402-10https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006915https://www.debian.org/security/2022/dsa-5100https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886insecure direct object referenceCVE-2024-34342file inclusionCVE-2024-34562CVE-2024-34347CVE-2024-26026CVE-2024-4647unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook