CVE-2022-26495

Published: 3/6/2022 Last updated: 8/3/2024 Reserved: 3/6/2022

In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (1)

nbd-tool

Products affected (1)

Product	Vendor	Version
n/a	n/a	< 10.0.20348.1668

References (16)

https://lists.debian.org/nbd/2022/01/msg00037.html
https://sourceforge.net/projects/nbd/files/nbd/
https://lists.debian.org/debian-lts-announce/2022/03/msg00014.html
https://www.debian.org/security/2022/dsa-5100
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZHR73XMAJTCFGKUZRXVTZKCK2X3IFNA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PU5JFD4PEJED72TZLZ5R2Q2SFXICU5I5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G2UPX62BIWOOHSACGUDB7E3O4URNN37F/
https://security.gentoo.org/glsa/202402-10
https://lists.debian.org/nbd/2022/01/msg00037.html
https://sourceforge.net/projects/nbd/files/nbd/
https://lists.debian.org/debian-lts-announce/2022/03/msg00014.html
https://www.debian.org/security/2022/dsa-5100
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZHR73XMAJTCFGKUZRXVTZKCK2X3IFNA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PU5JFD4PEJED72TZLZ5R2Q2SFXICU5I5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G2UPX62BIWOOHSACGUDB7E3O4URNN37F/
https://security.gentoo.org/glsa/202402-10