CVE-2022-26495

NameCVE-2022-26495
DescriptionIn nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-2944-1, DSA-5100-1
Debian Bugs1006915

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
nbd (PTS)bullseye (security), bullseye1:3.21-1+deb11u1fixed
bookworm1:3.24-1.1fixed
sid, trixie1:3.26.1-6fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
nbdsourcestretch1:3.15.2-3+deb9u1DLA-2944-1
nbdsourcebuster1:3.19-3+deb10u1DSA-5100-1
nbdsourcebullseye1:3.21-1+deb11u1DSA-5100-1
nbdsource(unstable)1:3.24-11006915

Notes

https://lists.debian.org/nbd/2022/01/msg00037.html

Search for package or bug name: Reporting problems