CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-5871 – Libnbd: malicious nbd server may crash libnbd
https://notcve.org/view.php?id=CVE-2023-5871
A flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing Block Devices such as hard disks over a Network. This issue may allow a malicious NBD server to cause a Denial of Service. Se encontró una falla en libnbd debido a un Network Block Device (NBD) malicioso, un protocolo para acceder a dispositivos de bloque, como discos duros, a través de una red. Este problema puede permitir que un servidor NBD malintencionado provoque una Denegación de Servicio. • https://access.redhat.com/errata/RHSA-2024:2204 https://access.redhat.com/security/cve/CVE-2023-5871 https://bugzilla.redhat.com/show_bug.cgi?id=2247308 https://lists.libguestfs.org/archives/list/guestfs@lists.libguestfs.org/thread/PFVUCMPFQUDC23JXSCUUPXIGDZ7XCFMD • CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2023-5215 – Libnbd: crash or misbehaviour when nbd server returns an unexpected block size
https://notcve.org/view.php?id=CVE-2023-5215
A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbd_get_size() function correctly. Se encontró una falla en libnbd. Un servidor puede responder con un tamaño de bloque mayor que 2^63 (la especificación NBD establece que el tamaño es un valor sin signo de 64 bits). • https://access.redhat.com/errata/RHSA-2024:2204 https://access.redhat.com/security/cve/CVE-2023-5215 https://bugzilla.redhat.com/show_bug.cgi?id=2241041 https://listman.redhat.com/archives/libguestfs/2023-September/032635.html • CWE-241: Improper Handling of Unexpected Data Type CWE-252: Unchecked Return Value •