CVE-2011-0530

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Buffer overflow in the mainloop function in nbd-server.c in the server in Network Block Device (nbd) before 2.9.20 might allow remote attackers to execute arbitrary code via a long request. NOTE: this issue exists because of a CVE-2005-3534 regression.

Desbordamiento de búfer en la función mainloop en NBD-server.c en Network Block Device (nbd) antes de v2.9.20 podría permitir a atacantes remotos ejecutar código de su elección a través de una solicitud extensa. NOTA: este problema existe debido a una regresión CVE-2005-3534.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2011-01-20 CVE Reserved
2011-02-22 CVE Published
2024-08-06 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (17)

URL	Tag	Source
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611187	X_refsource_confirm
http://secunia.com/advisories/43610	Third Party Advisory
http://www.securityfocus.com/bid/46572	Vdb Entry
http://www.vupen.com/english/advisories/2011/0582	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/65720	Vdb Entry

URL	Date	SRC

URL	Date	SRC
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054071.html	2017-08-17
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054083.html	2017-08-17
http://openwall.com/lists/oss-security/2011/01/28/3	2017-08-17
http://openwall.com/lists/oss-security/2011/01/31/7	2017-08-17
https://bugzilla.redhat.com/show_bug.cgi?id=673562	2017-08-17
https://github.com/yoe/nbd/commit/3ef52043861ab16352d49af89e048ba6339d6df8	2017-08-17

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html	2017-08-17
http://secunia.com/advisories/43353	2017-08-17
http://security.gentoo.org/glsa/glsa-201206-35.xml	2017-08-17
http://www.debian.org/security/2011/dsa-2183	2017-08-17
http://www.vupen.com/english/advisories/2011/0403	2017-08-17
https://hermes.opensuse.org/messages/8086846	2017-08-17

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Wouter Verhelst Search vendor "Wouter Verhelst"		Nbd Search vendor "Wouter Verhelst" for product "Nbd"				<= 2.9.19 Search vendor "Wouter Verhelst" for product "Nbd" and version " <= 2.9.19"		-		Affected
Wouter Verhelst Search vendor "Wouter Verhelst"		Nbd Search vendor "Wouter Verhelst" for product "Nbd"				2.9.0 Search vendor "Wouter Verhelst" for product "Nbd" and version "2.9.0"		-		Affected
Wouter Verhelst Search vendor "Wouter Verhelst"		Nbd Search vendor "Wouter Verhelst" for product "Nbd"				2.9.1 Search vendor "Wouter Verhelst" for product "Nbd" and version "2.9.1"		-		Affected
Wouter Verhelst Search vendor "Wouter Verhelst"		Nbd Search vendor "Wouter Verhelst" for product "Nbd"				2.9.2 Search vendor "Wouter Verhelst" for product "Nbd" and version "2.9.2"		-		Affected
Wouter Verhelst Search vendor "Wouter Verhelst"		Nbd Search vendor "Wouter Verhelst" for product "Nbd"				2.9.3 Search vendor "Wouter Verhelst" for product "Nbd" and version "2.9.3"		-		Affected
Wouter Verhelst Search vendor "Wouter Verhelst"		Nbd Search vendor "Wouter Verhelst" for product "Nbd"				2.9.4 Search vendor "Wouter Verhelst" for product "Nbd" and version "2.9.4"		-		Affected
Wouter Verhelst Search vendor "Wouter Verhelst"		Nbd Search vendor "Wouter Verhelst" for product "Nbd"				2.9.5 Search vendor "Wouter Verhelst" for product "Nbd" and version "2.9.5"		-		Affected
Wouter Verhelst Search vendor "Wouter Verhelst"		Nbd Search vendor "Wouter Verhelst" for product "Nbd"				2.9.6 Search vendor "Wouter Verhelst" for product "Nbd" and version "2.9.6"		-		Affected
Wouter Verhelst Search vendor "Wouter Verhelst"		Nbd Search vendor "Wouter Verhelst" for product "Nbd"				2.9.7 Search vendor "Wouter Verhelst" for product "Nbd" and version "2.9.7"		-		Affected
Wouter Verhelst Search vendor "Wouter Verhelst"		Nbd Search vendor "Wouter Verhelst" for product "Nbd"				2.9.8 Search vendor "Wouter Verhelst" for product "Nbd" and version "2.9.8"		-		Affected
Wouter Verhelst Search vendor "Wouter Verhelst"		Nbd Search vendor "Wouter Verhelst" for product "Nbd"				2.9.9 Search vendor "Wouter Verhelst" for product "Nbd" and version "2.9.9"		-		Affected
Wouter Verhelst Search vendor "Wouter Verhelst"		Nbd Search vendor "Wouter Verhelst" for product "Nbd"				2.9.10 Search vendor "Wouter Verhelst" for product "Nbd" and version "2.9.10"		-		Affected
Wouter Verhelst Search vendor "Wouter Verhelst"		Nbd Search vendor "Wouter Verhelst" for product "Nbd"				2.9.11 Search vendor "Wouter Verhelst" for product "Nbd" and version "2.9.11"		-		Affected
Wouter Verhelst Search vendor "Wouter Verhelst"		Nbd Search vendor "Wouter Verhelst" for product "Nbd"				2.9.12 Search vendor "Wouter Verhelst" for product "Nbd" and version "2.9.12"		-		Affected
Wouter Verhelst Search vendor "Wouter Verhelst"		Nbd Search vendor "Wouter Verhelst" for product "Nbd"				2.9.13 Search vendor "Wouter Verhelst" for product "Nbd" and version "2.9.13"		-		Affected
Wouter Verhelst Search vendor "Wouter Verhelst"		Nbd Search vendor "Wouter Verhelst" for product "Nbd"				2.9.14 Search vendor "Wouter Verhelst" for product "Nbd" and version "2.9.14"		-		Affected
Wouter Verhelst Search vendor "Wouter Verhelst"		Nbd Search vendor "Wouter Verhelst" for product "Nbd"				2.9.15 Search vendor "Wouter Verhelst" for product "Nbd" and version "2.9.15"		-		Affected
Wouter Verhelst Search vendor "Wouter Verhelst"		Nbd Search vendor "Wouter Verhelst" for product "Nbd"				2.9.16 Search vendor "Wouter Verhelst" for product "Nbd" and version "2.9.16"		-		Affected
Wouter Verhelst Search vendor "Wouter Verhelst"		Nbd Search vendor "Wouter Verhelst" for product "Nbd"				2.9.17 Search vendor "Wouter Verhelst" for product "Nbd" and version "2.9.17"		-		Affected
Wouter Verhelst Search vendor "Wouter Verhelst"		Nbd Search vendor "Wouter Verhelst" for product "Nbd"				2.9.18 Search vendor "Wouter Verhelst" for product "Nbd" and version "2.9.18"		-		Affected