VDB
CVE-2022-26495
CVE-2022-26495
PUBLISHED
CVSS 7.5 HIGH
In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages.
EPSS 0.19% · 40.0th percentile
Risk Scores
CVSS v2.0
7.5
EPSS Score
0.19%
40.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| fedoraproject | fedora | 35, 36, 34 |
| network_block_device_project | network_block_device | 0 |
| n/a | n/a | * |
| debian | debian_linux | 10.0, 11.0, 9.0 |
Timeline
- Mar 6, 2022 CVE Published
- Mar 6, 2022 EPSS Score
- Apr 26, 2022 EPSS Score
- Jun 17, 2022 EPSS Score
- Sep 29, 2022 EPSS Score
- Nov 19, 2022 EPSS Score
- Jan 10, 2023 EPSS Score
- Mar 2, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 23, 2023 EPSS Score
- Aug 4, 2023 EPSS Score
- Sep 24, 2023 EPSS Score
References
- https://lists.debian.org/nbd/2022/01/msg00037.html url
- https://sourceforge.net/projects/nbd/files/nbd/ url
- [debian-lts-announce] 20220310 [SECURITY] [DLA 2944-1] nbd security update mailing-list
- DSA-5100 vendor-advisory
- FEDORA-2022-62adf9a1e0 vendor-advisory
- FEDORA-2022-807e431d5f vendor-advisory
- FEDORA-2022-263873fb70 vendor-advisory
- GLSA-202402-10 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-26495 advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G2UPX62BIWOOHSACGUDB7E3O4URNN37F url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZHR73XMAJTCFGKUZRXVTZKCK2X3IFNA url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU5JFD4PEJED72TZLZ5R2Q2SFXICU5I5 url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G2UPX62BIWOOHSACGUDB7E3O4URNN37F url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZHR73XMAJTCFGKUZRXVTZKCK2X3IFNA url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PU5JFD4PEJED72TZLZ5R2Q2SFXICU5I5 url
- https://sourceforge.net/projects/nbd/files/nbd url