VDB
CVE-2022-26496
CVE-2022-26496
PUBLISHED
CVSS 7.5 HIGH
In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name.
EPSS 0.42% · 62.3th percentile
Risk Scores
CVSS v2.0
7.5
EPSS Score
0.42%
62.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| network_block_device_project | network_block_device | 0 |
| debian | debian_linux | 10.0, 11.0 |
| n/a | n/a | n/a |
| fedoraproject | fedora | 36, 34, 35 |
Timeline
- Mar 6, 2022 CVE Published
- Mar 6, 2022 EPSS Score
- Apr 26, 2022 EPSS Score
- Aug 8, 2022 EPSS Score
- Sep 29, 2022 EPSS Score
- Nov 19, 2022 EPSS Score
- Mar 2, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 23, 2023 EPSS Score
- Aug 4, 2023 EPSS Score
- Sep 24, 2023 EPSS Score
- Nov 15, 2023 EPSS Score
References
- https://lists.debian.org/nbd/2022/01/msg00037.html url
- https://sourceforge.net/projects/nbd/files/nbd/ url
- https://lists.debian.org/nbd/2022/01/msg00036.html url
- DSA-5100 vendor-advisory
- FEDORA-2022-62adf9a1e0 vendor-advisory
- FEDORA-2022-807e431d5f vendor-advisory
- FEDORA-2022-263873fb70 vendor-advisory
- http://packetstormsecurity.com/files/172148/Shannon-Baseband-fmtp-SDP-Attribute-Memory-Corruption.html url
- GLSA-202402-10 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-26496 advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G2UPX62BIWOOHSACGUDB7E3O4URNN37F url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZHR73XMAJTCFGKUZRXVTZKCK2X3IFNA url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU5JFD4PEJED72TZLZ5R2Q2SFXICU5I5 url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G2UPX62BIWOOHSACGUDB7E3O4URNN37F url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZHR73XMAJTCFGKUZRXVTZKCK2X3IFNA url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PU5JFD4PEJED72TZLZ5R2Q2SFXICU5I5 url
- https://sourceforge.net/projects/nbd/files/nbd url