DEBIAN-CVE-2023-5215

DEBIAN-CVE-2023-5215 PUBLISHED CVSS 6.5 MEDIUM

A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbd_get_size() function correctly.

Risk Scores

CVSS 3.1

6.5

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:11	libnbd	1.12.7-1, 1.10.2-1, 1.10.3-1
Debian:12	libnbd	1.16.5-1, 1.18.0-1, 1.24.1-1
Debian:13	libnbd	0, 0, 0
Debian:14	libnbd	0, 0, 0

Timeline

Sep 28, 2023 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2023-5215 advisory

Open in Interactive Console →