VDB

GCVE-110-MAGEIA-2022-403

GCVE-110-MAGEIA-2022-403
Advisory Published
Vulnetix · Advisory published November 1, 2022
It was discovered that nbd prior to 3.24 contained an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name resulting in a write to a dangling pointer (CVE-2022-26495). Stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name. (CVE-2022-26496) Packaging has been adjusted to create the required nbd user and group at installation.

Affected Products

VendorProductVersionsPlatforms
Mageianbd0 (affected), 3.24-1.2.mga8 (unaffected)

Browse GCVE Records

73,280 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›