Vulnerability Details : CVE-2022-26495
In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages.
Vulnerability category: Overflow
Products affected by CVE-2022-26495
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
- cpe:2.3:a:network_block_device_project:network_block_device:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-26495
0.55%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 78 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-26495
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2022-26495
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-26495
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU5JFD4PEJED72TZLZ5R2Q2SFXICU5I5/
[SECURITY] Fedora 35 Update: nbd-3.24-1.fc35 - package-announce - Fedora Mailing-Lists
-
https://sourceforge.net/projects/nbd/files/nbd/
Network Block Device - Browse /nbd at SourceForge.netProduct;Release Notes;Third Party Advisory
-
https://security.gentoo.org/glsa/202402-10
NBD Tools: Multiple Vulnerabilities (GLSA 202402-10) — Gentoo security
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G2UPX62BIWOOHSACGUDB7E3O4URNN37F/
[SECURITY] Fedora 36 Update: nbd-3.24-1.fc36 - package-announce - Fedora Mailing-Lists
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZHR73XMAJTCFGKUZRXVTZKCK2X3IFNA/
[SECURITY] Fedora 34 Update: nbd-3.24-1.fc34 - package-announce - Fedora Mailing-ListsIssue Tracking;Third Party Advisory
-
https://lists.debian.org/nbd/2022/01/msg00037.html
report security problem of nbdExploit;Mailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G2UPX62BIWOOHSACGUDB7E3O4URNN37F/
[SECURITY] Fedora 36 Update: nbd-3.24-1.fc36 - package-announce - Fedora Mailing-ListsIssue Tracking;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2022/03/msg00014.html
[SECURITY] [DLA 2944-1] nbd security updateMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZHR73XMAJTCFGKUZRXVTZKCK2X3IFNA/
[SECURITY] Fedora 34 Update: nbd-3.24-1.fc34 - package-announce - Fedora Mailing-Lists
-
https://www.debian.org/security/2022/dsa-5100
Debian -- Security Information -- DSA-5100-1 nbdThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PU5JFD4PEJED72TZLZ5R2Q2SFXICU5I5/
[SECURITY] Fedora 35 Update: nbd-3.24-1.fc35 - package-announce - Fedora Mailing-ListsIssue Tracking;Third Party Advisory
Jump to