Vulnerability Details : CVE-2023-5871
A flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing Block Devices such as hard disks over a Network. This issue may allow a malicious NBD server to cause a Denial of Service.
Vulnerability category: Denial of service
Products affected by CVE-2023-5871
- cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libnbd:*:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libnbd:1.19.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-5871
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 38 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-5871
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
3.9
|
1.4
|
NIST | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
3.9
|
1.4
|
Red Hat, Inc. |
CWE ids for CVE-2023-5871
-
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.Assigned by: secalert@redhat.com (Secondary)
-
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
-
The product uses security features in a way that prevents the product's administrator from tailoring security settings to reflect the environment in which the product is being used. This introduces resultant weaknesses or prevents it from operating at a level of security that is desired by the administrator.Assigned by: secalert@redhat.com (Secondary)
References for CVE-2023-5871
-
https://access.redhat.com/errata/RHSA-2024:2204
RHSA-2024:2204 - Security Advisory - Red Hat Customer Portal
-
https://bugzilla.redhat.com/show_bug.cgi?id=2247308
2247308 – (CVE-2023-5871) CVE-2023-5871 libnbd: A malicious NBD server may crash libnbdIssue Tracking;Vendor Advisory
-
https://access.redhat.com/security/cve/CVE-2023-5871
CVE-2023-5871- Red Hat Customer PortalVendor Advisory
-
https://lists.libguestfs.org/archives/list/guestfs@lists.libguestfs.org/thread/PFVUCMPFQUDC23JXSCUUPXIGDZ7XCFMD/
LIBNBD SECURITY: Assertion failure in nbd_block_status() - Libguestfs - Libguestfs List ArchivesMailing List;Patch
Jump to