rpm package
opensuse/libnbd&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/libnbd&distro=openSUSE%20Tumbleweed
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-14946 | Med | 4.8 | < 1.24.0-2.1 | 1.24.0-2.1 | Dec 19, 2025 | A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier (URI). This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure | |
| CVE-2024-7383 | Hig | 7.4 | < 1.20.2-1.1 | 1.20.2-1.1 | Aug 5, 2024 | A flaw was found in libnbd. The client did not always correctly verify the NBD server's certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traffic. | |
| CVE-2023-5871 | — | < 1.18.1-2.1 | 1.18.1-2.1 | Nov 27, 2023 | A flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing Block Devices such as hard disks over a Network. This issue may allow a malicious NBD server to cause a Denial of Service. | ||
| CVE-2023-5215 | — | < 1.18.0-1.1 | 1.18.0-1.1 | Sep 28, 2023 | A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbd_g | ||
| CVE-2022-0485 | — | < 1.10.4-1.1 | 1.10.4-1.1 | Aug 29, 2022 | A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the | ||
| CVE-2021-20286 | — | < 1.9.3-1.2 | 1.9.3-1.2 | Mar 15, 2021 | A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead to denial of service. |
- affected < 1.24.0-2.1fixed 1.24.0-2.1
A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier (URI). This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure
- affected < 1.20.2-1.1fixed 1.20.2-1.1
A flaw was found in libnbd. The client did not always correctly verify the NBD server's certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traffic.
- CVE-2023-5871Nov 27, 2023affected < 1.18.1-2.1fixed 1.18.1-2.1
A flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing Block Devices such as hard disks over a Network. This issue may allow a malicious NBD server to cause a Denial of Service.
- CVE-2023-5215Sep 28, 2023affected < 1.18.0-1.1fixed 1.18.0-1.1
A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbd_g
- CVE-2022-0485Aug 29, 2022affected < 1.10.4-1.1fixed 1.10.4-1.1
A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the
- CVE-2021-20286Mar 15, 2021affected < 1.9.3-1.2fixed 1.9.3-1.2
A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead to denial of service.