rpm package
opensuse/nbdkit&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/nbdkit&distro=openSUSE%20Tumbleweed
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-47711 | — | < 1.42.3-1.1 | 1.42.3-1.1 | Jun 9, 2025 | There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical i | ||
| CVE-2025-47712 | — | < 1.42.3-1.1 | 1.42.3-1.1 | Jun 9, 2025 | A flaw exists in the nbdkit "blocksize" filter that can be triggered by a specific type of client request. When a client requests block status information for a very large data range, exceeding a certain limit, it causes an internal error in the nbdkit, leading to a denial of ser | ||
| CVE-2021-3716 | — | < 1.27.8-1.2 | 1.27.8-1.2 | Mar 2, 2022 | A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading th |
- CVE-2025-47711Jun 9, 2025affected < 1.42.3-1.1fixed 1.42.3-1.1
There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical i
- CVE-2025-47712Jun 9, 2025affected < 1.42.3-1.1fixed 1.42.3-1.1
A flaw exists in the nbdkit "blocksize" filter that can be triggered by a specific type of client request. When a client requests block status information for a very large data range, exceeding a certain limit, it causes an internal error in the nbdkit, leading to a denial of ser
- CVE-2021-3716Mar 2, 2022affected < 1.27.8-1.2fixed 1.27.8-1.2
A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading th