[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [BUG] nbd-server: Remote stack-based buffer overflow


Thanks; sorry for the delay.

On Sun, Jan 23, 2022 at 02:10:18PM +0000, Dialluvioso wrote:
>    There is a remote exploitable stack-based buffer overflow in line 2299
>    `handle_info` (`nbd-server.c`), fields `len` and `namelen` aren't properly
>    checked therefore `socked_read` will overflow local buffer `buf` (max size
>    1024 bytes).
>    For reproducing the issue, you only need to perform the negotiation of the
>    protocol and send a `NB_OPT_INFO` or `NBD_OPT_GO` request with a malformed
>    `len`.

This is now CVE-2022-26496, and has been fixed on git master (I will
release a new NBD package later today).


Reply to: