CVE-2022-26496: In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name. CVE-2022-26495: In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages. https://lists.debian.org/nbd/2022/01/msg00036.html https://lists.debian.org/nbd/2022/01/msg00037.html Seems like there's an incorrect patch attached.
3.24 is released. https://github.com/NetworkBlockDevice/nbd/releases/tag/nbd-3.24 Seems to have commits for both issues.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c8a350785778feb0ced49ff5077174e0ea10c195 commit c8a350785778feb0ced49ff5077174e0ea10c195 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-06-01 00:39:08 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-06-01 01:25:09 +0000 sys-block/nbd: add 3.24 Bug: https://bugs.gentoo.org/834678 Signed-off-by: Sam James <sam@gentoo.org> sys-block/nbd/Manifest | 1 + sys-block/nbd/nbd-3.24.ebuild | 75 +++++++++++++++++++++++++++++++++++++++++++ sys-block/nbd/nbd-9999.ebuild | 22 +++++++++---- 3 files changed, 91 insertions(+), 7 deletions(-)
Ping. Please clean up ndb-3.21-r1.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0cc52c11f0603780dceb1535d8620ee91b858f83 commit 0cc52c11f0603780dceb1535d8620ee91b858f83 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-12-28 04:04:58 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-12-28 04:04:58 +0000 sys-block/nbd: drop 3.21-r1, 3.24 Bug: https://bugs.gentoo.org/834678 Signed-off-by: Sam James <sam@gentoo.org> sys-block/nbd/Manifest | 2 -- sys-block/nbd/nbd-3.21-r1.ebuild | 67 ---------------------------------- sys-block/nbd/nbd-3.24.ebuild | 77 ---------------------------------------- 3 files changed, 146 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=c7a3936d7b9a6b4a836663710ca581880d4d5130 commit c7a3936d7b9a6b4a836663710ca581880d4d5130 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-02-04 09:45:27 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-02-04 09:45:50 +0000 [ GLSA 202402-10 ] NBD Tools: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/834678 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202402-10.xml | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+)
