CVE-2023-5215 - OpenCVE

A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbd_get_size() function correctly.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Enterprise Linux Libnbd

Configuration 1 [-]

OR	cpe:2.3:a:redhat:libnbd::::::::
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

References

Link	Resource
https://access.redhat.com/errata/RHSA-2024:2204
https://access.redhat.com/security/cve/CVE-2023-5215	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2241041	Issue Tracking Vendor Advisory
https://listman.redhat.com/archives/libguestfs/2023-September/032635.html	Exploit Patch

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2023-09-28T13:55:32.462Z

Updated: 2024-05-01T20:21:22.207Z

Reserved: 2023-09-26T21:54:47.184Z

Link: CVE-2023-5215

JSON object: View

NVD Information

Status : Modified

Published: 2023-09-28T14:15:26.117

Modified: 2024-04-30T14:15:11.137

Link: CVE-2023-5215

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-5215", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-09-26T21:54:47.184Z", "datePublished": "2023-09-28T13:55:32.462Z", "dateUpdated": "2024-05-01T20:21:22.207Z"}, "containers": {"cna": {"title": "Libnbd: crash or misbehaviour when nbd server returns an unexpected block size", "metrics": [{"other": {"content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbd_get_size() function correctly."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libnbd", "defaultStatus": "affected", "versions": [{"version": "0:1.18.1-3.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "virt:rhel/libnbd", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8 Advanced Virtualization", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "virt:av/libnbd", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:advanced_virtualization:8::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8 Advanced Virtualization", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "virt-devel:av/libnbd", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:advanced_virtualization:8::el8"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:2204", "name": "RHSA-2024:2204", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-5215", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241041", "name": "RHBZ#2241041", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://listman.redhat.com/archives/libguestfs/2023-September/032635.html"}], "datePublic": "2023-09-21T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-241", "description": "Improper Handling of Unexpected Data Type", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-241: Improper Handling of Unexpected Data Type", "timeline": [{"lang": "en", "time": "2023-09-21T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-09-21T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-05-01T20:21:22.207Z"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:libnbd:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F80CC2D-BE95-4150-A78B-0C12345CCC87", "versionEndExcluding": "1.18.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbd_get_size() function correctly."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en libnbd. Un servidor puede responder con un tama\u00f1o de bloque mayor que 2^63 (la especificaci\u00f3n NBD establece que el tama\u00f1o es un valor sin signo de 64 bits). Este problema podr\u00eda provocar un bloqueo de la aplicaci\u00f3n u otro comportamiento no deseado para los clientes NBD que no traten correctamente el valor de retorno de la funci\u00f3n nbd_get_size()."}], "id": "CVE-2023-5215", "lastModified": "2024-04-30T14:15:11.137", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2023-09-28T14:15:26.117", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:2204"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-5215"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241041"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "https://listman.redhat.com/archives/libguestfs/2023-September/032635.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-252"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-241"}], "source": "secalert@redhat.com", "type": "Secondary"}]}