CVE-2022-26496

Published: Mar 6, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://lists.debian.org/nbd/2022/01/msg00037.html

https://sourceforge.net/projects/nbd/files/nbd/

https://lists.debian.org/nbd/2022/01/msg00036.html

DSA-5100

vendor-advisory

FEDORA-2022-62adf9a1e0

vendor-advisory

FEDORA-2022-807e431d5f

vendor-advisory

FEDORA-2022-263873fb70

vendor-advisory

http://packetstormsecurity.com/files/172148/Shannon-Baseband-fmtp-SDP-Attribute-Memory-Corruption.html

GLSA-202402-10

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-26496

Description

Affected Products

References