PublicDateAtUSN: 2022-03-06 06:15:00 UTC
Candidate: CVE-2022-26495
PublicDate: 2022-03-06 06:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26495
 https://lists.debian.org/nbd/2022/01/msg00037.html
 https://sourceforge.net/projects/nbd/files/nbd/
 https://ubuntu.com/security/notices/USN-5323-1
Description:
 In nbd-server in nbd before 3.24, there is an integer overflow with a
 resultant heap-based buffer overflow. A value of 0xffffffff in the name
 length field will cause a zero-sized buffer to be allocated for the name,
 resulting in a write to a dangling pointer. This issue exists for the
 NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006915
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_nbd:
 upstream: https://sourceforge.net/p/nbd/code/ci/4e5c5d2ed71cc9c34559e5fbeeb7f390661e530c/
upstream_nbd: needs-triage
trusty/esm_nbd: needs-triage
esm-infra/xenial_nbd: needs-triage
trusty_nbd: ignored (out of standard support)
xenial_nbd: ignored (out of standard support)
bionic_nbd: released (1:3.16.2-1ubuntu0.2)
focal_nbd: released (1:3.20-1ubuntu0.1)
impish_nbd: released (1:3.21-1ubuntu0.1)
jammy_nbd: released (1:3.23-3ubuntu1)
devel_nbd: released (1:3.23-3ubuntu1)