Skip to content

Latest commit

 

History

History
54 lines (33 loc) · 1.34 KB

libnbd-security.pod

File metadata and controls

54 lines (33 loc) · 1.34 KB

NAME

libnbd-security - information about past security issues in libnbd

DESCRIPTION

This page details past security issues found in libnbd.

For how to report new security issues, see the SECURITY file in the top level source directory, also available online here: https://gitlab.com/nbdkit/libnbd/blob/master/SECURITY

CVE-2019-14842 protocol downgrade attack when using LIBNBD_TLS_REQUIRE

See the full announcement and links to mitigation, tests and fixes here: https://www.redhat.com/archives/libguestfs/2019-September/msg00128.html

remote code execution vulnerability

See the full announcement here: https://www.redhat.com/archives/libguestfs/2019-October/msg00060.html

CVE-2021-20286 denial of service when using nbd_set_opt_mode(3)

See the full announcement here: https://listman.redhat.com/archives/libguestfs/2021-March/msg00092.html

CVE-2022-0485 silent data corruption when using nbdcopy(1)

See the full announcement here: https://listman.redhat.com/archives/libguestfs/2022-February/msg00104.html

integration testing denial of service with block status

See the full announcement here: https://www.redhat.com/archives/libguestfs/2023-July/032035.html

SEE ALSO

libnbd(3).

AUTHORS

Eric Blake

Richard W.M. Jones

COPYRIGHT

Copyright Red Hat