This page details past security issues found in libnbd.
For how to report new security issues, see the
SECURITY file in the top level source directory, also available online here: https://gitlab.com/nbdkit/libnbd/blob/master/SECURITY
CVE-2019-14842 protocol downgrade attack when using LIBNBD_TLS_REQUIRE
See the full announcement and links to mitigation, tests and fixes here: https://www.redhat.com/archives/libguestfs/2019-September/msg00128.html
remote code execution vulnerability
See the full announcement here: https://www.redhat.com/archives/libguestfs/2019-October/msg00060.html
CVE-2021-20286 denial of service when using nbd_set_opt_mode(3)
See the full announcement here: https://listman.redhat.com/archives/libguestfs/2021-March/msg00092.html
CVE-2022-0485 silent data corruption when using nbdcopy(1)
See the full announcement here: https://listman.redhat.com/archives/libguestfs/2022-February/msg00104.html
Richard W.M. Jones
Copyright (C) 2019-2022 Red Hat Inc.
This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
libnbd(3), libnbd-release-notes-1.10(1), libnbd-release-notes-1.12(1), libnbd-release-notes-1.14(1), libnbd-release-notes-1.2(1), libnbd-release-notes-1.4(1), libnbd-release-notes-1.6(1), libnbd-release-notes-1.8(1), NBD(3), nbd_set_pread_initialize(3), nbdsh(1).