CVE-2022-0485
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-0485
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0485.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-0485
- Downstream
- Related
- Published
- 2022-08-29T15:15:09Z
- Modified
- 2025-10-31T18:57:05.454147Z
- Severity
-
- 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A flaw was found in the copying tool
nbdcopyof libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the silent creation of a corrupted destination image. - References
-
- https://access.redhat.com/security/cve/CVE-2022-0485
- https://bugzilla.redhat.com/show_bug.cgi?id=2046194
- https://bugzilla.redhat.com/show_bug.cgi?id=2050324
- https://gitlab.com/nbdkit/libnbd/-/commit/8d444b41d09a700c7ee6f9182a649f3f2d325abb
- https://listman.redhat.com/archives/libguestfs/2022-February/msg00104.html
Affected packages
Git / github.com/libguestfs/libnbd
Affected ranges
- Type
- GIT
- Repo
- https://github.com/libguestfs/libnbd
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.1
v0.1.1
v0.1.2
v0.1.3
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.1.9
v0.9.6
v0.9.7
v0.9.8
v0.9.9
v1.*
v1.0.0
v1.1.1
v1.1.2
v1.1.3
v1.1.4
v1.1.5
v1.1.6
v1.1.7
v1.1.8
v1.1.9
v1.10.0
v1.11.1
v1.11.2
v1.11.3
v1.11.4
v1.11.5
v1.11.6
v1.11.7
v1.2.0
v1.3.1
v1.3.10
v1.3.11
v1.3.12
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.3.6
v1.3.7
v1.3.8
v1.3.9
v1.4.0
v1.5.1
v1.5.2
v1.5.3
v1.5.4
v1.5.5
v1.5.6
v1.5.7
v1.5.8
v1.5.9
v1.6.0
v1.7.1
v1.7.10
v1.7.11
v1.7.12
v1.7.2
v1.7.3
v1.7.4
v1.7.5
v1.7.6
v1.7.7
v1.7.8
v1.7.9
v1.8.0
v1.9.1
v1.9.2
v1.9.3
v1.9.4
v1.9.5
v1.9.6
Git / gitlab.com/nbdkit/libnbd
Affected ranges
- Type
- GIT
- Repo
- https://gitlab.com/nbdkit/libnbd
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.1
v0.1.1
v0.1.2
v0.1.3
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.1.9
v0.9.6
v0.9.7
v0.9.8
v0.9.9
v1.*
v1.0.0
v1.1.1
v1.1.2
v1.1.3
v1.1.4
v1.1.5
v1.1.6
v1.1.7
v1.1.8
v1.1.9
v1.10.0
v1.11.1
v1.11.2
v1.11.3
v1.11.4
v1.11.5
v1.11.6
v1.11.7
v1.2.0
v1.3.1
v1.3.10
v1.3.11
v1.3.12
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.3.6
v1.3.7
v1.3.8
v1.3.9
v1.4.0
v1.5.1
v1.5.2
v1.5.3
v1.5.4
v1.5.5
v1.5.6
v1.5.7
v1.5.8
v1.5.9
v1.6.0
v1.7.1
v1.7.10
v1.7.11
v1.7.12
v1.7.2
v1.7.3
v1.7.4
v1.7.5
v1.7.6
v1.7.7
v1.7.8
v1.7.9
v1.8.0
v1.9.1
v1.9.2
v1.9.3
v1.9.4
v1.9.5
v1.9.6
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "140753532197270880249282402125928125200",
"length": 246.0
},
"target": {
"function": "free_command",
"file": "copy/multi-thread-copying.c"
},
"id": "CVE-2022-0485-09b5d2a6",
"source": "https://gitlab.com/nbdkit/libnbd@8d444b41d09a700c7ee6f9182a649f3f2d325abb",
"signature_type": "Function"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "174743253629256537080148798967245715228",
"length": 331.0
},
"target": {
"function": "file_asynch_zero",
"file": "copy/file-ops.c"
},
"id": "CVE-2022-0485-1cd1b2d4",
"source": "https://gitlab.com/nbdkit/libnbd@8d444b41d09a700c7ee6f9182a649f3f2d325abb",
"signature_type": "Function"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "296522027796039040246861898769837897650",
"length": 1513.0
},
"target": {
"function": "finished_read",
"file": "copy/multi-thread-copying.c"
},
"id": "CVE-2022-0485-667a8a85",
"source": "https://gitlab.com/nbdkit/libnbd@8d444b41d09a700c7ee6f9182a649f3f2d325abb",
"signature_type": "Function"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "65940939133033851419285668712397775335",
"length": 303.0
},
"target": {
"function": "file_asynch_write",
"file": "copy/file-ops.c"
},
"id": "CVE-2022-0485-74a12645",
"source": "https://gitlab.com/nbdkit/libnbd@8d444b41d09a700c7ee6f9182a649f3f2d325abb",
"signature_type": "Function"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "61187966151078355124737797675323953502",
"length": 211.0
},
"target": {
"function": "null_asynch_write",
"file": "copy/null-ops.c"
},
"id": "CVE-2022-0485-778e2813",
"source": "https://gitlab.com/nbdkit/libnbd@8d444b41d09a700c7ee6f9182a649f3f2d325abb",
"signature_type": "Function"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "65940939133033851419285668712397775335",
"length": 303.0
},
"target": {
"function": "file_asynch_read",
"file": "copy/file-ops.c"
},
"id": "CVE-2022-0485-8337563d",
"source": "https://gitlab.com/nbdkit/libnbd@8d444b41d09a700c7ee6f9182a649f3f2d325abb",
"signature_type": "Function"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"245443681764850148070195278450231387179",
"99447371129016312061907112603345243209",
"46546684944686530926987258321760356204",
"301928923822696319653025175800594342473",
"296847346053776932475829062150126703913",
"131572299419535312639726735367569959161",
"27397099661772594302585512618426456249",
"1412462091485739934124052895724898278",
"186819742450962135790420196095505673865",
"27063293043488776432129355591322507053"
],
"threshold": 0.9
},
"target": {
"file": "copy/multi-thread-copying.c"
},
"id": "CVE-2022-0485-bfb9b9dd",
"source": "https://gitlab.com/nbdkit/libnbd@8d444b41d09a700c7ee6f9182a649f3f2d325abb",
"signature_type": "Line"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"7221645883676583427374079500462987128",
"41843444484117998780555563481246890434",
"11507800956564313871455185068583299565",
"65347125755755945877845493538453389765",
"225943733830841169222739559397432080432",
"17974783946504134748147358398950682551",
"112567878137827726796969151434252514102",
"113481492128060038848161315137532015481",
"94508799648681293795543082899406270221",
"11507800956564313871455185068583299565",
"65347125755755945877845493538453389765",
"225943733830841169222739559397432080432",
"117594744608198626962493634889281765419",
"88032169294742916354966643864685963770",
"321120410725573947380476422206252571464",
"181054683348875895529563301360291401679",
"74358511777962735407994333081457612885",
"65347125755755945877845493538453389765",
"120527324807618009280075744336953539757",
"202813863166090165352494322044591414524",
"215515013894404426382886170142396362245"
],
"threshold": 0.9
},
"target": {
"file": "copy/file-ops.c"
},
"id": "CVE-2022-0485-d9f2fe6b",
"source": "https://gitlab.com/nbdkit/libnbd@8d444b41d09a700c7ee6f9182a649f3f2d325abb",
"signature_type": "Line"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"47515792989108032892124465534087217578",
"11952043217047517239172753288132336829",
"230410012512729402974309356509945439641",
"65347125755755945877845493538453389765",
"225943733830841169222739559397432080432",
"117594744608198626962493634889281765419",
"254034515504305195934222221736803215878",
"192568139869729283432592935158013218042",
"11952043217047517239172753288132336829",
"230410012512729402974309356509945439641",
"65347125755755945877845493538453389765",
"120527324807618009280075744336953539757",
"202813863166090165352494322044591414524",
"215515013894404426382886170142396362245"
],
"threshold": 0.9
},
"target": {
"file": "copy/null-ops.c"
},
"id": "CVE-2022-0485-da4ee8c4",
"source": "https://gitlab.com/nbdkit/libnbd@8d444b41d09a700c7ee6f9182a649f3f2d325abb",
"signature_type": "Line"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "300585236970930192472376929530623935977",
"length": 239.0
},
"target": {
"function": "null_asynch_zero",
"file": "copy/null-ops.c"
},
"id": "CVE-2022-0485-fb2046de",
"source": "https://gitlab.com/nbdkit/libnbd@8d444b41d09a700c7ee6f9182a649f3f2d325abb",
"signature_type": "Function"
}
]