OESA-2025-1778

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1778

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2025-1778.json

JSON Data

https://api.osv.dev/v1/vulns/OESA-2025-1778

Upstream

CVE-2025-47711

CVE-2025-47712

Published

2025-07-11T12:21:07Z

Modified

2025-09-03T06:31:34.993903Z

Summary

nbdkit security update

Details

NBD (Network Block Device) is a protocol for accessing Block Devices (hard disks and disk-like things) over a Network. nbdkit is a toolkit for creating NBD servers. The key features are: * Multithreaded NBD server written in C with good performance. * Minimal dependencies for the basic server. * Liberal license (BSD) allows nbdkit to be linked to proprietary libraries or included in proprietary code. * Well-documented, simple plugin API with a stable ABI guarantee. Lets you export “unconventional” block devices easily. * You can write plugins in C, Lua, Perl, Python, OCaml, Ruby, Rust, shell script or Tcl. * Filters can be stacked in front of plugins to transform the output.

Security Fix(es):

There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical internal error, leading to a denial-of-service.(CVE-2025-47711)

A flaw exists in the nbdkit "blocksize" filter that can be triggered by a specific type of client request. When a client requests block status information for a very large data range, exceeding a certain limit, it causes an internal error in the nbdkit, leading to a denial of service.(CVE-2025-47712)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:22.03-LTS-SP4 / nbdkit

Package

Name: nbdkit
Purl: pkg:rpm/openEuler/nbdkit&distro=openEuler-22.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.29.11-2.oe2203sp4

Ecosystem specific

{
    "noarch": [
        "nbdkit-bash-completion-1.29.11-2.oe2203sp4.noarch.rpm",
        "nbdkit-help-1.29.11-2.oe2203sp4.noarch.rpm"
    ],
    "x86_64": [
        "nbdkit-1.29.11-2.oe2203sp4.x86_64.rpm",
        "nbdkit-basic-filters-1.29.11-2.oe2203sp4.x86_64.rpm",
        "nbdkit-basic-plugins-1.29.11-2.oe2203sp4.x86_64.rpm",
        "nbdkit-debuginfo-1.29.11-2.oe2203sp4.x86_64.rpm",
        "nbdkit-debugsource-1.29.11-2.oe2203sp4.x86_64.rpm",
        "nbdkit-devel-1.29.11-2.oe2203sp4.x86_64.rpm",
        "nbdkit-guestfs-plugin-1.29.11-2.oe2203sp4.x86_64.rpm",
        "nbdkit-libvirt-plugin-1.29.11-2.oe2203sp4.x86_64.rpm",
        "nbdkit-ocaml-plugin-1.29.11-2.oe2203sp4.x86_64.rpm",
        "nbdkit-ocaml-plugin-devel-1.29.11-2.oe2203sp4.x86_64.rpm",
        "nbdkit-perl-plugin-1.29.11-2.oe2203sp4.x86_64.rpm",
        "nbdkit-plugins-1.29.11-2.oe2203sp4.x86_64.rpm",
        "nbdkit-python3-plugin-1.29.11-2.oe2203sp4.x86_64.rpm",
        "nbdkit-server-1.29.11-2.oe2203sp4.x86_64.rpm",
        "nbdkit-vddk-plugin-1.29.11-2.oe2203sp4.x86_64.rpm"
    ],
    "aarch64": [
        "nbdkit-1.29.11-2.oe2203sp4.aarch64.rpm",
        "nbdkit-basic-filters-1.29.11-2.oe2203sp4.aarch64.rpm",
        "nbdkit-basic-plugins-1.29.11-2.oe2203sp4.aarch64.rpm",
        "nbdkit-debuginfo-1.29.11-2.oe2203sp4.aarch64.rpm",
        "nbdkit-debugsource-1.29.11-2.oe2203sp4.aarch64.rpm",
        "nbdkit-devel-1.29.11-2.oe2203sp4.aarch64.rpm",
        "nbdkit-guestfs-plugin-1.29.11-2.oe2203sp4.aarch64.rpm",
        "nbdkit-libvirt-plugin-1.29.11-2.oe2203sp4.aarch64.rpm",
        "nbdkit-ocaml-plugin-1.29.11-2.oe2203sp4.aarch64.rpm",
        "nbdkit-ocaml-plugin-devel-1.29.11-2.oe2203sp4.aarch64.rpm",
        "nbdkit-perl-plugin-1.29.11-2.oe2203sp4.aarch64.rpm",
        "nbdkit-plugins-1.29.11-2.oe2203sp4.aarch64.rpm",
        "nbdkit-python3-plugin-1.29.11-2.oe2203sp4.aarch64.rpm",
        "nbdkit-server-1.29.11-2.oe2203sp4.aarch64.rpm"
    ],
    "src": [
        "nbdkit-1.29.11-2.oe2203sp4.src.rpm"
    ]
}

Database specific

source

"https://repo.openeuler.org/security/data/osv/OESA-2025-1778.json"