{"id":"OESA-2025-1779","summary":"nbdkit security update","details":"NBD (Network Block Device) is a protocol for accessing Block Devices (hard disks and disk-like things) over a Network. nbdkit is a toolkit for creating NBD servers. The key features are:  * Multithreaded NBD server written in C with good performance.  * Minimal dependencies for the basic server.  * Liberal license (BSD) allows nbdkit to be linked to proprietary libraries or included in proprietary code.  * Well-documented, simple plugin API with a stable ABI guarantee. Lets you export “unconventional”    block devices easily.  * You can write plugins in C, Lua, Perl, Python, OCaml, Ruby, Rust, shell script or Tcl.  * Filters can be stacked in front of plugins to transform the output.\r\n\r\nSecurity Fix(es):\n\nThere's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical internal error, leading to a denial-of-service.(CVE-2025-47711)\n\nA flaw exists in the nbdkit "blocksize" filter that can be triggered by a specific type of client request. When a client requests block status information for a very large data range, exceeding a certain limit, it causes an internal error in the nbdkit, leading to a denial of service.(CVE-2025-47712)","modified":"2025-09-03T06:31:35.057813Z","published":"2025-07-11T12:21:09Z","upstream":["CVE-2025-47711","CVE-2025-47712"],"database_specific":{"severity":"Medium"},"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1779"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-47711"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-47712"}],"affected":[{"package":{"name":"nbdkit","ecosystem":"openEuler:24.03-LTS","purl":"pkg:rpm/openEuler/nbdkit&distro=openEuler-24.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.32.6-2.oe2403"}]}],"ecosystem_specific":{"noarch":["nbdkit-bash-completion-1.32.6-2.oe2403.noarch.rpm","nbdkit-help-1.32.6-2.oe2403.noarch.rpm"],"aarch64":["nbdkit-1.32.6-2.oe2403.aarch64.rpm","nbdkit-basic-filters-1.32.6-2.oe2403.aarch64.rpm","nbdkit-basic-plugins-1.32.6-2.oe2403.aarch64.rpm","nbdkit-debuginfo-1.32.6-2.oe2403.aarch64.rpm","nbdkit-debugsource-1.32.6-2.oe2403.aarch64.rpm","nbdkit-devel-1.32.6-2.oe2403.aarch64.rpm","nbdkit-guestfs-plugin-1.32.6-2.oe2403.aarch64.rpm","nbdkit-libvirt-plugin-1.32.6-2.oe2403.aarch64.rpm","nbdkit-ocaml-plugin-1.32.6-2.oe2403.aarch64.rpm","nbdkit-ocaml-plugin-devel-1.32.6-2.oe2403.aarch64.rpm","nbdkit-perl-plugin-1.32.6-2.oe2403.aarch64.rpm","nbdkit-plugins-1.32.6-2.oe2403.aarch64.rpm","nbdkit-python3-plugin-1.32.6-2.oe2403.aarch64.rpm","nbdkit-server-1.32.6-2.oe2403.aarch64.rpm"],"src":["nbdkit-1.32.6-2.oe2403.src.rpm"],"x86_64":["nbdkit-1.32.6-2.oe2403.x86_64.rpm","nbdkit-basic-filters-1.32.6-2.oe2403.x86_64.rpm","nbdkit-basic-plugins-1.32.6-2.oe2403.x86_64.rpm","nbdkit-debuginfo-1.32.6-2.oe2403.x86_64.rpm","nbdkit-debugsource-1.32.6-2.oe2403.x86_64.rpm","nbdkit-devel-1.32.6-2.oe2403.x86_64.rpm","nbdkit-guestfs-plugin-1.32.6-2.oe2403.x86_64.rpm","nbdkit-libvirt-plugin-1.32.6-2.oe2403.x86_64.rpm","nbdkit-ocaml-plugin-1.32.6-2.oe2403.x86_64.rpm","nbdkit-ocaml-plugin-devel-1.32.6-2.oe2403.x86_64.rpm","nbdkit-perl-plugin-1.32.6-2.oe2403.x86_64.rpm","nbdkit-plugins-1.32.6-2.oe2403.x86_64.rpm","nbdkit-python3-plugin-1.32.6-2.oe2403.x86_64.rpm","nbdkit-server-1.32.6-2.oe2403.x86_64.rpm","nbdkit-vddk-plugin-1.32.6-2.oe2403.x86_64.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2025-1779.json"}}],"schema_version":"1.7.3"}