Vulnerabilities > CVE-2023-5871 - Reachable Assertion vulnerability in Redhat Enterprise Linux and Libnbd

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

LOW

network

low complexity

redhat

CWE-617

NVD

Published: 2023-11-27

Updated: 2024-04-30

Summary

A flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing Block Devices such as hard disks over a Network. This issue may allow a malicious NBD server to cause a Denial of Service.

Vulnerable Configurations

Part	Description	Count
OS	Redhat Redhat Enterprise Linux 9.0	1
Application	Redhat Redhat Libnbd 1.17.4 Redhat Libnbd 1.17.5 Redhat Libnbd 1.18.0 Redhat Libnbd 1.18.1 Redhat Libnbd 1.19.1	5

Common Weakness Enumeration (CWE)

CWE-617 - Reachable Assertion

References

https://access.redhat.com/security/cve/CVE-2023-5871
https://bugzilla.redhat.com/show_bug.cgi?id=2247308
https://lists.libguestfs.org/archives/list/[email protected]/thread/PFVUCMPFQUDC23JXSCUUPXIGDZ7XCFMD/
https://access.redhat.com/errata/RHSA-2024:2204