CVE-2025-47712 | THREATINT

Description

A flaw exists in the nbdkit "blocksize" filter that can be triggered by a specific type of client request. When a client requests block status information for a very large data range, exceeding a certain limit, it causes an internal error in the nbdkit, leading to a denial of service.

PUBLISHED Reserved 2025-05-07 | Published 2025-06-09 | Updated 2025-11-08 | Assigner redhat

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Problem types

Integer Overflow or Wraparound

Product status

Default status

unaffected

1.21.16 (semver) before 1.38.6

affected

1.40.0 (semver) before 1.40.6

affected

1.42.0 (semver) before 1.42.3

affected

Default status

affected

Default status

unknown

Default status

unknown

Default status

unknown

Default status

unknown

Default status

affected

Timeline

2025-05-12:	Reported to Red Hat.
2025-04-23:	Made public.

References

access.redhat.com/security/cve/CVE-2025-47712 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2365724 (RHBZ#2365724) issue-tracking

lists.libguestfs.org/...ad/67E7AASHHADIY7VAD3FFW2I67LTWVWYF/

cve.org (CVE-2025-47712)

nvd.nist.gov (CVE-2025-47712)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.

help @ threatint.eu