Main Vulnerability Database SB2025071472

SB2025071472 - SUSE update for nbdkit

Published: July 14, 2025

Security Bulletin ID SB2025071472

Severity

Medium

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Adjecent network

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Off-by-one (CVE-ID: CVE-2025-47711)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to an off-by-one error handling responses from its plugins regarding the status of data blocks. A remote client can request for a very large data range to trigger an off-by-one error and crash the server.

2) Reachable assertion (CVE-ID: CVE-2025-47712)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion in the nbdkit "blocksize" filter. A remote client can request block status information for a very large data range, trigger an integer overflow and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2025/suse-su-202501889-1/

Vulnerable Software

Server Applications Module: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.4 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
nbdkit-vddk-plugin: before 1.36.5-150400.3.9.1
nbdkit-vddk-plugin-debuginfo: before 1.36.5-150400.3.9.1
nbdkit-bash-completion: before 1.36.5-150400.3.9.1
nbdkit-ssh-plugin-debuginfo: before 1.36.5-150400.3.9.1
nbdkit-basic-filters: before 1.36.5-150400.3.9.1
nbdkit-tar-filter: before 1.36.5-150400.3.9.1
nbdkit-devel: before 1.36.5-150400.3.9.1
nbdkit-curl-plugin: before 1.36.5-150400.3.9.1
nbdkit-debugsource: before 1.36.5-150400.3.9.1
nbdkit-basic-filters-debuginfo: before 1.36.5-150400.3.9.1
nbdkit-tmpdisk-plugin: before 1.36.5-150400.3.9.1
nbdkit: before 1.36.5-150400.3.9.1
nbdkit-python-plugin-debuginfo: before 1.36.5-150400.3.9.1
nbdkit-linuxdisk-plugin-debuginfo: before 1.36.5-150400.3.9.1
nbdkit-gzip-filter-debuginfo: before 1.36.5-150400.3.9.1
nbdkit-curl-plugin-debuginfo: before 1.36.5-150400.3.9.1
nbdkit-nbd-plugin-debuginfo: before 1.36.5-150400.3.9.1
nbdkit-xz-filter-debuginfo: before 1.36.5-150400.3.9.1
nbdkit-tar-filter-debuginfo: before 1.36.5-150400.3.9.1
nbdkit-server-debuginfo: before 1.36.5-150400.3.9.1
nbdkit-basic-plugins: before 1.36.5-150400.3.9.1
nbdkit-basic-plugins-debuginfo: before 1.36.5-150400.3.9.1
nbdkit-ssh-plugin: before 1.36.5-150400.3.9.1
nbdkit-gzip-filter: before 1.36.5-150400.3.9.1
nbdkit-linuxdisk-plugin: before 1.36.5-150400.3.9.1
nbdkit-server: before 1.36.5-150400.3.9.1
nbdkit-nbd-plugin: before 1.36.5-150400.3.9.1
nbdkit-example-plugins-debuginfo: before 1.36.5-150400.3.9.1
nbdkit-python-plugin: before 1.36.5-150400.3.9.1
nbdkit-debuginfo: before 1.36.5-150400.3.9.1
nbdkit-tmpdisk-plugin-debuginfo: before 1.36.5-150400.3.9.1
nbdkit-xz-filter: before 1.36.5-150400.3.9.1
nbdkit-example-plugins: before 1.36.5-150400.3.9.1