fkie_cve-2025-47711
Vulnerability from fkie_nvd
Published
2025-06-09 06:15
Modified
2025-06-09 12:15
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical internal error, leading to a denial-of-service.
References
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2025-47711
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2365687
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "There\u0027s a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical internal error, leading to a denial-of-service."
    },
    {
      "lang": "es",
      "value": "Existe una falla en el servidor nbdkit al gestionar las respuestas de sus complementos sobre el estado de los bloques de datos. Si un cliente realiza una solicitud espec\u00edfica para un rango de datos muy grande y un complemento responde con un bloque a\u00fan mayor, el servidor nbdkit puede encontrar un error interno cr\u00edtico que provoque una denegaci\u00f3n de servicio."
    }
  ],
  "id": "CVE-2025-47711",
  "lastModified": "2025-06-09T12:15:47.880",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-06-09T06:15:25.320",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/security/cve/CVE-2025-47711"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365687"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Undergoing Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-193"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.