CVE-2025-47711

Published: Jun 9, 2025Modified: Jan 8, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD (Secondary)

Description

There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical internal error, leading to a denial-of-service.

Affected (6)

Products: Nbdkit Project: Nbdkit · Redhat: Enterprise Linux, Enterprise Linux Advanced Virtualization

1 product

2 products

Enterprise Linux Advanced Virtualization

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Nbdkit Project Nbdkit	All versions

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 10.0
Redhat Enterprise Linux	Version 7.0
Redhat Enterprise Linux	Version 8.0
Redhat Enterprise Linux	Version 9.0
Redhat Enterprise Linux Advanced Virtualization	Version 8.0

Related CWEs

CWE-193

Off-by-one Error

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

References (2)

https://access.redhat.com/security/cve/CVE-2025-47711

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2365687

Source: secalert@redhat.com

Issue Tracking

Timeline

No history available yet.