{"schema_version":"1.7.2","id":"OESA-2025-1778","modified":"2025-07-11T12:21:07Z","published":"2025-07-11T12:21:07Z","upstream":["CVE-2025-47711","CVE-2025-47712"],"summary":"nbdkit security update","details":"NBD (Network Block Device) is a protocol for accessing Block Devices (hard disks and disk-like things) over a Network. nbdkit is a toolkit for creating NBD servers. The key features are:  * Multithreaded NBD server written in C with good performance.  * Minimal dependencies for the basic server.  * Liberal license (BSD) allows nbdkit to be linked to proprietary libraries or included in proprietary code.  * Well-documented, simple plugin API with a stable ABI guarantee. Lets you export “unconventional”    block devices easily.  * You can write plugins in C, Lua, Perl, Python, OCaml, Ruby, Rust, shell script or Tcl.  * Filters can be stacked in front of plugins to transform the output.\r\n\r\nSecurity Fix(es):\n\nThere\u0026apos;s a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical internal error, leading to a denial-of-service.(CVE-2025-47711)\n\nA flaw exists in the nbdkit \u0026quot;blocksize\u0026quot; filter that can be triggered by a specific type of client request. When a client requests block status information for a very large data range, exceeding a certain limit, it causes an internal error in the nbdkit, leading to a denial of service.(CVE-2025-47712)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS-SP4","name":"nbdkit","purl":"pkg:rpm/openEuler/nbdkit\u0026distro=openEuler-22.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.29.11-2.oe2203sp4"}]}],"ecosystem_specific":{"aarch64":["nbdkit-1.29.11-2.oe2203sp4.aarch64.rpm","nbdkit-basic-filters-1.29.11-2.oe2203sp4.aarch64.rpm","nbdkit-basic-plugins-1.29.11-2.oe2203sp4.aarch64.rpm","nbdkit-debuginfo-1.29.11-2.oe2203sp4.aarch64.rpm","nbdkit-debugsource-1.29.11-2.oe2203sp4.aarch64.rpm","nbdkit-devel-1.29.11-2.oe2203sp4.aarch64.rpm","nbdkit-guestfs-plugin-1.29.11-2.oe2203sp4.aarch64.rpm","nbdkit-libvirt-plugin-1.29.11-2.oe2203sp4.aarch64.rpm","nbdkit-ocaml-plugin-1.29.11-2.oe2203sp4.aarch64.rpm","nbdkit-ocaml-plugin-devel-1.29.11-2.oe2203sp4.aarch64.rpm","nbdkit-perl-plugin-1.29.11-2.oe2203sp4.aarch64.rpm","nbdkit-plugins-1.29.11-2.oe2203sp4.aarch64.rpm","nbdkit-python3-plugin-1.29.11-2.oe2203sp4.aarch64.rpm","nbdkit-server-1.29.11-2.oe2203sp4.aarch64.rpm"],"noarch":["nbdkit-bash-completion-1.29.11-2.oe2203sp4.noarch.rpm","nbdkit-help-1.29.11-2.oe2203sp4.noarch.rpm"],"src":["nbdkit-1.29.11-2.oe2203sp4.src.rpm"],"x86_64":["nbdkit-1.29.11-2.oe2203sp4.x86_64.rpm","nbdkit-basic-filters-1.29.11-2.oe2203sp4.x86_64.rpm","nbdkit-basic-plugins-1.29.11-2.oe2203sp4.x86_64.rpm","nbdkit-debuginfo-1.29.11-2.oe2203sp4.x86_64.rpm","nbdkit-debugsource-1.29.11-2.oe2203sp4.x86_64.rpm","nbdkit-devel-1.29.11-2.oe2203sp4.x86_64.rpm","nbdkit-guestfs-plugin-1.29.11-2.oe2203sp4.x86_64.rpm","nbdkit-libvirt-plugin-1.29.11-2.oe2203sp4.x86_64.rpm","nbdkit-ocaml-plugin-1.29.11-2.oe2203sp4.x86_64.rpm","nbdkit-ocaml-plugin-devel-1.29.11-2.oe2203sp4.x86_64.rpm","nbdkit-perl-plugin-1.29.11-2.oe2203sp4.x86_64.rpm","nbdkit-plugins-1.29.11-2.oe2203sp4.x86_64.rpm","nbdkit-python3-plugin-1.29.11-2.oe2203sp4.x86_64.rpm","nbdkit-server-1.29.11-2.oe2203sp4.x86_64.rpm","nbdkit-vddk-plugin-1.29.11-2.oe2203sp4.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1778"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-47711"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-47712"}],"database_specific":{"severity":"Medium"}}