CVE-2025-47712

A flaw exists in the nbdkit "blocksize" filter that can be triggered by a specific type of client request. When a client requests block status information for a very large data range, exceeding a certain limit, it causes an internal error in the nbdkit, leading to a denial of service.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2025-47712
https://bugzilla.redhat.com/show_bug.cgi?id=2365724
https://lists.libguestfs.org/archives/list/guestfs@lists.libguestfs.org/thread/67E7AASHHADIY7VAD3FFW2I67LTWVWYF/

Configurations

No configuration.

History

29 Jul 2025, 19:15

Type	Values Removed	Values Added
References		() https://lists.libguestfs.org/archives/list/guestfs@lists.libguestfs.org/thread/67E7AASHHADIY7VAD3FFW2I67LTWVWYF/ -
Summary		(es) Existe una falla en el filtro "blocksize" de nbdkit que puede activarse con un tipo específico de solicitud de cliente. Cuando un cliente solicita información sobre el estado del bloque para un rango de datos muy grande, superando cierto límite, se produce un error interno en nbdkit, lo que provoca una denegación de servicio.

09 Jun 2025, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-09 06:15

Updated : 2025-07-29 19:15

NVD link : CVE-2025-47712

Mitre link : CVE-2025-47712

CVE.ORG link : CVE-2025-47712

JSON object : View

Products Affected

No product.

CWE

CWE-190

Integer Overflow or Wraparound

4.3 /10