Skip to main content

CVE-2025-47711: Off-by-one Error

Medium
VulnerabilityCVE-2025-47711cvecve-2025-47711
Published: Mon Jun 09 2025 (06/09/2025, 06:03:47 UTC)
Source: CVE Database V5
Vendor/Project: Red Hat
Product: Red Hat Enterprise Linux 10

Description

There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical internal error, leading to a denial-of-service.

AI-Powered Analysis

AILast updated: 07/30/2025, 00:38:57 UTC

Technical Analysis

CVE-2025-47711 is a medium-severity vulnerability identified in the nbdkit server, a network block device server commonly used in virtualization and storage environments. The flaw arises from an off-by-one error in how nbdkit handles responses from its plugins concerning the status of data blocks. Specifically, when a client issues a request for a very large data range, and the plugin responds with an even larger single data block, the nbdkit server fails to correctly process this response. This leads to a critical internal error within the server, causing it to crash or become unresponsive, resulting in a denial-of-service (DoS) condition. The vulnerability affects multiple versions of nbdkit, including 1.11.10, 1.40.0, and 1.42.0, and is present in Red Hat Enterprise Linux 10 distributions that include these versions. The CVSS v3.1 base score is 4.3, reflecting a medium severity level, with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), requiring low privileges (PR:L), no user interaction (UI:N), unchanged scope (S:U), no confidentiality or integrity impact (C:N/I:N), but causing availability impact (A:L). No known exploits are currently in the wild, and no patches or mitigations have been explicitly linked yet. The vulnerability primarily impacts availability by causing the nbdkit server to crash under specific malformed plugin responses, which could disrupt storage services relying on nbdkit for block device access.

Potential Impact

For European organizations, especially those operating virtualized environments or cloud infrastructure relying on Red Hat Enterprise Linux 10 with nbdkit, this vulnerability poses a risk of service disruption. The denial-of-service condition could interrupt access to critical storage volumes, affecting applications, databases, and virtual machines dependent on network block devices. This can lead to downtime, operational delays, and potential financial losses. While the vulnerability does not expose data confidentiality or integrity risks, the availability impact can be significant in environments requiring high uptime and reliability, such as financial institutions, healthcare providers, and critical infrastructure operators. Additionally, since exploitation requires low privileges but no user interaction, an attacker with limited access could trigger the DoS remotely, increasing the threat surface. The absence of known exploits reduces immediate risk, but the medium severity rating and the potential for disruption warrant proactive mitigation.

Mitigation Recommendations

Organizations should prioritize updating nbdkit to versions where this vulnerability is fixed once patches are released by Red Hat or the nbdkit maintainers. In the interim, administrators should monitor nbdkit server logs for unusual plugin responses or crashes and consider restricting network access to the nbdkit service to trusted clients only, minimizing exposure to untrusted users. Implementing network segmentation and firewall rules to limit access to the nbdkit server can reduce the attack surface. Additionally, reviewing and validating plugin behavior to ensure they do not respond with data blocks larger than requested can help prevent triggering the flaw. Regular backups and high-availability configurations can mitigate the impact of potential service disruptions. Finally, staying informed through Red Hat security advisories and subscribing to vulnerability notifications will ensure timely application of fixes.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
redhat
Date Reserved
2025-05-07T21:08:45.449Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 6846c60d7b622a9fdf1e7923

Added to database: 6/9/2025, 11:31:25 AM

Last enriched: 7/30/2025, 12:38:57 AM

Last updated: 8/18/2025, 1:22:23 AM

Views: 9

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats