CVE-2022-0485

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-0485
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-0485.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-0485
Downstream
Related
Published
2022-08-29T15:15:09Z
Modified
2025-09-19T13:31:28.721232Z
Severity
  • 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A flaw was found in the copying tool nbdcopy of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the silent creation of a corrupted destination image.

References

Affected packages

Git / github.com/libguestfs/libnbd

Affected ranges

Type
GIT
Repo
https://github.com/libguestfs/libnbd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
58e0c284e5ebcff101cd3b1f8fc7232f68202b66
Type
GIT
Repo
https://gitlab.com/nbdkit/libnbd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
8d444b41d09a700c7ee6f9182a649f3f2d325abb

Affected versions

v0.*

v0.1
v0.1.1
v0.1.2
v0.1.3
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.1.9
v0.9.6
v0.9.7
v0.9.8
v0.9.9

v1.*

v1.0.0
v1.1.1
v1.1.2
v1.1.3
v1.1.4
v1.1.5
v1.1.6
v1.1.7
v1.1.8
v1.1.9
v1.10.0
v1.11.1
v1.11.2
v1.11.3
v1.11.4
v1.11.5
v1.11.6
v1.11.7
v1.2.0
v1.3.1
v1.3.10
v1.3.11
v1.3.12
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.3.6
v1.3.7
v1.3.8
v1.3.9
v1.4.0
v1.5.1
v1.5.2
v1.5.3
v1.5.4
v1.5.5
v1.5.6
v1.5.7
v1.5.8
v1.5.9
v1.6.0
v1.7.1
v1.7.10
v1.7.11
v1.7.12
v1.7.2
v1.7.3
v1.7.4
v1.7.5
v1.7.6
v1.7.7
v1.7.8
v1.7.9
v1.8.0
v1.9.1
v1.9.2
v1.9.3
v1.9.4
v1.9.5
v1.9.6

Database specific 

{
    "vanir_signatures": [
        {
            "id": "CVE-2022-0485-09b5d2a6",
            "signature_version": "v1",
            "target": {
                "file": "copy/multi-thread-copying.c",
                "function": "free_command"
            },
            "digest": {
                "length": 246.0,
                "function_hash": "140753532197270880249282402125928125200"
            },
            "deprecated": false,
            "source": "https://gitlab.com/nbdkit/libnbd@8d444b41d09a700c7ee6f9182a649f3f2d325abb",
            "signature_type": "Function"
        },
        {
            "id": "CVE-2022-0485-1cd1b2d4",
            "signature_version": "v1",
            "target": {
                "file": "copy/file-ops.c",
                "function": "file_asynch_zero"
            },
            "digest": {
                "length": 331.0,
                "function_hash": "174743253629256537080148798967245715228"
            },
            "deprecated": false,
            "source": "https://gitlab.com/nbdkit/libnbd@8d444b41d09a700c7ee6f9182a649f3f2d325abb",
            "signature_type": "Function"
        },
        {
            "id": "CVE-2022-0485-667a8a85",
            "signature_version": "v1",
            "target": {
                "file": "copy/multi-thread-copying.c",
                "function": "finished_read"
            },
            "digest": {
                "length": 1513.0,
                "function_hash": "296522027796039040246861898769837897650"
            },
            "deprecated": false,
            "source": "https://gitlab.com/nbdkit/libnbd@8d444b41d09a700c7ee6f9182a649f3f2d325abb",
            "signature_type": "Function"
        },
        {
            "id": "CVE-2022-0485-74a12645",
            "signature_version": "v1",
            "target": {
                "file": "copy/file-ops.c",
                "function": "file_asynch_write"
            },
            "digest": {
                "length": 303.0,
                "function_hash": "65940939133033851419285668712397775335"
            },
            "deprecated": false,
            "source": "https://gitlab.com/nbdkit/libnbd@8d444b41d09a700c7ee6f9182a649f3f2d325abb",
            "signature_type": "Function"
        },
        {
            "id": "CVE-2022-0485-778e2813",
            "signature_version": "v1",
            "target": {
                "file": "copy/null-ops.c",
                "function": "null_asynch_write"
            },
            "digest": {
                "length": 211.0,
                "function_hash": "61187966151078355124737797675323953502"
            },
            "deprecated": false,
            "source": "https://gitlab.com/nbdkit/libnbd@8d444b41d09a700c7ee6f9182a649f3f2d325abb",
            "signature_type": "Function"
        },
        {
            "id": "CVE-2022-0485-8337563d",
            "signature_version": "v1",
            "target": {
                "file": "copy/file-ops.c",
                "function": "file_asynch_read"
            },
            "digest": {
                "length": 303.0,
                "function_hash": "65940939133033851419285668712397775335"
            },
            "deprecated": false,
            "source": "https://gitlab.com/nbdkit/libnbd@8d444b41d09a700c7ee6f9182a649f3f2d325abb",
            "signature_type": "Function"
        },
        {
            "id": "CVE-2022-0485-bfb9b9dd",
            "signature_version": "v1",
            "target": {
                "file": "copy/multi-thread-copying.c"
            },
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "245443681764850148070195278450231387179",
                    "99447371129016312061907112603345243209",
                    "46546684944686530926987258321760356204",
                    "301928923822696319653025175800594342473",
                    "296847346053776932475829062150126703913",
                    "131572299419535312639726735367569959161",
                    "27397099661772594302585512618426456249",
                    "1412462091485739934124052895724898278",
                    "186819742450962135790420196095505673865",
                    "27063293043488776432129355591322507053"
                ]
            },
            "deprecated": false,
            "source": "https://gitlab.com/nbdkit/libnbd@8d444b41d09a700c7ee6f9182a649f3f2d325abb",
            "signature_type": "Line"
        },
        {
            "id": "CVE-2022-0485-d9f2fe6b",
            "signature_version": "v1",
            "target": {
                "file": "copy/file-ops.c"
            },
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "7221645883676583427374079500462987128",
                    "41843444484117998780555563481246890434",
                    "11507800956564313871455185068583299565",
                    "65347125755755945877845493538453389765",
                    "225943733830841169222739559397432080432",
                    "17974783946504134748147358398950682551",
                    "112567878137827726796969151434252514102",
                    "113481492128060038848161315137532015481",
                    "94508799648681293795543082899406270221",
                    "11507800956564313871455185068583299565",
                    "65347125755755945877845493538453389765",
                    "225943733830841169222739559397432080432",
                    "117594744608198626962493634889281765419",
                    "88032169294742916354966643864685963770",
                    "321120410725573947380476422206252571464",
                    "181054683348875895529563301360291401679",
                    "74358511777962735407994333081457612885",
                    "65347125755755945877845493538453389765",
                    "120527324807618009280075744336953539757",
                    "202813863166090165352494322044591414524",
                    "215515013894404426382886170142396362245"
                ]
            },
            "deprecated": false,
            "source": "https://gitlab.com/nbdkit/libnbd@8d444b41d09a700c7ee6f9182a649f3f2d325abb",
            "signature_type": "Line"
        },
        {
            "id": "CVE-2022-0485-da4ee8c4",
            "signature_version": "v1",
            "target": {
                "file": "copy/null-ops.c"
            },
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "47515792989108032892124465534087217578",
                    "11952043217047517239172753288132336829",
                    "230410012512729402974309356509945439641",
                    "65347125755755945877845493538453389765",
                    "225943733830841169222739559397432080432",
                    "117594744608198626962493634889281765419",
                    "254034515504305195934222221736803215878",
                    "192568139869729283432592935158013218042",
                    "11952043217047517239172753288132336829",
                    "230410012512729402974309356509945439641",
                    "65347125755755945877845493538453389765",
                    "120527324807618009280075744336953539757",
                    "202813863166090165352494322044591414524",
                    "215515013894404426382886170142396362245"
                ]
            },
            "deprecated": false,
            "source": "https://gitlab.com/nbdkit/libnbd@8d444b41d09a700c7ee6f9182a649f3f2d325abb",
            "signature_type": "Line"
        },
        {
            "id": "CVE-2022-0485-fb2046de",
            "signature_version": "v1",
            "target": {
                "file": "copy/null-ops.c",
                "function": "null_asynch_zero"
            },
            "digest": {
                "length": 239.0,
                "function_hash": "300585236970930192472376929530623935977"
            },
            "deprecated": false,
            "source": "https://gitlab.com/nbdkit/libnbd@8d444b41d09a700c7ee6f9182a649f3f2d325abb",
            "signature_type": "Function"
        }
    ]
}