CVE-2011-0530

Buffer overflow in the mainloop function in nbd-server.c in the server in Network Block Device (nbd) before 2.9.20 might allow remote attackers to execute arbitrary code via a long request. NOTE: this issue exists because of a CVE-2005-3534 regression.

Published: 2011-02-22 Last update: 2026-04-29 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2011-0530 is rated Moderate Risk (64/100): CVSS High severity, with high exploitation likelihood (EPSS 10.00%, 93th percentile). EPSS ranks this CVE among the most likely to be exploited in the near term. EPSS rose +1.58% over the last day, indicating growing attacker interest. High exploitation likelihood—assess exposure and prioritize remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2011-0530

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-08-24 8.41% 10.00% +1.58%
2 2025-06-26 7.89% 8.41% +0.53%
3 2025-03-30 7.89%

Full EPSS history (11 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2011-0530

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.5 2.0 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:P)
Partial availability impact.
 10.0 6.4 [email protected]

Weakness enumeration for CVE-2011-0530

OS Trackers for CVE-2011-0530

vendor priority summary link
debian not yet assigned CVE-2011-0530 not yet assigned priority: Debian including 1 source packages (nbd), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2011-0530
gentoo high CVE-2011-0530: 1 GLSA(s) (201206-35), 1 atom(s) (sys-block/nbd); latest impact high. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2011-0530
ubuntu medium CVE-2011-0530 medium priority: Ubuntu including 1 source packages (nbd), 7 status rows across 7 suites (dapper, hardy, karmic, lucid, maverick, natty, upstream): released 3, ignored 2, needs-triage 1, not-affected 1. https://ubuntu.com/security/CVE-2011-0530

Affected software / configurations for CVE-2011-0530

Vendor Product Version Raw CPE
wouter_verhelst nbd <= 2.9.19 cpe:2.3:a:wouter_verhelst:nbd:*:*:*:*:*:*:*:*
wouter_verhelst nbd 2.9.0 cpe:2.3:a:wouter_verhelst:nbd:2.9.0:*:*:*:*:*:*:*
wouter_verhelst nbd 2.9.1 cpe:2.3:a:wouter_verhelst:nbd:2.9.1:*:*:*:*:*:*:*
wouter_verhelst nbd 2.9.2 cpe:2.3:a:wouter_verhelst:nbd:2.9.2:*:*:*:*:*:*:*
wouter_verhelst nbd 2.9.3 cpe:2.3:a:wouter_verhelst:nbd:2.9.3:*:*:*:*:*:*:*
wouter_verhelst nbd 2.9.4 cpe:2.3:a:wouter_verhelst:nbd:2.9.4:*:*:*:*:*:*:*
wouter_verhelst nbd 2.9.5 cpe:2.3:a:wouter_verhelst:nbd:2.9.5:*:*:*:*:*:*:*
wouter_verhelst nbd 2.9.6 cpe:2.3:a:wouter_verhelst:nbd:2.9.6:*:*:*:*:*:*:*
wouter_verhelst nbd 2.9.7 cpe:2.3:a:wouter_verhelst:nbd:2.9.7:*:*:*:*:*:*:*
wouter_verhelst nbd 2.9.8 cpe:2.3:a:wouter_verhelst:nbd:2.9.8:*:*:*:*:*:*:*
wouter_verhelst nbd 2.9.9 cpe:2.3:a:wouter_verhelst:nbd:2.9.9:*:*:*:*:*:*:*
wouter_verhelst nbd 2.9.10 cpe:2.3:a:wouter_verhelst:nbd:2.9.10:*:*:*:*:*:*:*
wouter_verhelst nbd 2.9.11 cpe:2.3:a:wouter_verhelst:nbd:2.9.11:*:*:*:*:*:*:*
wouter_verhelst nbd 2.9.12 cpe:2.3:a:wouter_verhelst:nbd:2.9.12:*:*:*:*:*:*:*
wouter_verhelst nbd 2.9.13 cpe:2.3:a:wouter_verhelst:nbd:2.9.13:*:*:*:*:*:*:*
wouter_verhelst nbd 2.9.14 cpe:2.3:a:wouter_verhelst:nbd:2.9.14:*:*:*:*:*:*:*
wouter_verhelst nbd 2.9.15 cpe:2.3:a:wouter_verhelst:nbd:2.9.15:*:*:*:*:*:*:*
wouter_verhelst nbd 2.9.16 cpe:2.3:a:wouter_verhelst:nbd:2.9.16:*:*:*:*:*:*:*
wouter_verhelst nbd 2.9.17 cpe:2.3:a:wouter_verhelst:nbd:2.9.17:*:*:*:*:*:*:*
wouter_verhelst nbd 2.9.18 cpe:2.3:a:wouter_verhelst:nbd:2.9.18:*:*:*:*:*:*:*

References for CVE-2011-0530

URL Tags
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611187
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054071.html Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054083.html Patch
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://openwall.com/lists/oss-security/2011/01/28/3 Patch
http://openwall.com/lists/oss-security/2011/01/31/7 Patch
http://secunia.com/advisories/43353 Vendor Advisory
http://secunia.com/advisories/43610
http://security.gentoo.org/glsa/glsa-201206-35.xml
http://www.debian.org/security/2011/dsa-2183
http://www.securityfocus.com/bid/46572
http://www.vupen.com/english/advisories/2011/0403 Vendor Advisory
http://www.vupen.com/english/advisories/2011/0582
https://bugzilla.redhat.com/show_bug.cgi?id=673562 Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/65720
https://github.com/yoe/nbd/commit/3ef52043861ab16352d49af89e048ba6339d6df8 Patch
https://hermes.opensuse.org/messages/8086846
cvelogic Threat Intelligence