Nbdkit Server Denial-of-Service Vulnerability via Block Status Processing Error

A denial-of-service vulnerability has been identified in the nbdkit server, specifically in how it handles block status responses from plugins. The issue arises from an off-by-one error: when a client requests block status for a large data range and the plugin responds with an even larger single block, the nbdkit server encounters a critical internal error. This assertion failure can be exploited by a compliant client to disrupt the server's ability to serve other clients.

Impact

Exploitation of this vulnerability leads to an assertion failure in the nbdkit server, causing a denial-of-service condition where the server cannot properly serve other clients.

Reproduction

To reproduce this vulnerability, a client must request block status for the maximum 32-bit length. If the nbdkit server's plugin responds with a larger length as a single extent, the server will hit an assertion failure, demonstrating the denial-of-service condition.