A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause resource consumption and degradation of service in nbdkit, depending on the plugins configured on the server-side.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1757258 | Issue Tracking Patch Third Party Advisory |
https://www.redhat.com/archives/libguestfs/2019-September/msg00084.html | Exploit Mailing List Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
24 Mar 2021, 18:05
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.redhat.com/archives/libguestfs/2019-September/msg00084.html - Exploit, Mailing List, Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1757258 - Issue Tracking, Patch, Third Party Advisory | |
CPE | cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:nbdkit_project:nbdkit:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:* cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 2.6
v3 : 3.7 |
18 Mar 2021, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-03-18 19:15
Updated : 2023-12-10 13:41
NVD link : CVE-2019-14850
Mitre link : CVE-2019-14850
CVE.ORG link : CVE-2019-14850
JSON object : View
Products Affected
nbdkit_project
- nbdkit
redhat
- virtualization
- enterprise_linux_server
- enterprise_linux
CWE
CWE-406
Insufficient Control of Network Message Volume (Network Amplification)