Description
A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause resource consumption and degradation of service in nbdkit, depending on the plugins configured on the server-side.
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 2.2 | Impact: 1.4Attack Vector: Network
Complexity: High
Privileges: None
User Interaction: None
Scope: Unchanged
Confidentiality: None
Integrity: None
Availability: Low
Affected Packages5 packages
▶CVEListV5nbdkitnbdkit 1.12.7, nbdkit 1.14.1, nbdkit 1.15.1 Also affects: Enterprise Linux 8.0
🔴Vulnerability Details
3GHSAGHSA-j552-f62v-mc74: A denial of service vulnerability was discovered in nbdkit 1↗2022-05-24 CVEListCVE-2019-14850: A denial of service vulnerability was discovered in nbdkit 1↗2021-03-18 OSVCVE-2019-14850: A denial of service vulnerability was discovered in nbdkit 1↗2021-03-18 📋Vendor Advisories
2Red Hatnbdkit: denial of service due to premature opening of back-end connection↗2019-09-20 DebianCVE-2019-14850: nbdkit - A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1....↗2019 💬Community
3BugzillaCVE-2019-14850 nbdkit: denial of service due to premature opening of back-end connection [epel-7]↗2019-10-01 BugzillaCVE-2019-14850 nbdkit: denial of service due to premature opening of back-end connection [fedora-all]↗2019-10-01 BugzillaCVE-2019-14850 nbdkit: denial of service due to premature opening of back-end connection↗2019-10-01