CVE-2019-14851 — Reachable Assertion in Project Nbdkit

CWE-617 — Reachable Assertion7 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 43.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nbdkit Project Nbdkit

Timeline

PublishedMar 18

Latest updateMay 24

Description

A denial of service vulnerability was discovered in nbdkit. A client issuing a certain sequence of commands could possibly trigger an assertion failure, causing nbdkit to exit. This issue only affected nbdkit versions 1.12.7, 1.14.1, and 1.15.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDnbdkit_project/nbdkit1.14.0 — 1.14.1+2

▶Debiannbdkit_project/nbdkit< 1.14.2-1+3

▶CVEListV5nbdkit_project/nbdkitnbdkit 1.12.8, nbdkit 1.14.2, nbdkit 1.15.2

Patches

Patch: bugzilla.redhat.com ↗Patch: www.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-hj75-x8cx-fm4w: A denial of service vulnerability was discovered in nbdkit↗2022-05-24

▶

OSV

CVE-2019-14851: A denial of service vulnerability was discovered in nbdkit↗2021-03-18

▶

CVEList

CVE-2019-14851: A denial of service vulnerability was discovered in nbdkit↗2021-03-18

▶

📋Vendor Advisories

Red Hat

nbdkit: assertion failure by issuing commands in the wrong order↗2019-09-20

▶

Debian

CVE-2019-14851: nbdkit - A denial of service vulnerability was discovered in nbdkit. A client issuing a c...↗2019

▶

💬Community

Bugzilla

CVE-2019-14851 nbdkit: assertion failure by issuing commands in the wrong order↗2019-10-01

▶