CVE-2019-14850

A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause resource consumption and degradation of service in nbdkit, depending on the plugins configured on the server-side.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1757258 Issue Tracking Patch Third Party Advisory
https://www.redhat.com/archives/libguestfs/2019-September/msg00084.html Exploit Mailing List Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1757258 Issue Tracking Patch Third Party Advisory
https://www.redhat.com/archives/libguestfs/2019-September/msg00084.html Exploit Mailing List Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nbdkit_project:nbdkit:*:*:*:*:*:*:*:*
cpe:2.3:a:nbdkit_project:nbdkit:*:*:*:*:*:*:*:*
cpe:2.3:a:nbdkit_project:nbdkit:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

History

21 Nov 2024, 04:27

Type Values Removed Values Added
References () https://bugzilla.redhat.com/show_bug.cgi?id=1757258 - Issue Tracking, Patch, Third Party Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=1757258 - Issue Tracking, Patch, Third Party Advisory
References () https://www.redhat.com/archives/libguestfs/2019-September/msg00084.html - Exploit, Mailing List, Third Party Advisory () https://www.redhat.com/archives/libguestfs/2019-September/msg00084.html - Exploit, Mailing List, Third Party Advisory

Information

Published : 2021-03-18 19:15

Updated : 2024-11-21 04:27


NVD link : CVE-2019-14850

Mitre link : CVE-2019-14850

CVE.ORG link : CVE-2019-14850


JSON object : View

Products Affected

redhat

  • virtualization
  • enterprise_linux_server
  • enterprise_linux

nbdkit_project

  • nbdkit
CWE
CWE-406

Insufficient Control of Network Message Volume (Network Amplification)