A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause resource consumption and degradation of service in nbdkit, depending on the plugins configured on the server-side.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1757258 | Issue Tracking Patch Third Party Advisory |
https://www.redhat.com/archives/libguestfs/2019-September/msg00084.html | Exploit Mailing List Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1757258 | Issue Tracking Patch Third Party Advisory |
https://www.redhat.com/archives/libguestfs/2019-September/msg00084.html | Exploit Mailing List Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
21 Nov 2024, 04:27
Type | Values Removed | Values Added |
---|---|---|
References | () https://bugzilla.redhat.com/show_bug.cgi?id=1757258 - Issue Tracking, Patch, Third Party Advisory | |
References | () https://www.redhat.com/archives/libguestfs/2019-September/msg00084.html - Exploit, Mailing List, Third Party Advisory |
Information
Published : 2021-03-18 19:15
Updated : 2024-11-21 04:27
NVD link : CVE-2019-14850
Mitre link : CVE-2019-14850
CVE.ORG link : CVE-2019-14850
JSON object : View
Products Affected
redhat
- virtualization
- enterprise_linux_server
- enterprise_linux
nbdkit_project
- nbdkit
CWE
CWE-406
Insufficient Control of Network Message Volume (Network Amplification)