CVE-2019-14850
LOW EPSS 72.8%
Published Mar 18, 20215y ago · Modified Jun 17, 20262w ago
3.7 CVSS 3.1
Published Mar 18, 2021 5y ago
Last Modified Jun 17, 2026 2w ago
Description
A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause resource consumption and degradation of service in nbdkit, depending on the plugins configured on the server-side.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability Low
Threat Intelligence
EPSS Exploit Probability
72.8% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-406
Affected Products 7
| Vendor | Product | Version | Range |
|---|---|---|---|
| nbdkit_project | nbdkit | * | <1.12.7 |
| nbdkit_project | nbdkit | * | ≥1.14.0 – <1.14.1 |
| nbdkit_project | nbdkit | * | ≥1.15.0 – <1.15.1 |
| redhat | virtualization | 4.0 | any |
| redhat | enterprise_linux | 8.0 | any |
| redhat | enterprise_linux | 8.0 | any |
| redhat | enterprise_linux_server | 7.0 | any |
References 2
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1757258
- redhat.com https://www.redhat.com/archives/libguestfs/2019-September/msg00084.html
Remediation
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1757258