CVE-2019-14850

LOW EPSS 72.8%
Published Mar 18, 20215y ago · Modified Jun 17, 20262w ago
3.7 CVSS 3.1
Low
Find Similar
Published Mar 18, 2021 5y ago
Last Modified Jun 17, 2026 2w ago

Description

A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause resource consumption and degradation of service in nbdkit, depending on the plugins configured on the server-side.

CVSS Details

Base Score
3.7
Exploitability
2.2
Impact
1.4
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability Low

Threat Intelligence

EPSS Exploit Probability
72.8% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-406

Affected Products 7

VendorProductVersionRange
nbdkit_projectnbdkit* <1.12.7
nbdkit_projectnbdkit*≥1.14.0  –  <1.14.1
nbdkit_projectnbdkit*≥1.15.0  –  <1.15.1
redhatvirtualization4.0any
redhatenterprise_linux8.0any
redhatenterprise_linux8.0any
redhatenterprise_linux_server7.0any

References 2

  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1757258
    Issue TrackingPatchThird Party Advisory
  • redhat.com https://www.redhat.com/archives/libguestfs/2019-September/msg00084.html
    ExploitMailing ListThird Party Advisory

Remediation

  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1757258
    Issue TrackingPatchThird Party Advisory