CVE-2019-14850

A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause resource consumption and degradation of service in nbdkit, depending on the plugins configured on the server-side.
References
Link Resource
https://www.redhat.com/archives/libguestfs/2019-September/msg00084.html Exploit Mailing List Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1757258 Issue Tracking Patch Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nbdkit_project:nbdkit:*:*:*:*:*:*:*:*
cpe:2.3:a:nbdkit_project:nbdkit:*:*:*:*:*:*:*:*
cpe:2.3:a:nbdkit_project:nbdkit:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

Information

Published : 2021-03-18 12:15

Updated : 2021-03-24 11:05


NVD link : CVE-2019-14850

Mitre link : CVE-2019-14850


JSON object : View

CWE
CWE-406

Insufficient Control of Network Message Volume (Network Amplification)

Advertisement

dedicated server usa

Products Affected

redhat

  • virtualization
  • enterprise_linux_server
  • enterprise_linux

nbdkit_project

  • nbdkit