Filtered by vendor Nbdkit Project
Subscribe
Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-3716 | 2 Nbdkit Project, Redhat | 2 Nbdkit, Enterprise Linux | 2022-03-09 | 3.5 LOW | 3.1 LOW |
A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability is to system availability. | |||||
CVE-2019-14851 | 1 Nbdkit Project | 1 Nbdkit | 2021-03-25 | 3.5 LOW | 6.5 MEDIUM |
A denial of service vulnerability was discovered in nbdkit. A client issuing a certain sequence of commands could possibly trigger an assertion failure, causing nbdkit to exit. This issue only affected nbdkit versions 1.12.7, 1.14.1, and 1.15.1. | |||||
CVE-2019-14850 | 2 Nbdkit Project, Redhat | 4 Nbdkit, Enterprise Linux, Enterprise Linux Server and 1 more | 2021-03-24 | 2.6 LOW | 3.7 LOW |
A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause resource consumption and degradation of service in nbdkit, depending on the plugins configured on the server-side. |