CVE-2019-14850
Description
A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause resource consumption and degradation of service in nbdkit, depending on the plugins configured on the server-side.
Risk Information
Base Score
3.7
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score
Exploitation Probability
0.395
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2020:1167) nbdkit security and bug fix update nbdkit-1.8.0-3.el7.x86_64.rpm | Linux |
| (RHSA-2020:1167) nbdkit security and bug fix update nbdkit-basic-plugins-1.8.0-3.el7.x86_64.rpm | Linux |
| (RHSA-2020:1167) nbdkit security and bug fix update nbdkit-devel-1.8.0-3.el7.x86_64.rpm | Linux |
| (RHSA-2020:1167) nbdkit security and bug fix update nbdkit-example-plugins-1.8.0-3.el7.x86_64.rpm | Linux |
| (RHSA-2020:1167) nbdkit security and bug fix update nbdkit-plugin-python-common-1.8.0-3.el7.x86_64.rpm | Linux |
| (RHSA-2020:1167) nbdkit security and bug fix update nbdkit-plugin-python2-1.8.0-3.el7.x86_64.rpm | Linux |
| (RHSA-2020:1167) nbdkit security and bug fix update nbdkit-plugin-vddk-1.8.0-3.el7.x86_64.rpm | Linux |
| (RHSA-2020:1167)Low: security and bug fix update nbdkit-debuginfo-1.8.0-3.el7.x86_64.rpm | Linux |
| Nbdkit update (ELSA-2020-1167) nbdkit-1.8.0-3.el7.x86_64.rpm | Linux |
| Nbdkit-plugin-python-common update (ELSA-2020-1167) nbdkit-plugin-python-common-1.8.0-3.el7.x86_64.rpm | Linux |
| Nbdkit-plugin-python2 update (ELSA-2020-1167) nbdkit-plugin-python2-1.8.0-3.el7.x86_64.rpm | Linux |
| Nbdkit-plugin-vddk update (ELSA-2020-1167) nbdkit-plugin-vddk-1.8.0-3.el7.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234