CVE-2019-14850
LOWnbdkit 1.12.7 1.14.1 1.15.1 - Denial of Service via Backend Plugin Initialization
Title source: llmDescription
A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause resource consumption and degradation of service in nbdkit, depending on the plugins configured on the server-side.
References (2)
Core 2
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1757258
Exploit, Mailing List, Third Party Advisory x_refsource_misc
https://www.redhat.com/archives/libguestfs/2019-September/msg00084.html
Scores
CVSS v3
3.7
EPSS
0.0030
EPSS Percentile
53.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-406
Status
published
Products (4)
nbdkit_project/nbdkit
< 1.12.7
redhat/enterprise_linux
8.0 (2 CPE variants)
redhat/enterprise_linux_server
7.0
redhat/virtualization
4.0
Published
Mar 18, 2021
Tracked Since
Feb 18, 2026