Candidate: CVE-2019-14851
PublicDate: 2021-03-18 20:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14851
 https://www.redhat.com/archives/libguestfs/2019-September/msg00272.html
 https://github.com/libguestfs/nbdkit/commit/a6b88b195a959b17524d1c8353fd425d4891dc5f
 https://github.com/libguestfs/nbdkit/commit/bf0d61883a2f02f4388ec10dc92d4c61c093679e
 https://github.com/libguestfs/nbdkit/commit/b2bc6683ea3cd1f6be694e8a681dfa411b7d15f3
Description:
 A denial of service vulnerability was discovered in nbdkit. A client
 issuing a certain sequence of commands could possibly trigger an assertion
 failure, causing nbdkit to exit. This issue only affected nbdkit versions
 1.12.7, 1.14.1, and 1.15.1.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H [6.5 MEDIUM]


Patches_nbdkit:
upstream_nbdkit: released (1.14.2-1)
precise/esm_nbdkit: DNE
trusty_nbdkit: ignored (out of standard support)
trusty/esm_nbdkit: DNE
xenial_nbdkit: ignored (end of standard support, was needs-triage)
bionic_nbdkit: DNE
disco_nbdkit: ignored (reached end-of-life)
eoan_nbdkit: ignored (reached end-of-life)
focal_nbdkit: not-affected (1.14.2-3)
groovy_nbdkit: not-affected (1.14.2-3)
hirsute_nbdkit: not-affected (1.14.2-3)
impish_nbdkit: not-affected (1.14.2-3)
jammy_nbdkit: not-affected (1.14.2-3)
devel_nbdkit: not-affected (1.14.2-3)