CVE-2019-14850

Published: 18 March 2021

A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause resource consumption and degradation of service in nbdkit, depending on the plugins configured on the server-side.

Priority

Cvss 3 Severity Score

3.7

Score breakdown

Status

Package	Release	Status
nbdkit Launchpad, Ubuntu, Debian	bionic	Does not exist
	disco	Ignored (end of life)
	eoan	Ignored (end of life)
	focal	Needs triage
	groovy	Ignored (end of life)
	hirsute	Ignored (end of life)
	impish	Ignored (end of life)
	jammy	Needs triage
	kinetic	Ignored (end of life, was needs-triage)
	lunar	Not vulnerable (1.24.1-2ubuntu4)
	mantic	Not vulnerable (1.24.1-2ubuntu4)
	trusty	Does not exist
	upstream	Released (1.14.1-1)
	xenial	Needs triage

Severity score breakdown

Parameter	Value
Base score	3.7
Attack vector	Network
Attack complexity	High
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	None
Integrity impact	None
Availability impact	Low
Vector	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›