CVE-2019-14850 — Vulnetix

Try Vulnetix Request Demo

CVE-2019-14850 PUBLISHED

A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause resource consumption and degradation of service in nbdkit, depending on the plugins configured on the server-side.

EPSS 0.39% · 60.1th percentile

Risk Scores

EPSS Score

0.39%

60.1th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:16.04:LTS	nbdkit	0, 1.1.10-1, 1.1.11-1
Ubuntu:22.04:LTS	nbdkit	0, 1.24.1-2ubuntu1, 1.24.1-2ubuntu2
Ubuntu:20.04:LTS	nbdkit	1.16.1-3, 1.16.2-1ubuntu2, 1.16.2-1ubuntu3

Timeline

Mar 31, 2020 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Oct 24, 2021 EPSS Score
Dec 25, 2021 EPSS Score
Apr 28, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Aug 31, 2022 EPSS Score
Nov 1, 2022 EPSS Score
Jan 2, 2023 EPSS Score
Mar 5, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2019-14850 third-party-advisory
https://www.redhat.com/archives/libguestfs/2019-September/msg00084.html third-party-advisory
https://github.com/libguestfs/nbdkit/commit/c05686f9577fa91b6a3a4d8c065954ca6fc3fd62 third-party-advisory
https://github.com/libguestfs/nbdkit/commit/a6b88b195a959b17524d1c8353fd425d4891dc5f third-party-advisory
https://github.com/libguestfs/nbdkit/commit/e06cde00659ff97182173d0e33fff784041bcb4a third-party-advisory
https://github.com/libguestfs/nbdkit/commit/bf0d61883a2f02f4388ec10dc92d4c61c093679e third-party-advisory
https://github.com/libguestfs/nbdkit/commit/22b30adb796bb6dca264a38598f80b8a234ff978 third-party-advisory
https://github.com/libguestfs/nbdkit/commit/b2bc6683ea3cd1f6be694e8a681dfa411b7d15f3 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2019-14850 third-party-advisory

Open in Interactive Console →