CVE-2019-14851

Published: Mar 18, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A denial of service vulnerability was discovered in nbdkit. A client issuing a certain sequence of commands could possibly trigger an assertion failure, causing nbdkit to exit. This issue only affected nbdkit versions 1.12.7, 1.14.1, and 1.15.1.

Affected (3)

Products: Nbdkit Project: Nbdkit

Nbdkit Project

1 product

Nbdkit

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Nbdkit Project Nbdkit	Before 1.12.7
Nbdkit Project Nbdkit	From 1.14.0 to 1.14.1
Nbdkit Project Nbdkit	From 1.15.0 to 1.15.1

Related CWEs

CWE-617

Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References (4)

https://bugzilla.redhat.com/show_bug.cgi?id=1757259

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://www.redhat.com/archives/libguestfs/2019-September/msg00272.html

Source: secalert@redhat.com

Mailing ListPatchVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1757259

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://www.redhat.com/archives/libguestfs/2019-September/msg00272.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchVendor Advisory

Timeline

No history available yet.