Filtered by vendor Nbdkit Project Subscriptions
Total 3 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-3716 2 Nbdkit Project, Redhat 3 Nbdkit, Advanced Virtualization, Enterprise Linux 2024-11-21 3.1 Low
A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability is to system availability.
CVE-2019-14851 1 Nbdkit Project 1 Nbdkit 2024-11-21 6.5 Medium
A denial of service vulnerability was discovered in nbdkit. A client issuing a certain sequence of commands could possibly trigger an assertion failure, causing nbdkit to exit. This issue only affected nbdkit versions 1.12.7, 1.14.1, and 1.15.1.
CVE-2019-14850 2 Nbdkit Project, Redhat 4 Nbdkit, Enterprise Linux, Enterprise Linux Server and 1 more 2024-11-21 3.7 Low
A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause resource consumption and degradation of service in nbdkit, depending on the plugins configured on the server-side.