5 matches found
CVE-2021-3716
CVE-2021-3716 affects nbdkit; root cause is improper caching of plaintext state across the STARTTLS boundary. A man-in-the-middle could inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying client data to the server, potentially causing the client to terminate the NBD session. The primary i...
CVE-2019-14850
CVE-2019-14850 affects nbdkit versions 1.12.7, 1.14.1, and 1.15.1, where a remote attacker can cause DoS by opening a connection that triggers extensive work initializing backend plugins, leading to resource consumption and service degradation. The underlying cause is premature opening of back-en...
CVE-2025-47711
CVE-2025-47711 concerns the nbdkit server: when handling responses from plugins about data block status, a client requesting a very large range and receiving a larger single block can trigger a critical internal error, causing a denial of service. The connected advisories document affected distri...
CVE-2025-47712
Summary: CVE-2025-47712 affects the nbdkit blocksize filter. A crafted client request for block status over a very large data range can trigger an internal error in nbdkit, causing a denial of service. The initial description does not specify affected versions, product variants, or official remed...
CVE-2019-14851
CVE-2019-14851 describes a denial-of-service in the project’s nbdkit daemon. The vulnerability is triggered by a specific sequence of commands that could cause an assertion failure, leading to nbdkit exiting. Affected versions are explicitly listed as 1.12.7, 1.14.1, and 1.15.1. The provided sour...