1nbdkit-security(1)                  NBDKIT                  nbdkit-security(1)
2
3
4

NAME

6       nbdkit-security - information about past security issues in nbdkit
7

DESCRIPTION

9       This page details past security issues found in nbdkit.
10
11       For how to report new security issues, see the "SECURITY" file in the
12       top level source directory, also available online here:
13       https://gitlab.com/nbdkit/nbdkit/blob/master/SECURITY
14
15   CVE-2019-14850 denial of service due to premature opening of back-end
16       connection
17       See the full announcement and links to mitigation, tests and fixes
18       here:
19       https://www.redhat.com/archives/libguestfs/2019-September/msg00084.html
20
21   CVE-2019-14851 assertion failure by issuing commands in the wrong order
22       This CVE was caused by the fix to the previous issue.
23
24       See the full announcement and links to mitigation, tests and fixes
25       here:
26       https://www.redhat.com/archives/libguestfs/2019-September/msg00272.html
27
28   CVE-2021-3716 structured read denial of service attack against starttls
29       See the full announcement and links to mitigation, tests and fixes
30       here:
31       https://www.redhat.com/archives/libguestfs/2021-August/msg00083.html
32

SEE ALSO

34       nbdkit(1).
35

AUTHORS

37       Eric Blake
38
39       Richard W.M. Jones
40
42       Copyright Red Hat
43

LICENSE

45       Redistribution and use in source and binary forms, with or without
46       modification, are permitted provided that the following conditions are
47       met:
48
49       •   Redistributions of source code must retain the above copyright
50           notice, this list of conditions and the following disclaimer.
51
52       •   Redistributions in binary form must reproduce the above copyright
53           notice, this list of conditions and the following disclaimer in the
54           documentation and/or other materials provided with the
55           distribution.
56
57       •   Neither the name of Red Hat nor the names of its contributors may
58           be used to endorse or promote products derived from this software
59           without specific prior written permission.
60
61       THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND ANY
62       EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
63       IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
64       PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR CONTRIBUTORS BE
65       LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
66       CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
67       SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
68       BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
69       WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
70       OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
71       ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
72
73
74
75nbdkit-1.36.2                     2023-11-26                nbdkit-security(1)
Impressum