Vulnerability Details : CVE-2021-20286
A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead to denial of service.
Vulnerability category: Denial of service
Products affected by CVE-2021-20286
- cpe:2.3:o:redhat:enterprise_linux:8.3.0:*:*:*:advanced_virtualization:*:*:*
- cpe:2.3:a:redhat:libnbd:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-20286
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 31 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-20286
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:P |
8.0
|
2.9
|
NIST | |
2.7
|
LOW | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L |
1.2
|
1.4
|
NIST |
CWE ids for CVE-2021-20286
-
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.Assigned by: secalert@redhat.com (Primary)
References for CVE-2021-20286
-
https://gitlab.com/nbdkit/libnbd/-/commit/fb4440de9cc76e9c14bd3ddf3333e78621f40ad0
opt_go: Tolerate unplanned server death (fb4440de) · Commits · nbdkit / libnbd · GitLabPatch;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1934727
1934727 – (CVE-2021-20286) CVE-2021-20286 libnbd: Assertion failure in nbd_unlocked_opt_go in lib/opt.cIssue Tracking;Third Party Advisory
Jump to