Richard W. M. Jones

**Name of the Vulnerable Software and Affected Versions** nbdkit versions 1.12.7, 1.14.1, 1.15.1 **Description** A denial of service issue was discovered in nbdkit. An attacker could connect to the nbdkit service, causing it to perform a large amount of work in initializing backend plugins by simply opening a connection to the service. This could cause resource consumption and degradation of service in nbdkit, depending on the plugins configured on the server-side. **Recommendations** For version 1.12.7, update to a version that fixes this issue. For version 1.14.1, update to a version that fixes this issue. For version 1.15.1, update to a version that fixes this issue. As a temporary workaround, consider restricting access to the nbdkit service to minimize the risk of exploitation.