A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBDOPTSTRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability is to system availability.
{ "vanir_signatures": [ { "id": "CVE-2021-3716-07c259cd", "digest": { "line_hashes": [ "17736055569549823576078601167558441071", "252569956524523289579052347941166243611", "297470718666234456831894338929195417055" ], "threshold": 0.9 }, "source": "https://gitlab.com/nbdkit/nbdkit@09a13dafb7bb3a38ab52eb5501cba786365ba7fd", "target": { "file": "server/protocol-handshake-newstyle.c" }, "signature_version": "v1", "deprecated": false, "signature_type": "Line" }, { "id": "CVE-2021-3716-37e6bdf7", "digest": { "line_hashes": [ "333482206296967489735886764046295964344", "119471980424718382355237920729822312416", "354708292059306544598635409003669673", "204350468158886587735548122882836647246" ], "threshold": 0.9 }, "source": "https://gitlab.com/nbdkit/nbdkit@6c5faac6a37077cf2366388a80862bb00616d0d8", "target": { "file": "server/protocol-handshake-newstyle.c" }, "signature_version": "v1", "deprecated": false, "signature_type": "Line" }, { "id": "CVE-2021-3716-72881b3f", "digest": { "length": 9714.0, "function_hash": "278656485481587851966178619826305884851" }, "source": "https://gitlab.com/nbdkit/nbdkit@09a13dafb7bb3a38ab52eb5501cba786365ba7fd", "target": { "function": "negotiate_handshake_newstyle_options", "file": "server/protocol-handshake-newstyle.c" }, "signature_version": "v1", "deprecated": false, "signature_type": "Function" }, { "id": "CVE-2021-3716-82631061", "digest": { "length": 9751.0, "function_hash": "107471052006344028215705987130228423204" }, "source": "https://gitlab.com/nbdkit/nbdkit@6c5faac6a37077cf2366388a80862bb00616d0d8", "target": { "function": "negotiate_handshake_newstyle_options", "file": "server/protocol-handshake-newstyle.c" }, "signature_version": "v1", "deprecated": false, "signature_type": "Function" } ] }