CVE-2024-7383
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-7383
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-7383.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-7383
- Related
- Published
- 2024-08-05T14:15:35Z
- Modified
- 2024-09-25T02:56:03.733528Z
- Summary
- [none]
- Details
-
A flaw was found in libnbd. The client did not always correctly verify the NBD server's certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traffic.
- References
-
- https://access.redhat.com/errata/RHSA-2024:6757
- https://access.redhat.com/errata/RHSA-2024:6964
- https://bugzilla.redhat.com/show_bug.cgi?id=2302865
- https://access.redhat.com/security/cve/CVE-2024-7383
- https://lists.libguestfs.org/archives/list/guestfs@lists.libguestfs.org/message/LHR3BW6RJ7K4BJBQIYV3GTZLSY27VZO2
- https://lists.libguestfs.org/archives/list/guestfs@lists.libguestfs.org/thread/ENZY4LHLARA3N4C3JUNLPYUCXHFO7BWQ/
- https://security-tracker.debian.org/tracker/CVE-2024-7383
Affected packages
Debian:11 / libnbd
Package
- Name
- libnbd
- Purl
- pkg:deb/debian/libnbd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:12 / libnbd
Package
- Name
- libnbd
- Purl
- pkg:deb/debian/libnbd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:13 / libnbd
Package
- Name
- libnbd
- Purl
- pkg:deb/debian/libnbd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.20.2-1