GHSA-qjvf-8748-9w7h
Suggest an improvement- Source
- https://github.com/advisories/GHSA-qjvf-8748-9w7h
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-qjvf-8748-9w7h/GHSA-qjvf-8748-9w7h.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-qjvf-8748-9w7h
- Aliases
- Published
- 2024-07-04T00:37:45Z
- Modified
- 2024-07-09T21:39:04Z
- Severity
-
- 6.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
- Summary
- github.com/google/nftable IP addresses were encoded in the wrong byte order
- Details
-
In https://github.com/google/nftables IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which does not work as intended (might block or not block the desired addresses).
This issue affects: https://pkg.go.dev/github.com/google/nftables@v0.1.0
The bug was fixed in the next released version: https://pkg.go.dev/github.com/google/nftables@v0.2.0
- Database specific
{ "nvd_published_at": "2024-07-03T23:15:02Z", "cwe_ids": [ "CWE-20" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-07-05T20:05:15Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2024-6284
- https://github.com/crowdsecurity/cs-firewall-bouncer/issues/368
- https://github.com/google/nftables/issues/225
- https://github.com/google/nftables/commit/b1f901b05510bed05c232c5049f68d1511b56a19
- https://bugs.launchpad.net/ubuntu/+source/crowdsec-firewall-bouncer/+bug/2069596
- https://github.com/google/nftables
Affected packages
Go / github.com/google/nftables
Package
- Name
- github.com/google/nftables
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/google/nftables