CVE-2024-6284

2024-07-0323:15:02

CWE-20

Google

web.nvd.nist.gov

nftables

ip addresses

configuration

bug

fix

CVSS4

6.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/SC:L/VI:L/SI:L/VA:L/SA:L

AI Score

Confidence

Low

EPSS

Percentile

15.8%

JSON

In https://github.com/google/nftables IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which does not work as intended (might block or not block the desired addresses).

This issue affects: https://pkg.go.dev/github.com/google/[email protected]

The bug was fixed in the next released version: https://pkg.go.dev/github.com/google/[email protected]

Affected configurations

Vulners

Vulnrichment

Node

googlehttps\Match\/\/github.com\/google\/nftables

VendorProductVersionCPE
googlehttps\//github.com/google/nftablescpe:2.3:a:google:https\:\/\/github.com\/google\/nftables:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	https\	//github.com/google/nftables	cpe:2.3:a:google:https\:\/\/github.com\/google\/nftables::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "https://github.com/google/nftables",
    "repo": "https://github.com/google/nftables",
    "vendor": "Google",
    "versions": [
      {
        "status": "affected",
        "version": "0.1.0"
      },
      {
        "status": "unaffected",
        "version": "0.2.0"
      }
    ]
  }
]