Lucene search

GoogleOSV:CVE-2024-7383

HistoryAug 05, 2024 - 2:15 p.m.

CVE-2024-7383

2024-08-0514:15:35

Google

osv.dev

libnbd

tls

certificate

verification

man-in-the-middle

attack

nbd

traffic

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

6.4

Confidence

Low

JSON

A flaw was found in libnbd. The client did not always correctly verify the NBD server’s certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traffic.

References

access.redhat.com/errata/RHSA-2024:6757

access.redhat.com/security/cve/CVE-2024-7383

bugzilla.redhat.com/show_bug.cgi?id=2302865

lists.libguestfs.org/archives/list/[email protected]/message/LHR3BW6RJ7K4BJBQIYV3GTZLSY27VZO2

lists.libguestfs.org/archives/list/[email protected]/thread/ENZY4LHLARA3N4C3JUNLPYUCXHFO7BWQ/

security-tracker.debian.org/tracker/CVE-2024-7383

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

6.4

Confidence

Low

JSON

Related for OSV:CVE-2024-7383