CVSS4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/SC:L/VI:L/SI:L/VA:L/SA:L
AI Score
Confidence
Low
In https://github.com/google/nftables Β IP addresses were encoded in the
wrong byte order,Β resulting in an nftables configuration which does not
work as intended (might block or not block the desired addresses).
This issue affects:Β https://pkg.go.dev/github.com/google/[email protected]
The bug was fixed in the next released version:
https://pkg.go.dev/github.com/google/[email protected]
Author | Note |
---|---|
alexmurray | crowsec-firewall-bouncer needs a no-change rebuild once golang-github-google-nftables is patched to ensure it is also patched since it is Built-Using |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 24.04 | noarch | golang-github-google-nftables | <Β any | UNKNOWN |
bugs.launchpad.net/ubuntu/+source/crowdsec-firewall-bouncer/+bug/2069596
github.com/crowdsecurity/cs-firewall-bouncer/issues/368
github.com/google/nftables/issues/225
launchpad.net/bugs/cve/CVE-2024-6284
nvd.nist.gov/vuln/detail/CVE-2024-6284
security-tracker.debian.org/tracker/CVE-2024-6284
www.cve.org/CVERecord?id=CVE-2024-6284