Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/vulndb: potential Go vuln in github.com/google/nftables: GHSA-qjvf-8748-9w7h #2977

Closed
GoVulnBot opened this issue Jul 5, 2024 · 1 comment
Closed

x/vulndb: potential Go vuln in github.com/google/nftables: GHSA-qjvf-8748-9w7h #2977

GoVulnBot opened this issue Jul 5, 2024 · 1 comment
Assignees
@tatianab
Labels
high priority triaged

Comments

@GoVulnBot
Copy link

Advisory GHSA-qjvf-8748-9w7h references a vulnerability in the following Go modules:

Module
github.com/google/nftables

Description:
In https://github.com/google/nftables IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which does not work as intended (might block or not block the desired addresses).

This issue affects:  https://pkg.go.dev/github.com/google/[email protected]

The bug was fixed in the next released version:  https://pkg.go.dev/github.com/google/[email protected]

References:

Cross references:
No existing reports found with this module or alias.
See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/google/nftables
      non_go_versions:
        - introduced: TODO (earliest fixed "0.2.0", vuln range "= 0.1.0")
      vulnerable_at: 0.2.0
summary: github.com/google/nftable IP addresses were encoded in the wrong byte order
cves:
    - CVE-2024-6284
ghsas:
    - GHSA-qjvf-8748-9w7h
references:
    - advisory: https://github.com/advisories/GHSA-qjvf-8748-9w7h
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-6284
    - report: https://github.com/crowdsecurity/cs-firewall-bouncer/issues/368
    - report: https://github.com/google/nftables/issues/225
    - web: https://bugs.launchpad.net/ubuntu/+source/crowdsec-firewall-bouncer/+bug/2069596
source:
    id: GHSA-qjvf-8748-9w7h
    created: 2024-07-05T21:01:14.471404454Z
review_status: UNREVIEWED
@tatianab tatianab self-assigned this Jul 8, 2024
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/597159 mentions this issue: data/reports: add 2 reviewed reports

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tatianab tatianab

Labels
high priority triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tatianab @gopherbot @GoVulnBot