Closed GoVulnBot closed 1 week ago
Advisory GHSA-qjvf-8748-9w7h references a vulnerability in the following Go modules:
Description: In https://github.com/google/nftables IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which does not work as intended (might block or not block the desired addresses).
This issue affects: https://pkg.go.dev/github.com/google/nftables@v0.1.0
The bug was fixed in the next released version: https://pkg.go.dev/github.com/google/nftables@v0.2.0
References:
Cross references: No existing reports found with this module or alias. See doc/triage.md for instructions on how to triage this report.
id: GO-ID-PENDING modules: - module: github.com/google/nftables non_go_versions: - introduced: TODO (earliest fixed "0.2.0", vuln range "= 0.1.0") vulnerable_at: 0.2.0 summary: github.com/google/nftable IP addresses were encoded in the wrong byte order cves: - CVE-2024-6284 ghsas: - GHSA-qjvf-8748-9w7h references: - advisory: https://github.com/advisories/GHSA-qjvf-8748-9w7h - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-6284 - report: https://github.com/crowdsecurity/cs-firewall-bouncer/issues/368 - report: https://github.com/google/nftables/issues/225 - web: https://bugs.launchpad.net/ubuntu/+source/crowdsec-firewall-bouncer/+bug/2069596 source: id: GHSA-qjvf-8748-9w7h created: 2024-07-05T21:01:14.471404454Z review_status: UNREVIEWED
Change https://go.dev/cl/597159 mentions this issue: data/reports: add 2 reviewed reports
data/reports: add 2 reviewed reports
Advisory GHSA-qjvf-8748-9w7h references a vulnerability in the following Go modules:
Description: In https://github.com/google/nftables IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which does not work as intended (might block or not block the desired addresses).
This issue affects: https://pkg.go.dev/github.com/google/nftables@v0.1.0
The bug was fixed in the next released version: https://pkg.go.dev/github.com/google/nftables@v0.2.0
References:
Cross references: No existing reports found with this module or alias. See doc/triage.md for instructions on how to triage this report.