x/vulndb: potential Go vuln in github.com/google/nftables: GHSA-qjvf-8748-9w7h

[GoVulnBot]

Advisory GHSA-qjvf-8748-9w7h references a vulnerability in the following Go modules:

Module
github.com/google/nftables

Description: In https://github.com/google/nftables IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which does not work as intended (might block or not block the desired addresses).

This issue affects:  https://pkg.go.dev/github.com/google/nftables@v0.1.0

The bug was fixed in the next released version:  https://pkg.go.dev/github.com/google/nftables@v0.2.0

References:

• ADVISORY: https://github.com/advisories/GHSA-qjvf-8748-9w7h
• ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2024-6284
• REPORT: https://github.com/crowdsecurity/cs-firewall-bouncer/issues/368
• REPORT: https://github.com/google/nftables/issues/225
• WEB: https://bugs.launchpad.net/ubuntu/+source/crowdsec-firewall-bouncer/+bug/2069596

Cross references: No existing reports found with this module or alias. See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/google/nftables
      non_go_versions:
        - introduced: TODO (earliest fixed "0.2.0", vuln range "= 0.1.0")
      vulnerable_at: 0.2.0
summary: github.com/google/nftable IP addresses were encoded in the wrong byte order
cves:
    - CVE-2024-6284
ghsas:
    - GHSA-qjvf-8748-9w7h
references:
    - advisory: https://github.com/advisories/GHSA-qjvf-8748-9w7h
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-6284
    - report: https://github.com/crowdsecurity/cs-firewall-bouncer/issues/368
    - report: https://github.com/google/nftables/issues/225
    - web: https://bugs.launchpad.net/ubuntu/+source/crowdsec-firewall-bouncer/+bug/2069596
source:
    id: GHSA-qjvf-8748-9w7h
    created: 2024-07-05T21:01:14.471404454Z
review_status: UNREVIEWED

[gopherbot]

Change https://go.dev/cl/597159 mentions this issue: data/reports: add 2 reviewed reports