Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1xanZmLTg3NDgtOXc3aM4AA9gc
github.com/google/nftable IP addresses were encoded in the wrong byte order
In https://github.com/google/nftables IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which does not work as intended (might block or not block the desired addresses).
This issue affects: https://pkg.go.dev/github.com/google/[email protected]
The bug was fixed in the next released version: https://pkg.go.dev/github.com/google/[email protected]
Permalink: https://github.com/advisories/GHSA-qjvf-8748-9w7hJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xanZmLTg3NDgtOXc3aM4AA9gc
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 5 months ago
Updated: 4 months ago
Identifiers: GHSA-qjvf-8748-9w7h, CVE-2024-6284
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-6284
- https://github.com/crowdsecurity/cs-firewall-bouncer/issues/368
- https://github.com/google/nftables/issues/225
- https://bugs.launchpad.net/ubuntu/+source/crowdsec-firewall-bouncer/+bug/2069596
- https://github.com/google/nftables/commit/b1f901b05510bed05c232c5049f68d1511b56a19
- https://github.com/advisories/GHSA-qjvf-8748-9w7h
Blast Radius: 0.0
Affected Packages
go:github.com/google/nftables
Dependent packages: 239Dependent repositories: 357
Downloads:
Affected Version Ranges: >= 0.1.0, < 0.2.0
Fixed in: 0.2.0
All affected versions: 0.1.0
All unaffected versions: 0.2.0