Bugzilla – Bug 1227375
VUL-0: TRACKERBUG: CVE-2024-6284: google/nftables: incorrect IP address encoded bytes may lead to unwanted behavior
Last modified: 2024-07-04 08:15:03 UTC
In https://github.com/google/nftables IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which does not work as intended (might block or not block the desired addresses). This issue affects: https://pkg.go.dev/github.com/google/nftables@v0.1.0 The bug was fixed in the next released version: https://pkg.go.dev/github.com/google/nftables@v0.2.0 References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-6284 https://www.cve.org/CVERecord?id=CVE-2024-6284 https://bugs.launchpad.net/ubuntu/+source/crowdsec-firewall-bouncer/+bug/2069596 https://github.com/crowdsecurity/cs-firewall-bouncer/issues/368 https://github.com/google/nftables/issues/225 https://bugzilla.redhat.com/show_bug.cgi?id=2295699
github.com/google/nftables Go module is embedded in: - openSUSE:Factory/talosctl (already fixed) - openSUSE:Factory/tailscale
According to [0] the issue was introduced in [1] (1.0.0) [0] https://github.com/google/nftables/issues/225#issuecomment-1549973369 [1] https://github.com/google/nftables/pull/180