Bugzilla – Bug 1227376
VUL-0: CVE-2024-6284: tailscale: google/nftables: incorrect IP address encoded bytes may lead to unwanted behavior
Last modified: 2024-07-12 08:57:38 UTC
+++ This bug was initially created as a clone of Bug #1227375 +++ In https://github.com/google/nftables IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which does not work as intended (might block or not block the desired addresses). This issue affects: https://pkg.go.dev/github.com/google/nftables@v0.1.0 The bug was fixed in the next released version: https://pkg.go.dev/github.com/google/nftables@v0.2.0 References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-6284 https://www.cve.org/CVERecord?id=CVE-2024-6284 https://bugs.launchpad.net/ubuntu/+source/crowdsec-firewall-bouncer/+bug/2069596 https://github.com/crowdsecurity/cs-firewall-bouncer/issues/368 https://github.com/google/nftables/issues/225 https://bugzilla.redhat.com/show_bug.cgi?id=2295699
If [0] is correct, openSUSE:Factory/tailscale is affected since it uses github.com/google/nftables v0.1.1-0.20230115205135-9aa6fdf5a28c [0] https://bugzilla.suse.com/show_bug.cgi?id=1227375#c2
(In reply to Thomas Leroy from comment #1) > If [0] is correct, openSUSE:Factory/tailscale is affected since it uses > github.com/google/nftables v0.1.1-0.20230115205135-9aa6fdf5a28c > > [0] https://bugzilla.suse.com/show_bug.cgi?id=1227375#c2 Factory Tailscale version is 1.68.2, the version of github.com/google/nftables is v0.2.1-0.20240414091927-5e242ec57806. The package bump can be traced to 1.66 in https://github.com/tailscale/tailscale/commit/3ef7f895c88367ed9c5940bb7504b38e9258a5b4. Version 1.66.1 was added to Factory over 2 months ago by https://build.opensuse.org/request/show/1173205.