Google nftables Go lib v0.1.0 IP byte order bug (CVE-2024-6284)
CVE-2024-6284 Published on July 3, 2024
Improper IPv4 and IPv6 byte order storage in github.com/google/nftables
In https://github.com/google/nftables IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which does not work as intended (might block or not block the desired addresses).
This issue affects: https://pkg.go.dev/github.com/google/nftables@v0.1.0
The bug was fixed in the next released version: https://pkg.go.dev/github.com/google/nftables@v0.2.0
Weakness Types
Improper Validation of Syntactic Correctness of Input
The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.
Products Associated with CVE-2024-6284
Want to know whenever a new CVE is published for Google Nftables? stack.watch will email you.
Affected Versions
https://github.com/google/nftables:- Version 0.1.0 is affected.
- Version 0.2.0 is unaffected.
- Version 0.1.0 and below 0.2.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.