CVE-2021-3716

A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability is to system availability.

Published: Mar 3, 2022
Updated: Apr 14, 2023
CVE: CVE-2021-3716
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 3.1
AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:N/A:P

CWEs:

CWE-924

Affected Software
References

Software	From	Fixed in
nbdkit_project / nbdkit	1.27.1	1.27.6
nbdkit_project / nbdkit	1.25.1	1.26.5
nbdkit_project / nbdkit	1.11.8	1.24.6
redhat / enterprise_linux	8.0	8.0.x

https://bugzilla.redhat.com/show_bug.cgi?id=1994695
https://gitlab.com/nbdkit/nbdkit/-/commit/09a13dafb7bb3a38ab52eb5501cba786365ba7fd
https://gitlab.com/nbdkit/nbdkit/-/commit/6c5faac6a37077cf2366388a80862bb00616d0d8
https://listman.redhat.com/archives/libguestfs/2021-August/msg00083.html
https://www.openwall.com/lists/oss-security/2021/08/18/2

Vulnerability Database

289,689

CVE-2021-3716