Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-3716

Опубликовано: 02 мар. 2022
Источник: nvd
CVSS3: 3.1
CVSS2: 3.5
EPSS Низкий

Описание

A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability is to system availability.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nbdkit_project:nbdkit:*:*:*:*:*:*:*:*
Версия от 1.11.8 (включая) до 1.24.6 (исключая)
cpe:2.3:a:nbdkit_project:nbdkit:*:*:*:*:*:*:*:*
Версия от 1.25.1 (включая) до 1.26.5 (исключая)
cpe:2.3:a:nbdkit_project:nbdkit:*:*:*:*:*:*:*:*
Версия от 1.27.1 (включая) до 1.27.6 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*

EPSS

Процентиль: 13%
0.00044
Низкий

3.1 Low

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-924
NVD-CWE-Other

Связанные уязвимости

ubuntu логотип

CVE-2021-3716

CVSS3: 3.1
ubuntu
больше 3 лет назад

A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability is to system availability.

redhat логотип

CVE-2021-3716

CVSS3: 3.5
redhat
почти 4 года назад

A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability is to system availability.

debian логотип

CVE-2021-3716

CVSS3: 3.1
debian
больше 3 лет назад

A flaw was found in nbdkit due to to improperly caching plaintext stat ...

github логотип

GHSA-3vpg-mwgf-4jvj

CVSS3: 3.1
github
больше 3 лет назад

A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability is to system availability.

rocky логотип

RLSA-2022:1759

rocky
около 3 лет назад

Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update

EPSS

Процентиль: 13%
0.00044
Низкий

3.1 Low

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-924
NVD-CWE-Other