Home > Vulnerability Database > CVE-2024-6284

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2024-6284

Good to know:

Date: July 3, 2024

In https://github.com/google/nftables IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which does not work as intended (might block or not block the desired addresses). This issue affects: https://pkg.go.dev/github.com/google/nftables@v0.1.0 The bug was fixed in the next released version: https://pkg.go.dev/github.com/google/nftables@v0.2.0

Language: Go

Severity Score

7.3

Related Resources (9)

Url: https://github.com/google/nftables/commit/b1f901b05510bed05c232c5049f68d1511b56a19

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-6284

Url: https://github.com/google/nftables

Url: https://security-tracker.debian.org/tracker/CVE-2024-6284

Url: https://github.com/google/nftables/issues/225

Url: https://github.com/advisories/GHSA-qjvf-8748-9w7h

Url: https://github.com/crowdsecurity/cs-firewall-bouncer/issues/368

Url: https://bugs.launchpad.net/ubuntu/+source/crowdsec-firewall-bouncer/+bug/2069596

Url: https://www.mend.io/vulnerability-database/CVE-2024-6284

Severity Score

7.3

Weakness Type (CWE)

Improper Input Validation

CWE-20

Improper Validation of Syntactic Correctness of Input

CWE-1286

Incorrect Parsing of Numbers with Different Radices

CWE-1389

Top Fix

Upgrade Version

Upgrade to version github.com/google/nftables - v0.2.0

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Do you need more information?

Contact Us