VDB

CVE-2021-3716

CVE-2021-3716 PUBLISHED

Reported by redhat · Published March 2, 2022

A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability is to system availability.

Affected Products

VendorProductVersions
n/anbdkitAffects nbdkit v1.12 through v1.26.4 | Fixedin nbdkit v1.26.5
n/anbdkitAffects nbdkit v1.12 through v1.26.4 | Fixedin nbdkit v1.26.5

Timeline

  • Mar 2, 2022 CVE Published
  • Mar 3, 2022 EPSS Score
  • Apr 24, 2022 EPSS Score
  • Jun 14, 2022 EPSS Score
  • Aug 6, 2022 EPSS Score
  • Sep 27, 2022 EPSS Score
  • Nov 17, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score
  • Mar 1, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 21, 2023 EPSS Score
  • Jun 12, 2023 EPSS Score

References

  • x_refsource_MISC
  • x_refsource_MISC
  • x_refsource_MISC
  • x_refsource_MISC
  • x_refsource_MISC
Open in Interactive Console →
$ Console Community · 100/wk Open console ›