CVE-2021-3716 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-3716 PUBLISHED

Reported by redhat · Published March 2, 2022

A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability is to system availability.

Affected Products

Vendor	Product	Versions
n/a	nbdkit	Affects nbdkit v1.12 through v1.26.4 \| Fixedin nbdkit v1.26.5
n/a	nbdkit	Affects nbdkit v1.12 through v1.26.4 \| Fixedin nbdkit v1.26.5

Timeline

Mar 2, 2022 CVE Published
Mar 3, 2022 EPSS Score
Apr 23, 2022 EPSS Score
Jun 13, 2022 EPSS Score
Aug 4, 2022 EPSS Score
Sep 24, 2022 EPSS Score
Nov 14, 2022 EPSS Score
Jan 4, 2023 EPSS Score
Feb 24, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 17, 2023 EPSS Score
Jun 7, 2023 EPSS Score

References

x_refsource_MISC
x_refsource_MISC
x_refsource_MISC
x_refsource_MISC
x_refsource_MISC

Open in Interactive Console →