VDB
DEBIAN-CVE-2021-3716
DEBIAN-CVE-2021-3716
PUBLISHED
CVSS 3.0999999046325684 LOW
A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability is to system availability.
Risk Scores
CVSS 3.1
3.0999999046325684
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | nbdkit | 0, 0, 0 |
| Debian:14 | nbdkit | 0, 0, 0 |
| Debian:11 | nbdkit | 1.28.3-1, 1.28.3-2, 1.28.4-1 |
| Debian:13 | nbdkit | 0, 0, 0 |
Timeline
- Mar 2, 2022 CVE Published
- Apr 28, 2026 CVE Updated