https://bugzilla.suse.com/show_bug.cgi?id=1227376 Bug ID: 1227376 Summary: VUL-0: CVE-2024-6284: tailscale: google/nftables: incorrect IP address encoded bytes may lead to unwanted behavior Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other URL: https://smash.suse.de/issue/412835/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: alexandre.vicenzi@suse.com Reporter: thomas.leroy@suse.com QA Contact: security-team@suse.de CC: security-team@suse.de, smash_bz@suse.de, thomas.leroy@suse.com Blocks: 1227375 Target Milestone: --- Found By: Security Response Team Blocker: --- +++ This bug was initially created as a clone of Bug #1227375 +++ In https://github.com/google/nftables IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which does not work as intended (might block or not block the desired addresses). This issue affects: https://pkg.go.dev/github.com/google/nftables@v0.1.0 The bug was fixed in the next released version: https://pkg.go.dev/github.com/google/nftables@v0.2.0 References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-6284 https://www.cve.org/CVERecord?id=CVE-2024-6284 https://bugs.launchpad.net/ubuntu/+source/crowdsec-firewall-bouncer/+bug/206... https://github.com/crowdsecurity/cs-firewall-bouncer/issues/368 https://github.com/google/nftables/issues/225 https://bugzilla.redhat.com/show_bug.cgi?id=2295699 -- You are receiving this mail because: You are on the CC list for the bug.