| Bug ID | 1227376 |
|---|---|
| Summary | VUL-0: CVE-2024-6284: tailscale: google/nftables: incorrect IP address encoded bytes may lead to unwanted behavior |
| Classification | openSUSE |
| Product | openSUSE Tumbleweed |
| Version | Current |
| Hardware | Other |
| URL | https://smash.suse.de/issue/412835/ |
| OS | Other |
| Status | NEW |
| Severity | Normal |
| Priority | P5 - None |
| Component | Security |
| Assignee | alexandre.vicenzi@suse.com |
| Reporter | thomas.leroy@suse.com |
| QA Contact | security-team@suse.de |
| CC | security-team@suse.de, smash_bz@suse.de, thomas.leroy@suse.com |
| Blocks | 1227375 |
| Target Milestone | --- |
| Found By | Security Response Team |
| Blocker | --- |
+++ This bug was initially created as a clone of Bug #1227375 +++ In https://github.com/google/nftables IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which does not work as intended (might block or not block the desired addresses). This issue affects: https://pkg.go.dev/github.com/google/nftables@v0.1.0 The bug was fixed in the next released version: https://pkg.go.dev/github.com/google/nftables@v0.2.0 References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-6284 https://www.cve.org/CVERecord?id=CVE-2024-6284 https://bugs.launchpad.net/ubuntu/+source/crowdsec-firewall-bouncer/+bug/2069596 https://github.com/crowdsecurity/cs-firewall-bouncer/issues/368 https://github.com/google/nftables/issues/225 https://bugzilla.redhat.com/show_bug.cgi?id=2295699