Vulnerability Details CVE-2021-3716
A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability is to system availability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.0%
CVSS Severity
CVSS v3 Score 3.1
CVSS v2 Score 3.5
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1994695
- https://gitlab.com/nbdkit/nbdkit/-/commit/09a13dafb7bb3a38ab52eb5501cba786365ba7fd
- https://gitlab.com/nbdkit/nbdkit/-/commit/6c5faac6a37077cf2366388a80862bb00616d0d8
- https://listman.redhat.com/archives/libguestfs/2021-August/msg00083.html
- https://www.openwall.com/lists/oss-security/2021/08/18/2
- https://bugzilla.redhat.com/show_bug.cgi?id=1994695
- https://gitlab.com/nbdkit/nbdkit/-/commit/09a13dafb7bb3a38ab52eb5501cba786365ba7fd
- https://gitlab.com/nbdkit/nbdkit/-/commit/6c5faac6a37077cf2366388a80862bb00616d0d8
- https://listman.redhat.com/archives/libguestfs/2021-August/msg00083.html
- https://www.openwall.com/lists/oss-security/2021/08/18/2
Products affected by CVE-2021-3716
-
cpe:2.3:a:nbdkit_project:nbdkit:1.11.10
-
cpe:2.3:a:nbdkit_project:nbdkit:1.11.11
-
cpe:2.3:a:nbdkit_project:nbdkit:1.11.12
-
cpe:2.3:a:nbdkit_project:nbdkit:1.11.13
-
cpe:2.3:a:nbdkit_project:nbdkit:1.11.14
-
cpe:2.3:a:nbdkit_project:nbdkit:1.11.15
-
cpe:2.3:a:nbdkit_project:nbdkit:1.11.8
-
cpe:2.3:a:nbdkit_project:nbdkit:1.11.9
-
cpe:2.3:a:nbdkit_project:nbdkit:1.12.0
-
cpe:2.3:a:nbdkit_project:nbdkit:1.12.1
-
cpe:2.3:a:nbdkit_project:nbdkit:1.12.2
-
cpe:2.3:a:nbdkit_project:nbdkit:1.12.3
-
cpe:2.3:a:nbdkit_project:nbdkit:1.12.4
-
cpe:2.3:a:nbdkit_project:nbdkit:1.12.5
-
cpe:2.3:a:nbdkit_project:nbdkit:1.12.6
-
cpe:2.3:a:nbdkit_project:nbdkit:1.12.7
-
cpe:2.3:a:nbdkit_project:nbdkit:1.12.8
-
cpe:2.3:a:nbdkit_project:nbdkit:1.13.0
-
cpe:2.3:a:nbdkit_project:nbdkit:1.13.1
-
cpe:2.3:a:nbdkit_project:nbdkit:1.13.2
-
cpe:2.3:a:nbdkit_project:nbdkit:1.13.3
-
cpe:2.3:a:nbdkit_project:nbdkit:1.13.4
-
cpe:2.3:a:nbdkit_project:nbdkit:1.13.5
-
cpe:2.3:a:nbdkit_project:nbdkit:1.13.6
-
cpe:2.3:a:nbdkit_project:nbdkit:1.13.7
-
cpe:2.3:a:nbdkit_project:nbdkit:1.13.8
-
cpe:2.3:a:nbdkit_project:nbdkit:1.13.9
-
cpe:2.3:a:nbdkit_project:nbdkit:1.14.0
-
cpe:2.3:a:nbdkit_project:nbdkit:1.14.1
-
cpe:2.3:a:nbdkit_project:nbdkit:1.14.2
-
cpe:2.3:a:nbdkit_project:nbdkit:1.15.1
-
cpe:2.3:a:nbdkit_project:nbdkit:1.15.2
-
cpe:2.3:a:nbdkit_project:nbdkit:1.15.3
-
cpe:2.3:a:nbdkit_project:nbdkit:1.15.4
-
cpe:2.3:a:nbdkit_project:nbdkit:1.15.5
-
cpe:2.3:a:nbdkit_project:nbdkit:1.15.6
-
cpe:2.3:a:nbdkit_project:nbdkit:1.15.7
-
cpe:2.3:a:nbdkit_project:nbdkit:1.15.8
-
cpe:2.3:a:nbdkit_project:nbdkit:1.16.0
-
cpe:2.3:a:nbdkit_project:nbdkit:1.16.1
-
cpe:2.3:a:nbdkit_project:nbdkit:1.16.2
-
cpe:2.3:a:nbdkit_project:nbdkit:1.16.3
-
cpe:2.3:a:nbdkit_project:nbdkit:1.16.4
-
cpe:2.3:a:nbdkit_project:nbdkit:1.16.5
-
cpe:2.3:a:nbdkit_project:nbdkit:1.16.6
-
cpe:2.3:a:nbdkit_project:nbdkit:1.17.1
-
cpe:2.3:a:nbdkit_project:nbdkit:1.17.10
-
cpe:2.3:a:nbdkit_project:nbdkit:1.17.11
-
cpe:2.3:a:nbdkit_project:nbdkit:1.17.2
-
cpe:2.3:a:nbdkit_project:nbdkit:1.17.3
-
cpe:2.3:a:nbdkit_project:nbdkit:1.17.4
-
cpe:2.3:a:nbdkit_project:nbdkit:1.17.5
-
cpe:2.3:a:nbdkit_project:nbdkit:1.17.6
-
cpe:2.3:a:nbdkit_project:nbdkit:1.17.7
-
cpe:2.3:a:nbdkit_project:nbdkit:1.17.8
-
cpe:2.3:a:nbdkit_project:nbdkit:1.17.9
-
cpe:2.3:a:nbdkit_project:nbdkit:1.18.0
-
cpe:2.3:a:nbdkit_project:nbdkit:1.18.1
-
cpe:2.3:a:nbdkit_project:nbdkit:1.18.2
-
cpe:2.3:a:nbdkit_project:nbdkit:1.18.3
-
cpe:2.3:a:nbdkit_project:nbdkit:1.18.4
-
cpe:2.3:a:nbdkit_project:nbdkit:1.18.5
-
cpe:2.3:a:nbdkit_project:nbdkit:1.19.1
-
cpe:2.3:a:nbdkit_project:nbdkit:1.19.10
-
cpe:2.3:a:nbdkit_project:nbdkit:1.19.11
-
cpe:2.3:a:nbdkit_project:nbdkit:1.19.12
-
cpe:2.3:a:nbdkit_project:nbdkit:1.19.2
-
cpe:2.3:a:nbdkit_project:nbdkit:1.19.3
-
cpe:2.3:a:nbdkit_project:nbdkit:1.19.4
-
cpe:2.3:a:nbdkit_project:nbdkit:1.19.5
-
cpe:2.3:a:nbdkit_project:nbdkit:1.19.6
-
cpe:2.3:a:nbdkit_project:nbdkit:1.19.7
-
cpe:2.3:a:nbdkit_project:nbdkit:1.19.8
-
cpe:2.3:a:nbdkit_project:nbdkit:1.19.9
-
cpe:2.3:a:nbdkit_project:nbdkit:1.20.0
-
cpe:2.3:a:nbdkit_project:nbdkit:1.20.1
-
cpe:2.3:a:nbdkit_project:nbdkit:1.20.2
-
cpe:2.3:a:nbdkit_project:nbdkit:1.20.3
-
cpe:2.3:a:nbdkit_project:nbdkit:1.20.4
-
cpe:2.3:a:nbdkit_project:nbdkit:1.20.5
-
cpe:2.3:a:nbdkit_project:nbdkit:1.20.6
-
cpe:2.3:a:nbdkit_project:nbdkit:1.20.7
-
cpe:2.3:a:nbdkit_project:nbdkit:1.21.1
-
cpe:2.3:a:nbdkit_project:nbdkit:1.21.10
-
cpe:2.3:a:nbdkit_project:nbdkit:1.21.11
-
cpe:2.3:a:nbdkit_project:nbdkit:1.21.12
-
cpe:2.3:a:nbdkit_project:nbdkit:1.21.13
-
cpe:2.3:a:nbdkit_project:nbdkit:1.21.14
-
cpe:2.3:a:nbdkit_project:nbdkit:1.21.15
-
cpe:2.3:a:nbdkit_project:nbdkit:1.21.16
-
cpe:2.3:a:nbdkit_project:nbdkit:1.21.17
-
cpe:2.3:a:nbdkit_project:nbdkit:1.21.18
-
cpe:2.3:a:nbdkit_project:nbdkit:1.21.19
-
cpe:2.3:a:nbdkit_project:nbdkit:1.21.2
-
cpe:2.3:a:nbdkit_project:nbdkit:1.21.20
-
cpe:2.3:a:nbdkit_project:nbdkit:1.21.21
-
cpe:2.3:a:nbdkit_project:nbdkit:1.21.22
-
cpe:2.3:a:nbdkit_project:nbdkit:1.21.23
-
cpe:2.3:a:nbdkit_project:nbdkit:1.21.24
-
cpe:2.3:a:nbdkit_project:nbdkit:1.21.25
-
cpe:2.3:a:nbdkit_project:nbdkit:1.21.26
-
cpe:2.3:a:nbdkit_project:nbdkit:1.21.3
-
cpe:2.3:a:nbdkit_project:nbdkit:1.21.4
-
cpe:2.3:a:nbdkit_project:nbdkit:1.21.5
-
cpe:2.3:a:nbdkit_project:nbdkit:1.21.6
-
cpe:2.3:a:nbdkit_project:nbdkit:1.21.7
-
cpe:2.3:a:nbdkit_project:nbdkit:1.21.8
-
cpe:2.3:a:nbdkit_project:nbdkit:1.21.9
-
cpe:2.3:a:nbdkit_project:nbdkit:1.22.0
-
cpe:2.3:a:nbdkit_project:nbdkit:1.22.1
-
cpe:2.3:a:nbdkit_project:nbdkit:1.22.2
-
cpe:2.3:a:nbdkit_project:nbdkit:1.22.3
-
cpe:2.3:a:nbdkit_project:nbdkit:1.22.4
-
cpe:2.3:a:nbdkit_project:nbdkit:1.22.5
-
cpe:2.3:a:nbdkit_project:nbdkit:1.23.1
-
cpe:2.3:a:nbdkit_project:nbdkit:1.23.10
-
cpe:2.3:a:nbdkit_project:nbdkit:1.23.11
-
cpe:2.3:a:nbdkit_project:nbdkit:1.23.12
-
cpe:2.3:a:nbdkit_project:nbdkit:1.23.13
-
cpe:2.3:a:nbdkit_project:nbdkit:1.23.2
-
cpe:2.3:a:nbdkit_project:nbdkit:1.23.3
-
cpe:2.3:a:nbdkit_project:nbdkit:1.23.4
-
cpe:2.3:a:nbdkit_project:nbdkit:1.23.5
-
cpe:2.3:a:nbdkit_project:nbdkit:1.23.6
-
cpe:2.3:a:nbdkit_project:nbdkit:1.23.7
-
cpe:2.3:a:nbdkit_project:nbdkit:1.23.8
-
cpe:2.3:a:nbdkit_project:nbdkit:1.23.9
-
cpe:2.3:a:nbdkit_project:nbdkit:1.24.0
-
cpe:2.3:a:nbdkit_project:nbdkit:1.24.1
-
cpe:2.3:a:nbdkit_project:nbdkit:1.24.2
-
cpe:2.3:a:nbdkit_project:nbdkit:1.24.3
-
cpe:2.3:a:nbdkit_project:nbdkit:1.24.4
-
cpe:2.3:a:nbdkit_project:nbdkit:1.24.5
-
cpe:2.3:a:nbdkit_project:nbdkit:1.25.1
-
cpe:2.3:a:nbdkit_project:nbdkit:1.25.2
-
cpe:2.3:a:nbdkit_project:nbdkit:1.25.3
-
cpe:2.3:a:nbdkit_project:nbdkit:1.25.4
-
cpe:2.3:a:nbdkit_project:nbdkit:1.25.5
-
cpe:2.3:a:nbdkit_project:nbdkit:1.25.6
-
cpe:2.3:a:nbdkit_project:nbdkit:1.25.7
-
cpe:2.3:a:nbdkit_project:nbdkit:1.25.8
-
cpe:2.3:a:nbdkit_project:nbdkit:1.25.9
-
cpe:2.3:a:nbdkit_project:nbdkit:1.26.0
-
cpe:2.3:a:nbdkit_project:nbdkit:1.26.1
-
cpe:2.3:a:nbdkit_project:nbdkit:1.26.2
-
cpe:2.3:a:nbdkit_project:nbdkit:1.26.3
-
cpe:2.3:a:nbdkit_project:nbdkit:1.26.4
-
cpe:2.3:a:nbdkit_project:nbdkit:1.27.1
-
cpe:2.3:a:nbdkit_project:nbdkit:1.27.2
-
cpe:2.3:a:nbdkit_project:nbdkit:1.27.3
-
cpe:2.3:a:nbdkit_project:nbdkit:1.27.4
-
cpe:2.3:a:nbdkit_project:nbdkit:1.27.5
-
cpe:2.3:o:redhat:enterprise_linux:8.0