CVE-2024-6284
IP addresses were encoded in the wrong byte order in github.com/google/nftables
5.6
MEDIUM
CVSS 3.1
EPSS 0.07%
Description
In https://github.com/google/nftables IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which does not work as intended (might block or not block the desired addresses). This issue affects: https://pkg.go.dev/github.com/google/[email protected] The bug was fixed in the next released version: https://pkg.go.dev/github.com/google/[email protected]
How to fix CVE-2024-6284
To remediate CVE-2024-6284, upgrade the affected package to a fixed version below.
- —upgrade to 0.1.0-4~deb12u1 or later
- —upgrade to 0.2.0 or later
- —upgrade to 0.2.0 or later
Is CVE-2024-6284 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 0.1.0-4~deb12u1
- >= 0.1.0, < 0.2.0
- >= 0.1.0, < 0.2.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
| osv | CVSS 3.1 | MEDIUM5.6 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |