DescriptionA flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability is to system availability.
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
|National Vulnerability Database||SUSE|
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE Leap 15.4|| ||Patchnames: |
openSUSE Leap 15.4 GA nbdkit-1.29.4-150400.1.4
|openSUSE Tumbleweed|| ||Patchnames: |
openSUSE Tumbleweed GA nbdkit-1.27.8-1.2
SUSE Timeline for this CVECVE page created: Fri Aug 20 12:15:11 2021
CVE page last modified: Wed Oct 26 22:56:49 2022