Nixpkgs security tracker

Untriaged

Permalink CVE-2024-7383

7.4 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): NONE

created 10 months, 3 weeks ago

Libnbd: nbd server improper certificate validation

A flaw was found in libnbd. The client did not always correctly verify the NBD server's certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traffic.

References

RHSA-2024:6757 vendor-advisoryx_refsource_REDHAT
RHSA-2024:6964 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-7383 vdb-entryx_refsource_REDHAT
RHBZ#2302865 issue-trackingx_refsource_REDHAT
https://lists.libguestfs.org/archives/list/guestfs@lists.libguestfs.org/message…
https://lists.libguestfs.org/archives/list/guestfs@lists.libguestfs.org/thread/…

Affected products

libnbd

<1.18.5
<1.20.2
*

virt:rhel

virt:av/libnbd

virt-devel:rhel

virt:rhel/libnbd

Matching in nixpkgs

pkgs.libnbd

Network Block Device client library in userspace

nixos-unstable 1.20.2
- nixpkgs-unstable 1.20.2
- nixos-unstable-small 1.20.2

pkgs.python311Packages.libnbd

Network Block Device client library in userspace

nixos-unstable 1.20.2
- nixpkgs-unstable 1.20.2
- nixos-unstable-small 1.20.2

pkgs.python312Packages.libnbd

Network Block Device client library in userspace

nixos-unstable 1.20.2
- nixpkgs-unstable 1.20.2
- nixos-unstable-small 1.20.2

pkgs.python313Packages.libnbd

Network Block Device client library in userspace

Package maintainers

@akshatagarwl Akshat Agarwal <humancalico@disroot.org>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.libnbd

pkgs.python311Packages.libnbd

pkgs.python312Packages.libnbd

pkgs.python313Packages.libnbd

Package maintainers