6.3

CVSS Score

Basic Information

CVE ID

CVE-2024-6284

GHSA ID

GHSA-qjvf-8748-9w7h

EPSS Score

CWE

CWE-20

Published

7/4/2024

Updated

8/8/2024

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-6284

CVE-2024-6284:
github.com/google/nftable IP addresses were encoded in the wrong byte order

In https://github.com/google/nftables IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which does not work as intended (might block or not block the desired addresses).

This issue affects: https://pkg.go.dev/github.com/google/nftables@v0.1.0

The bug was fixed in the next released version: https://pkg.go.dev/github.com/google/nftables@v0.2.0

(GitHub Advisory)

6.3

CVSS Score

Basic Information

CVE ID

CVE-2024-6284

GHSA ID

GHSA-qjvf-8748-9w7h

EPSS Score

CWE

CWE-20

Published

7/4/2024

Updated

8/8/2024

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/google/nftables	go	>= 0.1.0, < 0.2.0	0.2.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability is due to IP addresses being encoded in the wrong byte order. The provided commit b1f901b05510bed05c232c5049f68d1511b56a19 addresses this by introducing a KeyByteOrder field in the Set struct and modifying the AddSet function in set.go to use this new field. The AddSet function is responsible for adding elements to an nftables set. Before the patch, this function did not have a mechanism to specify or handle the byte order of the keys, which, when the keys were IP addresses, would lead to them being encoded incorrectly. The modification to AddSet to consider KeyByteOrder is the fix. Therefore, the AddSet function, in its state before this patch, was the function that processed the IP addresses with the incorrect byte order, making it the vulnerable function.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In *ttps://*it*u*.*om/*oo*l*/n*t**l*s IP ***r*ss*s w*r* *n*o*** in t** wron* *yt* or**r, r*sultin* in *n n*t**l*s *on*i*ur*tion w*i** *o*s not work *s int*n*** (mi**t *lo*k or not *lo*k t** **sir** ***r*ss*s). T*is issu* *****ts: *ttps://pk*.*o.**

Reasoning

T** vuln*r**ility is *u* to IP ***r*ss*s **in* *n*o*** in t** wron* *yt* or**r. T** provi*** *ommit `****************************************` ***r*ss*s t*is *y intro*u*in* * `K*y*yt*Or**r` *i*l* in t** `S*t` stru*t *n* mo*i*yin* t** `***S*t` *un*tio

6.3

Basic Information

Concerned about an active attack path?

CVE-2024-6284: github.com/google/nftable IP addresses were encoded in the wrong byte order

6.3

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2024-6284:
github.com/google/nftable IP addresses were encoded in the wrong byte order

Vulnerability Intelligence
Miggo AI