-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability is due to IP addresses being encoded in the wrong byte order. The provided commit b1f901b05510bed05c232c5049f68d1511b56a19 addresses this by introducing a KeyByteOrder field in the Set struct and modifying the AddSet function in set.go to use this new field. The AddSet function is responsible for adding elements to an nftables set. Before the patch, this function did not have a mechanism to specify or handle the byte order of the keys, which, when the keys were IP addresses, would lead to them being encoded incorrectly. The modification to AddSet to consider KeyByteOrder is the fix. Therefore, the AddSet function, in its state before this patch, was the function that processed the IP addresses with the incorrect byte order, making it the vulnerable function.
GoGo| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/google/nftables | go | >= 0.1.0, < 0.2.0 | 0.2.0 |
Ongoing coverage of React2Shell