A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBDOPTSTRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability is to system availability.
{ "vanir_signatures": [ { "digest": { "line_hashes": [ "17736055569549823576078601167558441071", "252569956524523289579052347941166243611", "297470718666234456831894338929195417055" ], "threshold": 0.9 }, "deprecated": false, "signature_version": "v1", "signature_type": "Line", "id": "CVE-2021-3716-07c259cd", "source": "https://gitlab.com/nbdkit/nbdkit@09a13dafb7bb3a38ab52eb5501cba786365ba7fd", "target": { "file": "server/protocol-handshake-newstyle.c" } }, { "digest": { "function_hash": "278656485481587851966178619826305884851", "length": 9714.0 }, "deprecated": false, "signature_version": "v1", "signature_type": "Function", "id": "CVE-2021-3716-72881b3f", "source": "https://gitlab.com/nbdkit/nbdkit@09a13dafb7bb3a38ab52eb5501cba786365ba7fd", "target": { "function": "negotiate_handshake_newstyle_options", "file": "server/protocol-handshake-newstyle.c" } } ] }