DEBIAN-CVE-2021-3716
- Source
- https://security-tracker.debian.org/tracker/CVE-2021-3716
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2021-3716.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2021-3716
- Upstream
- Published
- 2022-03-02T23:15:09Z
- Modified
- 2025-09-25T23:23:21.984742Z
- Severity
-
- 3.1 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
- Summary
- [none]
- Details
-
A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBDOPTSTRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability is to system availability.
- References
Affected packages
Debian:11 / nbdkit
Package
- Name
- nbdkit
- Purl
- pkg:deb/debian/nbdkit?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.24.1-2
1.26.3-1
1.26.5-1
1.26.6-1
1.26.6-2
1.28.3-1
1.28.3-2
1.28.4-1
1.28.5-1
1.30.0-1
1.30.2-1
1.30.3-1
1.30.4-1
1.30.6-1
1.30.7-1
1.30.8-1
1.30.9-1
1.32.2-1
1.32.2-2
1.32.2-3
1.32.3-1
1.32.4-1
1.32.5-1
1.34.0-1
1.34.1-1
1.34.2-1
1.34.2-2
1.34.2-3
1.34.2-4
1.34.2-5
1.34.2-6
1.34.2-7
1.34.2-8
1.34.2-9
1.34.2-10
1.34.3-1
1.34.4-1
1.36.0-1
1.36.1-1
1.36.2-1
1.36.3-1
1.38.0-1
1.38.1-1
1.38.2-1
1.38.2-2
1.38.3-1
1.40.0-1
1.40.2-1
1.40.2-2
1.40.3-1
1.40.4-1
1.40.4-2
1.40.4-3
1.40.4-4
1.40.4-5
1.40.4-6
1.40.4-7
1.40.4-8
1.40.4-9
1.40.4-10
1.40.4-11
1.40.5-1
1.42.0-1
1.42.1-1
1.42.2-1
1.42.3-1
1.42.4-1
1.42.6-1
Debian:12 / nbdkit
Package
- Name
- nbdkit
- Purl
- pkg:deb/debian/nbdkit?arch=source
Debian:13 / nbdkit
Package
- Name
- nbdkit
- Purl
- pkg:deb/debian/nbdkit?arch=source
Debian:14 / nbdkit
Package
- Name
- nbdkit
- Purl
- pkg:deb/debian/nbdkit?arch=source