A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBDOPTSTRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability is to system availability.
{ "binaries": [ { "binary_version": "1.1.11-1build1", "binary_name": "nbdkit" }, { "binary_version": "1.1.11-1build1", "binary_name": "nbdkit-plugin-dev" }, { "binary_version": "1.1.11-1build1", "binary_name": "nbdkit-plugin-guestfs" }, { "binary_version": "1.1.11-1build1", "binary_name": "nbdkit-plugin-libvirt" }, { "binary_version": "1.1.11-1build1", "binary_name": "nbdkit-plugin-perl" }, { "binary_version": "1.1.11-1build1", "binary_name": "nbdkit-plugin-python" } ] }
{ "binaries": [ { "binary_version": "1.16.2-1ubuntu3", "binary_name": "nbdkit" }, { "binary_version": "1.16.2-1ubuntu3", "binary_name": "nbdkit-plugin-dev" }, { "binary_version": "1.16.2-1ubuntu3", "binary_name": "nbdkit-plugin-guestfs" }, { "binary_version": "1.16.2-1ubuntu3", "binary_name": "nbdkit-plugin-libvirt" }, { "binary_version": "1.16.2-1ubuntu3", "binary_name": "nbdkit-plugin-lua" }, { "binary_version": "1.16.2-1ubuntu3", "binary_name": "nbdkit-plugin-perl" }, { "binary_version": "1.16.2-1ubuntu3", "binary_name": "nbdkit-plugin-python" }, { "binary_version": "1.16.2-1ubuntu3", "binary_name": "nbdkit-plugin-ruby" }, { "binary_version": "1.16.2-1ubuntu3", "binary_name": "nbdkit-plugin-tcl" } ] }
{ "binaries": [ { "binary_version": "1.24.1-2ubuntu4", "binary_name": "nbdkit" }, { "binary_version": "1.24.1-2ubuntu4", "binary_name": "nbdkit-plugin-dev" }, { "binary_version": "1.24.1-2ubuntu4", "binary_name": "nbdkit-plugin-guestfs" }, { "binary_version": "1.24.1-2ubuntu4", "binary_name": "nbdkit-plugin-libvirt" }, { "binary_version": "1.24.1-2ubuntu4", "binary_name": "nbdkit-plugin-lua" }, { "binary_version": "1.24.1-2ubuntu4", "binary_name": "nbdkit-plugin-perl" }, { "binary_version": "1.24.1-2ubuntu4", "binary_name": "nbdkit-plugin-python" }, { "binary_version": "1.24.1-2ubuntu4", "binary_name": "nbdkit-plugin-ruby" }, { "binary_version": "1.24.1-2ubuntu4", "binary_name": "nbdkit-plugin-tcl" } ] }
{ "binaries": [ { "binary_version": "1.36.3-1ubuntu10", "binary_name": "nbdkit" }, { "binary_version": "1.36.3-1ubuntu10", "binary_name": "nbdkit-plugin-dev" }, { "binary_version": "1.36.3-1ubuntu10", "binary_name": "nbdkit-plugin-guestfs" }, { "binary_version": "1.36.3-1ubuntu10", "binary_name": "nbdkit-plugin-libvirt" }, { "binary_version": "1.36.3-1ubuntu10", "binary_name": "nbdkit-plugin-lua" }, { "binary_version": "1.36.3-1ubuntu10", "binary_name": "nbdkit-plugin-perl" }, { "binary_version": "1.36.3-1ubuntu10", "binary_name": "nbdkit-plugin-python" }, { "binary_version": "1.36.3-1ubuntu10", "binary_name": "nbdkit-plugin-ruby" }, { "binary_version": "1.36.3-1ubuntu10", "binary_name": "nbdkit-plugin-tcl" } ] }
{ "binaries": [ { "binary_version": "1.42.2-1ubuntu1", "binary_name": "nbdkit" }, { "binary_version": "1.42.2-1ubuntu1", "binary_name": "nbdkit-plugin-dev" }, { "binary_version": "1.42.2-1ubuntu1", "binary_name": "nbdkit-plugin-guestfs" }, { "binary_version": "1.42.2-1ubuntu1", "binary_name": "nbdkit-plugin-libvirt" }, { "binary_version": "1.42.2-1ubuntu1", "binary_name": "nbdkit-plugin-lua" }, { "binary_version": "1.42.2-1ubuntu1", "binary_name": "nbdkit-plugin-perl" }, { "binary_version": "1.42.2-1ubuntu1", "binary_name": "nbdkit-plugin-python" }, { "binary_version": "1.42.2-1ubuntu1", "binary_name": "nbdkit-plugin-tcl" }, { "binary_version": "1.42.2-1ubuntu1", "binary_name": "nbdkit-plugin-vddk" } ] }