Man-in-the-middle (MITM)

2021-08-2202:36:23

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

42.9%

JSON

nbdkit:sid is vulnerable to man-in-the-middle. A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session.

CPENameOperatorVersion
nbdkit:sideq1.22.3-1.1+b1
nbdkiteq1.24.0__4.module_el8.6.0+1087+b42c8331
nbdkiteq1.4.2__4.module+el8.0.0+3273+6bc1ee54
nbdkiteq1.12.5__1.module+el8.1.0+3868+35f94834
nbdkiteq1.16.2__4.module_el8.5.0+746+bbd5d70c
nbdkiteq1.4.2__4.module+el8.0.0.z+3438+2851622e
nbdkiteq1.24.0__3.module+el8.5.0+13900+a08c0464
nbdkiteq1.16.2__2.module+el8.2.0+5664+dd92f997
nbdkiteq1.16.2__4.el8
nbdkiteq1.4.2__5.module_el8.0.0+189+f9babebb

Name	Operator	Version
nbdkit:sid	eq	1.22.3-1.1+b1
nbdkit	eq	1.24.0__4.module_el8.6.0+1087+b42c8331
nbdkit	eq	1.4.2__4.module+el8.0.0+3273+6bc1ee54
nbdkit	eq	1.12.5__1.module+el8.1.0+3868+35f94834
nbdkit	eq	1.16.2__4.module_el8.5.0+746+bbd5d70c
nbdkit	eq	1.4.2__4.module+el8.0.0.z+3438+2851622e
nbdkit	eq	1.24.0__3.module+el8.5.0+13900+a08c0464
nbdkit	eq	1.16.2__2.module+el8.2.0+5664+dd92f997
nbdkit	eq	1.16.2__4.el8
nbdkit	eq	1.4.2__5.module_el8.0.0+189+f9babebb