{"id":"CVE-2021-3716","details":"A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability is to system availability.","modified":"2026-05-18T20:16:41.819565Z","published":"2022-03-02T23:15:09.013Z","related":["ALSA-2022:1759","openSUSE-SU-2024:11078-1"],"database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*","cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*"],"vendor_product":"redhat:enterprise_linux","extracted_events":[{"last_affected":"8.0"},{"last_affected":"8.0"}],"source":"CPE_FIELD"}]},"references":[{"type":"WEB","url":"https://listman.redhat.com/archives/libguestfs/2021-August/msg00083.html"},{"type":"ADVISORY","url":"https://www.openwall.com/lists/oss-security/2021/08/18/2"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1994695"},{"type":"FIX","url":"https://gitlab.com/nbdkit/nbdkit/-/commit/09a13dafb7bb3a38ab52eb5501cba786365ba7fd"},{"type":"FIX","url":"https://gitlab.com/nbdkit/nbdkit/-/commit/6c5faac6a37077cf2366388a80862bb00616d0d8"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.com/nbdkit/nbdkit","events":[{"introduced":"e04c01350cbec0084bdcdca0e35f68724a7ff957"},{"fixed":"6d28ae47be983be20641d10058cd07f8db29ecfc"},{"introduced":"2481e0ae01553e9329fb808ae332f8063bed1ee3"},{"fixed":"c6a62333c8e48dbc0067e8a059df5cb8e3f01f87"},{"introduced":"a6ca20406b4d58af636c4da642ec48d1abf9e787"},{"fixed":"8eea35876b9829a691e596f8c22a1ae57cea6c46"},{"fixed":"09a13dafb7bb3a38ab52eb5501cba786365ba7fd"},{"fixed":"6c5faac6a37077cf2366388a80862bb00616d0d8"}],"database_specific":{"source":["CPE_FIELD","REFERENCES"],"extracted_events":[{"introduced":"1.11.8"},{"fixed":"1.24.6"},{"introduced":"1.25.1"},{"fixed":"1.26.5"},{"introduced":"1.27.1"},{"fixed":"1.27.6"}],"cpe":"cpe:2.3:a:nbdkit_project:nbdkit:*:*:*:*:*:*:*:*"}}],"versions":["v1.27.7","v1.27.6","v1.26.4","v1.26.3","v1.27.5","v1.24.0","v1.27.4","v1.24.5","v1.26.2","v1.27.3","v1.27.2","v1.26.1","v1.27.1","v1.26.0","v1.25.9","v1.24.4","v1.25.8","v1.24.3","v1.25.7","v1.25.6","v1.25.5","v1.24.2","v1.25.4","v1.25.3","v1.24.1","v1.25.2","v1.25.1","v1.23.13","v1.23.12","v1.23.11","v1.23.10","v1.23.9","v1.23.8","v1.23.7","v1.23.6","v1.23.5","v1.23.4","v1.23.3","v1.23.2","v1.23.1","v1.21.26","v1.21.25","v1.21.24","v1.21.23","v1.21.22","v1.21.21","v1.21.20","v1.21.19","v1.21.18","v1.21.17","v1.21.16","v1.21.15","v1.21.14","v1.21.13","v1.21.12","v1.21.11","v1.21.10","v1.21.9","v1.21.8","v1.21.7","v1.21.6","v1.21.5","v1.21.4","v1.21.3","v1.21.2","v1.21.1","v1.20.0","v1.19.12","v1.19.11","v1.19.10","v1.19.9","v1.19.8","v1.19.7","v1.19.6","v1.19.5","v1.19.4","v1.19.3","v1.19.2","v1.19.1","v1.18.0","v1.17.11","v1.17.10","v1.17.9","v1.17.8","v1.17.7","v1.17.6","v1.17.5","v1.17.4","v1.17.3","v1.17.2","v1.16.0","v1.17.1","v1.15.8","v1.15.7","v1.15.6","v1.15.5","v1.15.4","v1.15.3","v1.15.2","v1.15.1","v1.14.0","v1.13.9","v1.13.8","v1.13.7","v1.13.6","v1.13.5","v1.13.4","v1.13.3","v1.13.2","v1.13.1","v1.13.0","v1.12.0","v1.11.15","v1.11.14","v1.11.13","v1.11.12","v1.11.11","v1.11.10","v1.11.9","v1.11.8"],"database_specific":{"vanir_signatures":[{"digest":{"line_hashes":["17736055569549823576078601167558441071","252569956524523289579052347941166243611","297470718666234456831894338929195417055"],"threshold":0.9},"target":{"file":"server/protocol-handshake-newstyle.c"},"signature_version":"v1","id":"CVE-2021-3716-07c259cd","deprecated":false,"source":"https://gitlab.com/nbdkit/nbdkit@09a13dafb7bb3a38ab52eb5501cba786365ba7fd","signature_type":"Line"},{"digest":{"line_hashes":["333482206296967489735886764046295964344","119471980424718382355237920729822312416","354708292059306544598635409003669673","204350468158886587735548122882836647246"],"threshold":0.9},"target":{"file":"server/protocol-handshake-newstyle.c"},"signature_version":"v1","id":"CVE-2021-3716-37e6bdf7","deprecated":false,"source":"https://gitlab.com/nbdkit/nbdkit@6c5faac6a37077cf2366388a80862bb00616d0d8","signature_type":"Line"},{"digest":{"function_hash":"278656485481587851966178619826305884851","length":9714},"target":{"function":"negotiate_handshake_newstyle_options","file":"server/protocol-handshake-newstyle.c"},"signature_version":"v1","id":"CVE-2021-3716-72881b3f","deprecated":false,"source":"https://gitlab.com/nbdkit/nbdkit@09a13dafb7bb3a38ab52eb5501cba786365ba7fd","signature_type":"Function"},{"digest":{"function_hash":"107471052006344028215705987130228423204","length":9751},"target":{"function":"negotiate_handshake_newstyle_options","file":"server/protocol-handshake-newstyle.c"},"signature_version":"v1","id":"CVE-2021-3716-82631061","deprecated":false,"source":"https://gitlab.com/nbdkit/nbdkit@6c5faac6a37077cf2366388a80862bb00616d0d8","signature_type":"Function"}],"vanir_signatures_modified":"2026-05-18T20:16:41Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3716.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"}]}