19 matches found
SUSE CVE-2026-40195
Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage bucket import logic allows an authenticated user with access to the storage bucket feature to cause the Incus daemon to crash. The vulnerability is present in the backup...
CVE-2026-41647 Incus: Nil-Pointer Dereference via S3 Bucket Import
Incus is a system container and virtual machine manager. Prior to version 7.0.0, a missing error handling could lead an authenticated Incus user to cause a daemon crash through the import of a truncated storage bucket backup file. This issue has been patched in version 7.0.0...
CVE-2026-41647
CVE-2026-41647 affects Incus, a system container and VM manager. The vulnerability is a nil-pointer dereference during S3 bucket backup import in the internal server/storage/s3 path when processing tar entries; if a non-EOF error is returned by tar, hdr can be nil, leading to a crash of the Incus...
CVE-2026-40195
CVE-2026-40195 affects Incus prior to v7.0.0, causing a nil-pointer dereference in the bucket-import path during bucket restoration from a malformed index.yaml. The bug occurs in CreateBucketFromBackup when srcBackup.Config is not validated (the code accesses srcBackup.Config.Bucket and related f...
CVE-2026-40195
Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage bucket import logic allows an authenticated user with access to the storage bucket feature to cause the Incus daemon to crash. The vulnerability is present in the backup...
CVE-2026-40195
Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage bucket import logic allows an authenticated user with access to the storage bucket feature to cause the Incus daemon to crash. The vulnerability is present in the backup...
CVE-2026-40195 Incus nil-pointer dereference in storage bucket import allows denial of service
Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage bucket import logic allows an authenticated user with access to the storage bucket feature to cause the Incus daemon to crash. The vulnerability is present in the backup...
CVE-2026-40195 Incus nil-pointer dereference in storage bucket import allows denial of service
Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage bucket import logic allows an authenticated user with access to the storage bucket feature to cause the Incus daemon to crash. The vulnerability is present in the backup...
Incus 代码问题漏洞
Incus is a system container and virtual machine manager developed by LXC. Versions of Incus prior to 7.0.0 contained code vulnerabilities. These vulnerabilities stemmed from a lack of validation logic in the bucket import process. This allowed authenticated users to use malicious or incorrectly...
GHSA-FWJ8-62R8-8P8M Incus has Nil-Pointer Dereference via S3 Bucket Import
Summary Missing error handling could lead an authenticated Incus user to cause a daemon crash through the import of a truncated storage bucket backup file. Details It was found that TransferManager.UploadAllFiles iterates over tar entries but only checks for io.EOF from tr.Next. When tr.Next...
Incus has Nil-Pointer Dereference via S3 Bucket Import
Summary Missing error handling could lead an authenticated Incus user to cause a daemon crash through the import of a truncated storage bucket backup file. Details It was found that TransferManager.UploadAllFiles iterates over tar entries but only checks for io.EOF from tr.Next. When tr.Next...
GHSA-GC7J-G665-RXR9 Incus has a Nil-Pointer Dereference Panic via Bucket Metadata
Summary Missing validation logic in the storage bucket import logic allows an authenticated user with access to Incus' storage bucket feature to cause the Incus daemon to crash. Repeated use of this issue can be used to keep Incus offline causing a denial of service. Details The storage bucket...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CreateBucketFromBackup process when handling backup metadata during storage bucket import. An attacker can cause the daemon to crash and disrupt service availability by supplying a crafted archive with a...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CreateBucketFromBackup process when handling backup metadata during storage bucket import. An attacker can cause the daemon to crash and disrupt service availability by supplying a crafted archive with a...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CreateBucketFromBackup process when handling backup metadata during storage bucket import. An attacker can cause the daemon to crash and disrupt service availability by supplying a crafted archive with a...
Incus has a Nil-Pointer Dereference Panic via Bucket Metadata
Summary Missing validation logic in the storage bucket import logic allows an authenticated user with access to Incus' storage bucket feature to cause the Incus daemon to crash. Repeated use of this issue can be used to keep Incus offline causing a denial of service. Details The storage bucket...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CreateBucketFromBackup process when handling backup metadata during storage bucket import. An attacker can cause the daemon to crash and disrupt service availability by supplying a crafted archive with a...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CreateBucketFromBackup process when handling backup metadata during storage bucket import. An attacker can cause the daemon to crash and disrupt service availability by supplying a crafted archive with a...
PT-2026-37101
Name of the Vulnerable Software and Affected Versions Incus versions prior to 7.0.0 Description Missing validation logic in the storage bucket import process allows an authenticated user with access to the storage bucket feature to cause the Incus daemon to crash. The issue occurs in the backup...