6 matches found
NATS Server: Pre-auth server crash via double INFO in leafnode handshake
...
NULL Pointer Dereference
Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to NULL Pointer Dereference via the leafnode handshake process. An attacker can cause the serve...
NULL Pointer Dereference
Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to NULL Pointer Dereference via the leafnode handshake process. An attacker can cause the server t...
CVE-2026-58250
CVE-2026-58250 affects NATS Server: an unauthenticated peer with access to a leafnode listener with compression enabled could crash the server during the pre-authentication leafnode handshake by sending repeated leafnode INFO messages. The issue is fixed in versions 2.12.8 and 2.11.17 . Exploitat...
CVE-2026-58250 NATS Server: Pre-auth server crash via double INFO in leafnode handshake
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.12.8 and 2.11.17, an unauthenticated peer with network access to a leafnode listener with compression enabled could crash the server during the pre-authentication leafnode handshake by...
PT-2026-56563
Name of the Vulnerable Software and Affected Versions NATS Server versions prior to 2.12.8 NATS Server versions prior to 2.11.17 Description An unauthenticated peer with network access to a leafnode listener with compression enabled can cause the server to crash. This occurs during the...