Lucene search
K

332 matches found

OSV
OSV
added 2024/01/09 4:18 p.m.18 views

GHSA-PVCR-V8J8-J5Q3 Parsing JSON serialized payload without protected field can lead to segfault

Summary Calling jws.Parse with a JSON serialized payload where the signature field is present while protected is absent can lead to a nil pointer dereference. Details This seems to also affect other functions that calls Parse internally, like jws.Verify. My understanding of these functions from t...

4.3CVSS7.4AI score0.00864EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/01/09 12:0 a.m.5 views

PT-2024-19006 · Jwx · Jwx

Name of the Vulnerable Software and Affected Versions: jwx versions prior to 1.2.28 jwx versions prior to 2.0.19 Description: The issue arises when calling jws.Parse with a JSON serialized payload where the signature field is present while protected is absent, leading to a nil pointer dereference...

7.5CVSS6.5AI score0.00864EPSS
Exploits1References11
NVD
NVD
added 2023/10/31 4:15 p.m.30 views

CVE-2023-46239

quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference leading to a panic when the node...

7.5CVSS7.4AI score0.00765EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2023/10/31 4:15 p.m.15 views

CVE-2023-46239

quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference leading to a panic when the node...

7.5CVSS7.1AI score0.00765EPSS
Exploits0References3
OSV
OSV
added 2023/10/31 4:15 p.m.3 views

UBUNTU-CVE-2023-46239

quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference leading to a panic when the node...

7.5CVSS5.8AI score0.00765EPSS
Exploits0References4
CVE
CVE
added 2023/10/31 3:2 p.m.95 views

CVE-2023-46239

Summary: CVE-2023-46239 affects quic-go (Go implementation of QUIC). From 0.37.0 up to, but not including, 0.37.3, an attacker could trigger a nil pointer dereference by serializing an ACK frame after cryptographic processing that completes the handshake, causing the node to panic when dropping t...

7.5CVSS7.3AI score0.00765EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/10/30 3:8 p.m.26 views

GHSA-3Q6M-V84F-6P9H quic-go vulnerable to pointer dereference that can lead to panic

quic-go is an implementation of the QUIC transport protocol in Go. By serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference leading to a panic when the node attempted to drop the Handshake packet number space...

7.5CVSS7.3AI score0.00765EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/10/30 12:0 a.m.4 views

PT-2023-29922 · Quic-Go · Quic-Go

Name of the Vulnerable Software and Affected Versions: quic-go versions 0.37.0 through 0.37.2 Description: The issue arises from serializing an ACK frame after the CRYPTO frame, allowing a node to complete the handshake. This can trigger a nil pointer dereference when the node attempts to drop th...

7.5CVSS7.3AI score0.00765EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2023/02/15 3:51 a.m.3 views

SUSE CVE-2020-29652

A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers...

7.5CVSS8.5AI score0.03228EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/12/28 12:30 a.m.24 views

Duplicate Advisory: ecnepsnai/web vulnerable to Uncontrolled Resource Consumption

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5gjg-jgh4-gppm. This link is maintained to preserve external references. Original Description Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if t...

9.8CVSS8.2AI score0.01116EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2022/12/27 10:15 p.m.25 views

CVE-2021-4236

Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not...

9.8CVSS0.01116EPSS
Exploits1References2
OSV
OSV
added 2022/12/27 10:15 p.m.31 views

CVE-2021-4236

Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not...

9.8CVSS9.7AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/12/27 9:13 p.m.4 views

CVE-2021-4236 Panic or authentication bypass in github.com/ecnepsnai/web

Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not...

9.7AI score0.01116EPSS
Exploits1References2
CVE
CVE
added 2022/12/27 9:13 p.m.87 views

CVE-2021-4236

CVE-2021-4236 affects github.com/ecnepsnai/web. WebSockets with an AuthenticateMethod hook do not execute any AuthenticateMethod, enabling a nil pointer dereference if UserData is assumed non-nil or allowing authentication bypass. Non-WebSocket request handlers are not vulnerable. No remediation/...

9.8CVSS9.7AI score0.01116EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2022/12/27 12:0 a.m.3 views

ecnepsnai web 代码问题漏洞

Web is a Golang HTTP server by Ian Spence, a personal developer. It is used for complex web applications. A security vulnerability exists in ecnepsnai web, which stems from Web Sockets not executing any AuthenticateMethod method that may be set to cause the nil pointer to be dereferenced if the...

9.8CVSS8.2AI score0.01116EPSS
Exploits1References3
OSV
OSV
added 2022/10/07 7:17 a.m.20 views

GHSA-MQQV-CHPX-VQ25 goxmldsig vulnerable to crash on nil-pointer dereference caused by sending malformed XML signatures

This affects all versions of package github.com/russellhaering/goxmldsig prior to 1.1.1. There is a crash on nil-pointer dereference caused by sending malformed XML signatures. This issue is patched in version 1.1.1...

7.5CVSS7.2AI score0.01755EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2022/06/27 8:10 p.m.9 views

CVE-2022-31077 Malicious response from KubeEdge can crash CSI Driver controller server

KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message response from KubeEdge can crash the CSI Driver controller server by triggering a nil-pointer dereference panic. As a...

4CVSS4.7AI score0.00761EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/06/27 8:10 p.m.6 views

CVE-2022-31076 Malicious Message can crash CloudCore in KubeEdge

KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server. Since the UDS Server only communicates...

4.2CVSS5.6AI score0.00614EPSS
Exploits1References2
OSV
OSV
added 2022/06/27 8:10 p.m.29 views

CVE-2022-31076 Malicious Message can crash CloudCore in KubeEdge

KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server. Since the UDS Server only communicates...

4.2CVSS5.4AI score0.00614EPSS
Exploits1References4
Veracode
Veracode
added 2022/06/27 6:34 a.m.24 views

Denial Of Service (DoS)

github.com/kubeedge/kubeedge is vulnerable to denial of service. The vulnerability exists in ExtractMessage function because of a message response causing a nil-pointer dereference in CSI Driver controller server which allows an attacker to send malicious messages causing an application crash...

5.7CVSS5.3AI score0.00761EPSS
Exploits0References9Affected Software1
Rows per page
Query Builder