2 matches found
CVE-2025-55293 Meshtastic allows crafting of specific NodeInfo packets that overwrite any publicKey saved in the NodeDB
Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then overwrite it with a new key. First sending a empty key bypasses 'if p.publickey.size 0 ', clearing the existing publicKey and resetting the size to 0 for a know...
CVE-2023-35925
FastAsyncWorldEdit FAWE is designed for efficient world editing. This vulnerability enables the attacker to select a region with the Infinity keyword case-sensitive! and executes any operation. This has a possibility of bringing the performing server down. This issue has been fixed in version 2.6...