9663 matches found
GHSA-98VH-X9CX-9CFP Incus is affected by unbounded binary import disk exhaustion
Summary Uploads of large amount of data by authenticated users can run the Incus server out of disk space, potentially taking down the host system. The impact here is limited for anyone using storage.imagesvolume and storage.backupsvolume as those users will have large uploads be stored on those...
Incus is affected by unbounded binary import disk exhaustion
Summary Uploads of large amount of data by authenticated users can run the Incus server out of disk space, potentially taking down the host system. The impact here is limited for anyone using storage.imagesvolume and storage.backupsvolume as those users will have large uploads be stored on those...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the restore process when handling a crafted backup archive containing a valid backup/index.yaml and a malformed legacy backup.yaml file that omits the container section. An attacker can cause the daemon to...
GHSA-X5R6-JR56-89PV Incus has Nil Dereferences on Restore via Malformed YAML
Summary Details It was found that backup.GetInfo trusts the inline backup/index.yaml config when present and only falls back to parsing the legacy backup/container/backup.yaml file if result.Config == nil. As a result, an archive can carry a valid inline config that passes the initial import...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the restore process when handling a crafted backup archive containing a valid backup/index.yaml and a malformed legacy backup.yaml file that omits the container section. An attacker can cause the daemon to...
CVE-2026-5656
A flaw was found in Wireshark. A path traversal can occur when a malformed configuration profile is imported, resulting in a denial of service or potentially in code execution. Mitigation To mitigate this flaw, do not import configuration profiles from untrusted or unverified sources...
Incus has Nil-Pointer Dereference via S3 Bucket Import
Summary Missing error handling could lead an authenticated Incus user to cause a daemon crash through the import of a truncated storage bucket backup file. Details It was found that TransferManager.UploadAllFiles iterates over tar entries but only checks for io.EOF from tr.Next. When tr.Next...
GHSA-FWJ8-62R8-8P8M Incus has Nil-Pointer Dereference via S3 Bucket Import
Summary Missing error handling could lead an authenticated Incus user to cause a daemon crash through the import of a truncated storage bucket backup file. Details It was found that TransferManager.UploadAllFiles iterates over tar entries but only checks for io.EOF from tr.Next. When tr.Next...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CreateCustomVolumeFromBackup process. An attacker can cause the daemon to crash by importing a crafted backup archive containing a null entry in the volumesnapshots array, which leads to a nil-pointer...
Incus has a Nil-Pointer Dereference via Custom Volume Import
Summary Missing validation logic in the storage volume import logic allows an authenticated user with access to Incus' storage volume feature to cause the Incus daemon to crash. Repeated use of this issue can be used to keep Incus offline causing a denial of service. Details The custom volume...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CreateCustomVolumeFromBackup process. An attacker can cause the daemon to crash by importing a crafted backup archive containing a null entry in the volumesnapshots array, which leads to a nil-pointer...
GHSA-R7W7-MMXR-47R9 Incus has a Nil-Pointer Dereference via Custom Volume Import
Summary Missing validation logic in the storage volume import logic allows an authenticated user with access to Incus' storage volume feature to cause the Incus daemon to crash. Repeated use of this issue can be used to keep Incus offline causing a denial of service. Details The custom volume...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CreateBucketFromBackup process when handling backup metadata during storage bucket import. An attacker can cause the daemon to crash and disrupt service availability by supplying a crafted archive with a...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CreateBucketFromBackup process when handling backup metadata during storage bucket import. An attacker can cause the daemon to crash and disrupt service availability by supplying a crafted archive with a...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CreateBucketFromBackup process when handling backup metadata during storage bucket import. An attacker can cause the daemon to crash and disrupt service availability by supplying a crafted archive with a...
GHSA-GC7J-G665-RXR9 Incus has a Nil-Pointer Dereference Panic via Bucket Metadata
Summary Missing validation logic in the storage bucket import logic allows an authenticated user with access to Incus' storage bucket feature to cause the Incus daemon to crash. Repeated use of this issue can be used to keep Incus offline causing a denial of service. Details The storage bucket...
Incus has a Nil-Pointer Dereference Panic via Bucket Metadata
Summary Missing validation logic in the storage bucket import logic allows an authenticated user with access to Incus' storage bucket feature to cause the Incus daemon to crash. Repeated use of this issue can be used to keep Incus offline causing a denial of service. Details The storage bucket...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CreateBucketFromBackup process when handling backup metadata during storage bucket import. An attacker can cause the daemon to crash and disrupt service availability by supplying a crafted archive with a...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CreateBucketFromBackup process when handling backup metadata during storage bucket import. An attacker can cause the daemon to crash and disrupt service availability by supplying a crafted archive with a...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the imgPostURLInfo function. An attacker can cause the server to initiate outbound HTTP HEAD requests to arbitrary endpoints by supplying a crafted URL during the image import preflight stage. This c...