User Impersonation

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to User Impersonation through the processServiceImport request-info header handling in leafnode...

NATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The nats-server allows hub/spoke topologies using "leafnode" connections by other nats-servers. NATS messages can have headers. Problem...

GHSA-55H8-8G96-X4HJ NATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The nats-server allows hub/spoke topologies using "leafnode" connections by other nats-servers. NATS messages can have headers. Problem...

Improper Handling of Unexpected Data Type

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Handling of Unexpected Data Type through the leafnode connection handling in...

GHSA-VPRV-35VV-Q339 NATS has pre-auth server panic via leafnode handling

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The nats-server allows hub/spoke topologies using "leafnode" connections by other nats-servers. Problem Description A client which can conne...

NATS has pre-auth server panic via leafnode handling

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The nats-server allows hub/spoke topologies using "leafnode" connections by other nats-servers. Problem Description A client which can conne...

GHSA-52JH-2XXH-PWH6 NATS Server panic via malicious compression on leafnode port

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. When configured to accept leafnode connections for a hub/spoke topology of multiple nats-servers, then the default configuration allows for...

NATS Server panic via malicious compression on leafnode port

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. When configured to accept leafnode connections for a hub/spoke topology of multiple nats-servers, then the default configuration allows for...

NULL Pointer Dereference

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to NULL Pointer Dereference via the compression process on the leafnode port. An attacker can...

PT-2026-27619

Name of the Vulnerable Software and Affected Versions NATS-Server versions prior to 2.11.15 NATS-Server versions prior to 2.12.6 Description NATS-Server provides a Nats-Request-Info: message header intended for account or user identification, allowing clients to make trust decisions based on...

PT-2026-27612

Name of the Vulnerable Software and Affected Versions NATS-Server versions prior to 2.11.14 NATS-Server versions prior to 2.12.5 Description NATS-Server, a high-performance messaging system, is susceptible to a server panic when configured as a leafnode. This occurs pre-authentication and require...

PT-2026-27615

Name of the Vulnerable Software and Affected Versions NATS-Server versions prior to 2.11.15 NATS-Server versions prior to 2.12.6 Description NATS-Server is a high-performance server for NATS.io, a cloud and edge native messaging system. A client connected to the leafnode port can crash the server...

CVE-2005-1911

The fetchnews NNTP client in leafnode 1.11.2 and earlier can hang while waiting for input that never arrives, which allows remote NNTP servers to cause a denial of service news loss...

EUVD-2005-1913

Malware in sbrugna...

EUVD-2002-1642

Malware in sbrugna...

EUVD-2003-0735

Malware in sbrugna...

EUVD-2004-2060

Malware in sbrugna...

SUSE CVE-2005-1911

The fetchnews NNTP client in leafnode 1.11.2 and earlier can hang while waiting for input that never arrives, which allows remote NNTP servers to cause a denial of service news loss...

Operating System (OS) Detection (NNTP)

NNTP server based Operating System OS detection. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

leafnode Cross-Posted Article Group Name Prefix DoS

According to its version number, the remote Leafnode NNTP server is vulnerable to a denial of service attack. Specifically, it may go into an infinite loop with 100% CPU use when an article that has been crossposted to several groups, one of which is the prefix of another, and when this article i...