324 matches found
SUSE CVE-2025-29785
quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different...
CVE-2025-29785
A flaw was found in quic-go. This vulnerability allows a malicious QUIC client to cause a nil-pointer dereference, leading to an application-level denial of service via specially crafted ACK packets following spoofed path validation probes. Mitigation Mitigation for this issue is either not...
CVE-2025-29785
quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different...
DEBIAN-CVE-2025-29785
quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different...
UBUNTU-CVE-2025-29785
quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different...
CVE-2025-29785
CVE-2025-29785 affects quic-go. The vulnerability stems from the loss recovery logic for path probe packets added in v0.50.0, which can trigger a nil-pointer dereference when a malicious QUIC client sends specific crafted ACKs after starting from multiple remote addresses and allowing path probe ...
CVE-2025-29785 quic-go Has Panic in Path Probe Loss Recovery Handling
quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different...
CVE-2025-29785 quic-go Has Panic in Path Probe Loss Recovery Handling
quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different...
CVE-2025-29785 quic-go Has Panic in Path Probe Loss Recovery Handling
quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different...
PT-2025-23490 · Quic-Go +1 · Quic-Go +1
Name of the Vulnerable Software and Affected Versions: quic-go versions 0.50.0 Description: The loss recovery logic for path probe packets in quic-go can be exploited by a malicious QUIC client to trigger a nil-pointer dereference. This is achieved by sending valid QUIC packets from different...
CVE-2023-46239
quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference leading to a panic when the node...
CVE-2022-31077
KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message response from KubeEdge can crash the CSI Driver controller server by triggering a nil-pointer dereference panic. As a...
CVE-2022-31076
KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server. Since the UDS Server only communicates...
SUSE CVE-2024-37820
A nil pointer dereference in PingCAP TiDB v8.2.0-alpha-216-gfe5858b allows attackers to crash the application via expression.inferCollation...
GO-2024-3284 PingCAP TiDB nil pointer dereference in github.com/pingcap/tidb
PingCAP TiDB nil pointer dereference in github.com/pingcap/tidb. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest an...
GO-2024-3277 Kubernetes Nil pointer dereference in KCM after v1 HPA patch request in k8s.io/kubernetes
Kubernetes Nil pointer dereference in KCM after v1 HPA patch request in k8s.io/kubernetes...
PingCAP TiDB nil pointer dereference
A nil pointer dereference in PingCAP TiDB v8.2.0-alpha-216-gfe5858b allows attackers to crash the application via expression.inferCollation...
GHSA-9G6G-XQV5-8G5W PingCAP TiDB nil pointer dereference
A nil pointer dereference in PingCAP TiDB v8.2.0-alpha-216-gfe5858b allows attackers to crash the application via expression.inferCollation...
CVE-2024-37820
A nil pointer dereference in PingCAP TiDB v8.2.0-alpha-216-gfe5858b allows attackers to crash the application via expression.inferCollation...
CVE-2024-37820
A nil pointer dereference in PingCAP TiDB v8.2.0-alpha-216-gfe5858b allows attackers to crash the application via expression.inferCollation...