CVE-2024-21664

Technical details about CVE-2024-21664 are not publicly available in the provided connected documents. Monitor for updates; remediation in the initial description indicates patches in versions 2.0.19 and 1.2.28.

CVE-2024-21664 Parsing JSON serialized payload without protected field can lead to segfault

jwx is a Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. Calling jws.Parse with a JSON serialized payload where the signature field is present while protected is absent can lead to a nil pointer dereference. The vulnerability can be used to crash/DOS ...

GHSA-PVCR-V8J8-J5Q3 Parsing JSON serialized payload without protected field can lead to segfault

Summary Calling jws.Parse with a JSON serialized payload where the signature field is present while protected is absent can lead to a nil pointer dereference. Details This seems to also affect other functions that calls Parse internally, like jws.Verify. My understanding of these functions from t...

Parsing JSON serialized payload without protected field can lead to segfault

Summary Calling jws.Parse with a JSON serialized payload where the signature field is present while protected is absent can lead to a nil pointer dereference. Details This seems to also affect other functions that calls Parse internally, like jws.Verify. My understanding of these functions from t...

PT-2024-19006 · Jwx · Jwx

Name of the Vulnerable Software and Affected Versions: jwx versions prior to 1.2.28 jwx versions prior to 2.0.19 Description: The issue arises when calling jws.Parse with a JSON serialized payload where the signature field is present while protected is absent, leading to a nil pointer dereference...

CVE-2023-46239

quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference leading to a panic when the node...

CVE-2023-46239

quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference leading to a panic when the node...

UBUNTU-CVE-2023-46239

quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference leading to a panic when the node...

CVE-2023-46239

Summary: CVE-2023-46239 affects quic-go (Go implementation of QUIC). From 0.37.0 up to, but not including, 0.37.3, an attacker could trigger a nil pointer dereference by serializing an ACK frame after cryptographic processing that completes the handshake, causing the node to panic when dropping t...

GHSA-3Q6M-V84F-6P9H quic-go vulnerable to pointer dereference that can lead to panic

quic-go is an implementation of the QUIC transport protocol in Go. By serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference leading to a panic when the node attempted to drop the Handshake packet number space...

PT-2023-29922 · Quic-Go · Quic-Go

Name of the Vulnerable Software and Affected Versions: quic-go versions 0.37.0 through 0.37.2 Description: The issue arises from serializing an ACK frame after the CRYPTO frame, allowing a node to complete the handshake. This can trigger a nil pointer dereference when the node attempts to drop th...

SUSE CVE-2020-29652

A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers...

Duplicate Advisory: ecnepsnai/web vulnerable to Uncontrolled Resource Consumption

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5gjg-jgh4-gppm. This link is maintained to preserve external references. Original Description Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if t...

CVE-2021-4236

Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not...

CVE-2021-4236

Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not...

CVE-2021-4236 Panic or authentication bypass in github.com/ecnepsnai/web

Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not...

CVE-2021-4236

CVE-2021-4236 affects github.com/ecnepsnai/web. WebSockets with an AuthenticateMethod hook do not execute any AuthenticateMethod, enabling a nil pointer dereference if UserData is assumed non-nil or allowing authentication bypass. Non-WebSocket request handlers are not vulnerable. No remediation/...

ecnepsnai web 代码问题漏洞

Web is a Golang HTTP server by Ian Spence, a personal developer. It is used for complex web applications. A security vulnerability exists in ecnepsnai web, which stems from Web Sockets not executing any AuthenticateMethod method that may be set to cause the nil pointer to be dereferenced if the...

GHSA-MQQV-CHPX-VQ25 goxmldsig vulnerable to crash on nil-pointer dereference caused by sending malformed XML signatures

This affects all versions of package github.com/russellhaering/goxmldsig prior to 1.1.1. There is a crash on nil-pointer dereference caused by sending malformed XML signatures. This issue is patched in version 1.1.1...

CVE-2022-31077 Malicious response from KubeEdge can crash CSI Driver controller server

KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message response from KubeEdge can crash the CSI Driver controller server by triggering a nil-pointer dereference panic. As a...