315 matches found
CVE-2026-40195 Incus nil-pointer dereference in storage bucket import allows denial of service
Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage bucket import logic allows an authenticated user with access to the storage bucket feature to cause the Incus daemon to crash. The vulnerability is present in the backup...
GoBGP has a panic in AdjRib.Update via malformed BGP Update message (Nil Pointer Dereference)
Summary Remote Denial of Service DoS via Nil Pointer Dereference in BGP Update Processing An unauthenticated remote BGP peer can trigger a fatal panic in GoBGP by sending a specially crafted BGP UPDATE message. When the server receives a message with inconsistent attribute lengths, it improperly...
GHSA-P3W2-64XM-833J GoBGP has a panic in AdjRib.Update via malformed BGP Update message (Nil Pointer Dereference)
Summary Remote Denial of Service DoS via Nil Pointer Dereference in BGP Update Processing An unauthenticated remote BGP peer can trigger a fatal panic in GoBGP by sending a specially crafted BGP UPDATE message. When the server receives a message with inconsistent attribute lengths, it improperly...
PT-2026-37259
Name of the Vulnerable Software and Affected Versions GoBGP versions prior to 4.5.0 Description An unauthenticated remote BGP peer can cause a fatal panic and complete loss of service availability by sending a specially crafted BGP UPDATE message. When the server receives a message with...
GHSA-P4GQ-3VXJ-F4JQ Argo Affected by SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go)
Summary A nil pointer dereference in server/auth/gatekeeper.go rbacAuthorization causes a panic denial of service for SSO users whose claims match a namespace-level RBAC rule but not an SSO-namespace rule, when SSODELEGATERBACTONAMESPACE=true. Details When getServiceAccountclaims, ssoNamespace...
Argo Affected by SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go)
Summary A nil pointer dereference in server/auth/gatekeeper.go rbacAuthorization causes a panic denial of service for SSO users whose claims match a namespace-level RBAC rule but not an SSO-namespace rule, when SSODELEGATERBACTONAMESPACE=true. Details When getServiceAccountclaims, ssoNamespace...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the restore process when handling a crafted backup archive containing a valid backup/index.yaml and a malformed legacy backup.yaml file that omits the container section. An attacker can cause the daemon to...
Incus has Nil-Pointer Dereference via S3 Bucket Import
Summary Missing error handling could lead an authenticated Incus user to cause a daemon crash through the import of a truncated storage bucket backup file. Details It was found that TransferManager.UploadAllFiles iterates over tar entries but only checks for io.EOF from tr.Next. When tr.Next...
GHSA-FWJ8-62R8-8P8M Incus has Nil-Pointer Dereference via S3 Bucket Import
Summary Missing error handling could lead an authenticated Incus user to cause a daemon crash through the import of a truncated storage bucket backup file. Details It was found that TransferManager.UploadAllFiles iterates over tar entries but only checks for io.EOF from tr.Next. When tr.Next...
Incus has a Nil-Pointer Dereference via Custom Volume Import
Summary Missing validation logic in the storage volume import logic allows an authenticated user with access to Incus' storage volume feature to cause the Incus daemon to crash. Repeated use of this issue can be used to keep Incus offline causing a denial of service. Details The custom volume...
GHSA-R7W7-MMXR-47R9 Incus has a Nil-Pointer Dereference via Custom Volume Import
Summary Missing validation logic in the storage volume import logic allows an authenticated user with access to Incus' storage volume feature to cause the Incus daemon to crash. Repeated use of this issue can be used to keep Incus offline causing a denial of service. Details The custom volume...
GHSA-GC7J-G665-RXR9 Incus has a Nil-Pointer Dereference Panic via Bucket Metadata
Summary Missing validation logic in the storage bucket import logic allows an authenticated user with access to Incus' storage bucket feature to cause the Incus daemon to crash. Repeated use of this issue can be used to keep Incus offline causing a denial of service. Details The storage bucket...
Incus has a Nil-Pointer Dereference Panic via Bucket Metadata
Summary Missing validation logic in the storage bucket import logic allows an authenticated user with access to Incus' storage bucket feature to cause the Incus daemon to crash. Repeated use of this issue can be used to keep Incus offline causing a denial of service. Details The storage bucket...
PT-2026-37171
Name of the Vulnerable Software and Affected Versions Argo Workflows versions 4.0.0 through 4.0.4 Description A nil pointer dereference in the rbacAuthorization function within server/auth/gatekeeper.go can lead to a denial of service for SSO users. This occurs when SSO DELEGATE RBAC TO NAMESPACE...
PT-2026-37101
Name of the Vulnerable Software and Affected Versions Incus versions prior to 7.0.0 Description Missing validation logic in the storage bucket import process allows an authenticated user with access to the storage bucket feature to cause the Incus daemon to crash. The issue occurs in the backup...
PT-2026-37137
Name of the Vulnerable Software and Affected Versions Incus versions prior to 7.0.0 Description Missing error handling in the TransferManager.UploadAllFiles function allows an authenticated user to cause a daemon crash. The issue occurs during the import of a truncated or corrupted storage bucket...
GoBGP has Remote Denial of Service (Panic) via Malformed Well-known Path Attribute
Summary A remote Denial of Service DoS vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as "Well-known," the daemon fails to interrupt the message handling flow. This results in an illegal memory...
GHSA-7235-89M6-F4PX GoBGP has Remote Denial of Service (Panic) via Malformed Well-known Path Attribute
Summary A remote Denial of Service DoS vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as "Well-known," the daemon fails to interrupt the message handling flow. This results in an illegal memory...
golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS
A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSHAGENTSUCCESS 0x06 message to requests expecting typed replies e.g., List, Sign. The unmarshal layer produces an unexpected message type, which the client code does not handle,...
PT-2026-37135
Name of the Vulnerable Software and Affected Versions GoBGP versions prior to 4.4.0 Description A remote Denial of Service DoS issue exists due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as "Well-known," the daemon fails to...