Lucene search
Veracode Vulnerability DatabaseVERACODE:34706HistoryMar 16, 2022 - 3:52 a.m.
Denial Of Service (DoS)
2022-03-1603:52:35
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
17
denial of service
shares.py
file path
application crash
file download vulnerability
EPSS
0.002
Percentile
54.0%
nicotine-plus is vulnerable to denial of service. The file_is_shared function of shares.py does not properly handle invalid file paths in the file download requests, allowing an attacker to crash the application by providing null characters to the file path.
References
github.com/advisories/GHSA-p4v2-r99v-wjc2
github.com/nicotine-plus/nicotine-plus/commit/0e3e2fac27a518f0a84330f1ddf1193424522045
github.com/nicotine-plus/nicotine-plus/issues/1777
lists.fedoraproject.org/archives/list/[email protected]/message/HWYV53KERFH2EC4XI2IVVQFTV75E5XM6/
security.gentoo.org/glsa/202210-20
Related
fedora
fedora
[SECURITY] Fedora 34 Update: nicotine+-3.2.1-1.fc34
2022-03-24 14:53:09
nessus
nessus
GLSA-202210-20 : Nicotine+: Denial of Service
2022-11-03 00:00:00
github
github
Nicotine+ DoS on Null Character in Download Request
2022-03-16 00:00:38
osv
osv
Nicotine+ DoS on Null Character in Download Request
2022-03-16 00:00:38
CVE-2021-45848
2022-03-15 19:15:07
freebsd
freebsd
py-nicotine-plus -- Denial of service vulnerability
2022-03-16 00:00:00
cve
cve
CVE-2021-45848
2022-03-15 19:15:07
openvas
openvas
Fedora: Security Advisory for nicotine+ (FEDORA-2022-066232000e)
2022-03-25 00:00:00
nvd
nvd
CVE-2021-45848
2022-03-15 19:15:07
cvelist
cvelist
CVE-2021-45848
2022-03-15 00:00:00
gentoo
gentoo
Nicotine+: Denial of Service
2022-10-31 00:00:00
prion
prion
Design/Logic Flaw
2022-03-15 19:15:00