Denial Of Service (DoS)

2023-01-1718:59:50

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

nautilus

vulnerability

get_basename

function

software

dos

null pointer

zip archive

0.001 Low

EPSS

Percentile

27.2%

JSON

nautilus is vulnerable to Denial Of Service (DoS). The vulnerability exists due to the null pointer dereference in the get_basename of the library, allowing an attacker to cause an application crash through the pasted ZIP archive.

CPENameOperatorVersion
nautilus:focaleq1:3.36.3-0ubuntu1
nautilus:focaleq1:3.36.1.1-1ubuntu2
nautilus:bioniceq1:3.26.4-0~ubuntu18.04.5
nautilus:bioniceq1:3.26.3-0ubuntu4
nautilus:develeq1:3.38.2-1ubuntu1
nautilus:develeq1:40.2-1ubuntu1
nautilus:develeq1:3.38.1-1ubuntu1
nautilus:develeq1:3.37.90-1ubuntu1
nautilus:sideq3.38.1-1
nautilus:focaleq1:3.36.3-0ubuntu1

Name	Operator	Version
nautilus:focal	eq	1:3.36.3-0ubuntu1
nautilus:focal	eq	1:3.36.1.1-1ubuntu2
nautilus:bionic	eq	1:3.26.4-0~ubuntu18.04.5
nautilus:bionic	eq	1:3.26.3-0ubuntu4
nautilus:devel	eq	1:3.38.2-1ubuntu1
nautilus:devel	eq	1:40.2-1ubuntu1
nautilus:devel	eq	1:3.38.1-1ubuntu1
nautilus:devel	eq	1:3.37.90-1ubuntu1
nautilus:sid	eq	3.38.1-1
nautilus:focal	eq	1:3.36.3-0ubuntu1