Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character.
References
Link | Resource |
---|---|
https://github.com/nicotine-plus/nicotine-plus/issues/1777 | Exploit Issue Tracking Patch Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWYV53KERFH2EC4XI2IVVQFTV75E5XM6/ | |
https://security.gentoo.org/glsa/202210-20 | Third Party Advisory |
Configurations
History
07 Nov 2023, 03:39
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
16 Nov 2022, 19:28
Type | Values Removed | Values Added |
---|---|---|
References | (GENTOO) https://security.gentoo.org/glsa/202210-20 - Third Party Advisory |
31 Oct 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 May 2022, 20:47
Type | Values Removed | Values Added |
---|---|---|
First Time |
Fedoraproject
Fedoraproject fedora |
|
CPE | cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWYV53KERFH2EC4XI2IVVQFTV75E5XM6/ - Mailing List, Third Party Advisory | |
References | (MISC) https://github.com/nicotine-plus/nicotine-plus/issues/1777 - Exploit, Issue Tracking, Patch, Third Party Advisory |
24 Mar 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Mar 2022, 19:22
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/nicotine-plus/nicotine-plus/issues/1777 - Exploit, Third Party Advisory | |
CWE | CWE-116 | |
CPE | cpe:2.3:a:nicotine-plus:nicotine\+:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
First Time |
Nicotine-plus
Nicotine-plus nicotine\+ |
15 Mar 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-15 19:15
Updated : 2023-12-10 14:22
NVD link : CVE-2021-45848
Mitre link : CVE-2021-45848
CVE.ORG link : CVE-2021-45848
JSON object : View
Products Affected
fedoraproject
- fedora
nicotine-plus
- nicotine\+
CWE
CWE-116
Improper Encoding or Escaping of Output