CVE-2021-45848

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-45848

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-45848.json

Aliases

GHSA-p4v2-r99v-wjc2

Published

2022-03-15T19:15:07Z

Modified

2023-11-29T09:07:11.738230Z

Details

Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character.

References

https://security.gentoo.org/glsa/202210-20
https://github.com/nicotine-plus/nicotine-plus/issues/1777
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWYV53KERFH2EC4XI2IVVQFTV75E5XM6/

Affected packages

Git / github.com/nicotine-plus/nicotine-plus

Affected ranges

Type: GIT
Repo: https://github.com/nicotine-plus/nicotine-plus
Events: Introduced

90c131247861357c59fdcfdd23f7d91ed8321b3d

Fixed

7b48bce1d28da336224144d9bd08e7a8cd255837

Affected versions

3.*

3.0.3

3.0.4

3.0.5

3.0.6

3.1.0

3.1.1

3.2.0