CVE-2021-45848

Published: Mar 15, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character.

Affected (2)

Products: Nicotine Plus: Nicotine+ · Fedoraproject: Fedora

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Nicotine Plus Nicotine+	From 3.0.3 to 3.2.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 34

Related CWEs

CWE-116

Improper Encoding or Escaping of Output

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

References (6)

https://github.com/nicotine-plus/nicotine-plus/issues/1777

Source: cve@mitre.org

ExploitIssue TrackingPatchThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWYV53KERFH2EC4XI2IVVQFTV75E5XM6/

Source: cve@mitre.org

https://security.gentoo.org/glsa/202210-20

Source: cve@mitre.org

Third Party Advisory

https://github.com/nicotine-plus/nicotine-plus/issues/1777

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWYV53KERFH2EC4XI2IVVQFTV75E5XM6/

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/202210-20

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.