CVE-2021-45848

HIGH

nicotine+ 3.0.3-3.2.1 - Denial of Service via File Path Null Character

Title source: llm

Description

Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character.

References (3)

Core 3

Core References

Mailing List, Third Party Advisory vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWYV53KERFH2EC4XI2IVVQFTV75E5XM6/

Third Party Advisory vendor-advisory

https://security.gentoo.org/glsa/202210-20

Exploit, Issue Tracking, Patch, Third Party Advisory

https://github.com/nicotine-plus/nicotine-plus/issues/1777

Scores

CVSS v3 7.5

EPSS 0.0034

EPSS Percentile 56.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-116

Status published

Products (3)

fedoraproject/fedora 34

nicotine-plus/nicotine\+ 3.0.3 - 3.2.1

pypi/nicotine-plus 3.0.3 - 3.2.1PyPI

Published Mar 15, 2022

Tracked Since Feb 18, 2026