Description
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the first return value of a function is dereferenced even when the function returns an error. This can result in a nil dereference, and cause code to panic. This vulnerability is fixed in 2.1.0.
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_confirm
https://github.com/dragonflyoss/dragonfly/security/advisories/GHSA-4mhv-8rh3-4ghw
Scores
CVSS v3
5.3
EPSS
0.0006
EPSS Percentile
18.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-476
Status
published
Products (3)
dragonfly/v2
0 - 2.1.0Go
dragonflyoss/dragonfly
0 - 2.1.0Go
linuxfoundation/dragonfly
< 2.1.0
Published
Sep 17, 2025
Tracked Since
Feb 18, 2026