Vulnerability CVE-2021-45848

Vulnerability CVE-2021-45848

Published: 2022-03-15

Description:

Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character.

Type:

CWE-116

(Improper Encoding or Escaping of Output)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
5/10	2.9/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
None	None	Partial

Affected software
Nicotine-plus -> Nicotine\+

References:

https://github.com/nicotine-plus/nicotine-plus/issues/1777

Copyright 2024, cxsecurity.com