CVE-2019-13126 — Integer Overflow or Wraparound in Nats-io Nats-server V2

CWE-190 — Integer Overflow or Wraparound5 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.7%

top 28.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Nats-io Nats-server V2 Linuxfoundation Nats-server Debian Nats-server

Timeline

PublishedJul 29

Latest updateAug 21

Description

An integer overflow in NATS Server before 2.0.2 allows a remote attacker to crash the server by sending a crafted request. If authentication is enabled, then the remote attacker must have first authenticated.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDlinuxfoundation/nats-server< 2.0.2

▶Gogithub.com/nats-io_nats-server_v2< 2.2.0

▶debiandebian/nats-server

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

Integer Overflow or Wraparound in NATS Server in github.com/nats-io/nats-server↗2024-08-21

▶

OSV

Integer Overflow or Wraparound in NATS Server↗2021-05-18

▶

GHSA

Integer Overflow or Wraparound in NATS Server↗2021-05-18

▶

📋Vendor Advisories

Debian

CVE-2019-13126: nats-server - An integer overflow in NATS Server before 2.0.2 allows a remote attacker to cras...↗2019

▶