cbcvebase.
CVE-2019-13126
published 2019-07-29

CVE-2019-13126: An integer overflow in NATS Server before 2.0.2 allows a remote attacker to crash the server by sending a crafted request. If authentication is enabled, then…

PriorityP342high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.74%
74.9th percentile
An integer overflow in NATS Server before 2.0.2 allows a remote attacker to crash the server by sending a crafted request. If authentication is enabled, then the remote attacker must have first authenticated.

Affected

3 ranges
VendorProductVersion rangeFixed in
debiannats-server
github.comnats-io_nats-server_v2>= 0 < 2.2.02.2.0
linuxfoundationnats-server< 2.0.22.0.2

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_debian7.5LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.