Integer Overflow or Wraparound in NATS Server · CVE-2019-13126 · GitHub Advisory Database · GitHub

Integer Overflow or Wraparound in NATS Server

High severity GitHub Reviewed Published May 18, 2021 to the GitHub Advisory Database • Updated Sep 29, 2023

Package

github.com/nats-io/nats-server/v2 (Go)

Affected versions

< 2.2.0

Patched versions

2.2.0

Description

An integer overflow in NATS Server before 2.2.0 allows a remote attacker to crash the server by sending a crafted request.

Specific Go Packages Affected

github.com/nats-io/nats-server/v2/server

References

Published by the National Vulnerability Database

Jul 29, 2019

Reviewed May 17, 2021

Published to the GitHub Advisory Database May 18, 2021

Last updated Sep 29, 2023

Severity

High

7.5

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H