PT-2019-13141 · Nats · Nats Server
Ariel Zelivansky
+1
·
Published
2019-07-29
·
Updated
2024-08-21
·
CVE-2019-13126
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
NATS Server versions prior to 2.2.0
Description
The issue is caused by an integer overflow that allows a remote attacker to crash the server by sending a crafted request. If authentication is enabled, the attacker must first authenticate. This can be exploited by sending a specifically crafted request to the server.
Recommendations
For versions prior to 2.2.0, update to version 2.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the server to minimize the risk of exploitation.
Fix
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nats Server