CVE-2021-45848

Name of the Vulnerable Software and Affected Versions Nicotine+ versions 3.0.3 through 3.2.0

Description A denial of service (DoS) issue exists, allowing a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character. This can be achieved by exploiting the file path variable in the file download request.

Recommendations For Nicotine+ versions 3.0.3 through 3.2.0, update to version 3.2.1 or later to resolve the issue. As a temporary workaround, consider restricting file download requests from untrusted sources to minimize the risk of exploitation.