Sign-up

ID

VAR-202011-0400


CVE

CVE-2020-26521


TITLE

NATS nats-server  In  NULL  Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-013019

DESCRIPTION

The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code). NATS Server is an open source messaging system. The system is mainly used for cloud-native applications, IoT messaging, and microservice architecture

Trust: 2.16

sources: NVD: CVE-2020-26521 // JVNDB: JVNDB-2020-013019 // CNNVD: CNNVD-202011-672

AFFECTED PRODUCTS

vendor:fedoraprojectmodel:fedorascope:eqversion:33

Trust: 1.0

vendor:linuxfoundationmodel:nats-serverscope:ltversion:2.1.9

Trust: 1.0

vendor:natsmodel:serverscope:eqversion:2.1.9

Trust: 0.8

vendor:natsmodel:serverscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-013019 // NVD: CVE-2020-26521

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-26521
value: HIGH

Trust: 1.0

NVD: CVE-2020-26521
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202011-672
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-26521
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2020-26521
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-26521
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-013019 // CNNVD: CNNVD-202011-672 // NVD: CVE-2020-26521

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.0

problemtype:NULL Pointer dereference (CWE-476) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-013019 // NVD: CVE-2020-26521

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-672

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202011-672

PATCH

title:nats-serverurl:https://github.com/nats-io/nats-server/commits/master

Trust: 0.8

title:NATS nats-server Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=133810

Trust: 0.6

sources: JVNDB: JVNDB-2020-013019 // CNNVD: CNNVD-202011-672

EXTERNAL IDS

db:OPENWALLid:OSS-SECURITY/2020/11/02/2

Trust: 2.4

db:NVDid:CVE-2020-26521

Trust: 2.4

db:JVNDBid:JVNDB-2020-013019

Trust: 0.8

db:CNNVDid:CNNVD-202011-672

Trust: 0.6

sources: JVNDB: JVNDB-2020-013019 // CNNVD: CNNVD-202011-672 // NVD: CVE-2020-26521

REFERENCES

url:http://www.openwall.com/lists/oss-security/2020/11/02/2

Trust: 2.4

url:https://github.com/nats-io/nats-server/commits/master

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-26521

Trust: 1.4

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vt67xcliibyrt762svfbyfftqfvsm3si/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/vt67xcliibyrt762svfbyfftqfvsm3si/

Trust: 0.6

sources: JVNDB: JVNDB-2020-013019 // CNNVD: CNNVD-202011-672 // NVD: CVE-2020-26521

SOURCES

db:JVNDBid:JVNDB-2020-013019
db:CNNVDid:CNNVD-202011-672
db:NVDid:CVE-2020-26521

LAST UPDATE DATE

2024-11-23T22:16:16.710000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2020-013019date:2021-06-17T06:12:00
db:CNNVDid:CNNVD-202011-672date:2021-01-12T00:00:00
db:NVDid:CVE-2020-26521date:2024-11-21T05:19:59.290

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2020-013019date:2021-06-17T00:00:00
db:CNNVDid:CNNVD-202011-672date:2020-11-06T00:00:00
db:NVDid:CVE-2020-26521date:2020-11-06T08:15:13.563