Skip to main content

NULL Pointer Dereference


Severity High
Score 9.8/10


"Web Sockets" do not execute any "AuthenticateMethod" methods which may be set, leading to a nil pointer dereference in versions v1.4.0 prior to 1.5.2 if the returned "UserData" pointer is assumed to be non-nil, or authentication bypass. This issue only affects "WebSockets" with an "AuthenticateMethod" hook. Request handlers that do not explicitly use "WebSockets" are not vulnerable.

  • LOW
  • HIGH
  • NONE
  • NONE
  • HIGH
  • HIGH

CWE-476 - NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Advisory Timeline

  • Published