NULL Pointer Dereference

CVE-2021-4236

High

9.8/10

Summary

"Web Sockets" do not execute any "AuthenticateMethod" methods which may be set, leading to a nil pointer dereference in github.com/ecnepsnai/web versions v1.4.0 prior to 1.5.2 if the returned "UserData" pointer is assumed to be non-nil, or authentication bypass. This issue only affects "WebSockets" with an "AuthenticateMethod" hook. Request handlers that do not explicitly use "WebSockets" are not vulnerable.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-476 - NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

References

Advisory
Advisory
Advisory
Release Note

Advisory Timeline

Published Dec 27, 2022

NULL Pointer Dereference

CVE-2021-4236

Summary

CWE-476 - NULL Pointer Dereference

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS