NULL Pointer Dereference
CVE-2021-4236
Summary
"Web Sockets" do not execute any "AuthenticateMethod" methods which may be set, leading to a nil pointer dereference in github.com/ecnepsnai/web versions v1.4.0 prior to 1.5.2 if the returned "UserData" pointer is assumed to be non-nil, or authentication bypass. This issue only affects "WebSockets" with an "AuthenticateMethod" hook. Request handlers that do not explicitly use "WebSockets" are not vulnerable.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- NONE
- HIGH
- HIGH
CWE-476 - NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
References
Advisory Timeline
- Published