NULL Pointer Dereference
CVE-2025-13425
Summary
A bug in the filesystem traversal fallback path causes "fs/diriterate/diriterate.go:Next()" to overindex an empty slice when ReadDir returns nil for an empty directory, resulting in a panic (index out of range) and an application crash Denial-of-Service (DOS) in OSV-SCALIBR. This issue affects the versions prior to 0.3.4.
- LOW
- LOCAL
- NONE
- LOW
CWE-476 - NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
References
Advisory Timeline
- Published
