nicotine-plus is vulnerable to denial of service. The file_is_shared
function of shares.py
does not properly handle invalid file paths in the file download requests, allowing an attacker to crash the application by providing null characters to the file path.
github.com/advisories/GHSA-p4v2-r99v-wjc2
github.com/nicotine-plus/nicotine-plus/commit/0e3e2fac27a518f0a84330f1ddf1193424522045
github.com/nicotine-plus/nicotine-plus/issues/1777
lists.fedoraproject.org/archives/list/[email protected]/message/HWYV53KERFH2EC4XI2IVVQFTV75E5XM6/
security.gentoo.org/glsa/202210-20