Headline
CVE-2021-45848: Just crashed on Win 11 insider ring · Issue #1777 · nicotine-plus/nicotine-plus
Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character.
Type: <class 'ValueError’>
Value: access: embedded null character in path
Traceback: File "pynicotine/pynicotine.py", line 385, in network_event
File "pynicotine/pynicotine.py", line 1823, in queue_upload
File "pynicotine/transfers.py", line 666, in queue_upload
File "pynicotine/shares.py", line 646, in file_is_shared