CVE-2025-27701

Medium CVSS 5.5

Overview

In the function process_crypto_cmd, the values of ptrs[i] can be potentially equal to NULL which is valid value after calling slice_map_array(). Later this values will be derefenced without prior NULL check, which can lead to local Temporary DoS or OOB Read, leading to information disclosure.

CWE: CWE-476 Published: 2025-05-27T16:15:31.390

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 5.5 (MEDIUM)
Detected tags: dos, info_leak, oob (tag impact: LOW)

Recommended actions:

Rate limiting, resource quotas and circuit breakers.
Reduce verbose errors, remove debug endpoints, minimize PII in logs.

Overview

Recommended tools

Tags