CVE-2025-59351
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-17

Last updated on: 2025-09-18

Assigner: GitHub, Inc.

Description
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the first return value of a function is dereferenced even when the function returns an error. This can result in a nil dereference, and cause code to panic. This vulnerability is fixed in 2.1.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-17
Last Modified
2025-09-18
Generated
2026-05-07
AI Q&A
2025-09-17
EPSS Evaluated
2026-05-05
NVD
CVE-2025-59351
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linuxfoundation dragonfly to 2.1.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in Dragonfly versions prior to 2.1.0, where a function's first return value is dereferenced even if the function returns an error. This can lead to a nil pointer dereference, causing the program to panic (crash). The issue is fixed in version 2.1.0.


How can this vulnerability impact me? :

The vulnerability can cause the Dragonfly system to crash unexpectedly due to a nil pointer dereference. This may lead to denial of service or interruption of file distribution and image acceleration services.


What immediate steps should I take to mitigate this vulnerability?

Upgrade Dragonfly to version 2.1.0 or later, as this version contains the fix for the vulnerability that causes a nil dereference and code panic.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart