VDB
KO
HIGH 7.5

PYSEC-2026-687

Nicotine+ DoS on Null Character in Download Request

Details

Denial of service (DoS) vulnerability in Nicotine+ starting with version 3.0.3 and prior to version 3.2.1 allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / nicotine-plus
Introduced in: 3.0.3 Fixed in: 3.2.1
Fix pip install --upgrade 'nicotine-plus>=3.2.1'

References