Skip to main content

Nats Server CVE-2019-13126

HIGH
Integer Overflow or Wraparound (CWE-190)
2019-07-29 cve@mitre.org
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Patch released
Mar 30, 2026 - 14:37 nvd
Patch available
CVE Published
Jul 29, 2019 - 17:15 nvd
HIGH 7.5

DescriptionCVE.org

An integer overflow in NATS Server before 2.0.2 allows a remote attacker to crash the server by sending a crafted request. If authentication is enabled, then the remote attacker must have first authenticated.

AnalysisAI

An integer overflow in NATS Server before 2.0.2 allows a remote attacker to crash the server by sending a crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. An integer overflow in NATS Server before 2.0.2 allows a remote attacker to crash the server by sending a crafted request. If authentication is enabled, then the remote attacker must have first authenticated. Affected products include: Linuxfoundation Nats-Server. Version information: before 2.0.2.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.

CVE-2021-3127 HIGH POC
7.5 Mar 16

NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings ar

CVE-2020-26892 CRITICAL
9.8 Nov 06

The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are han

CVE-2020-28466 HIGH
7.5 Mar 07

This affects all versions of package github.com/nats-io/nats-server/server. Rated high severity (CVSS 7.5), this vulnera

CVE-2022-24450 HIGH
8.8 Feb 08

NATS nats-server before 2.7.2 has Incorrect Access Control. Rated high severity (CVSS 8.8), this vulnerability is remote

CVE-2026-58253 HIGH
8.8 Jul 06

Authentication bypass in NATS Server (nats-io/nats-server) lets an unauthenticated attacker on an adjacent network conne

CVE-2026-58250 HIGH
7.5 Jul 06

Remote denial of service in the NATS Server (nats-io/nats-server) leafnode subsystem allows unauthenticated attackers to

CVE-2026-58210 HIGH
7.5 Jul 06

Denial of service in NATS Server (nats-server) MQTT handler allows a remote, unauthenticated client to exhaust server me

CVE-2026-58208 HIGH
7.5 Jul 06

Remote denial-of-service in NATS Server (nats-server) affects deployments with the WebSocket listener enabled but MQTT d

CVE-2023-46129 HIGH
7.5 Oct 31

NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise,

CVE-2020-26521 HIGH
7.5 Nov 06

The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code). Rated high s

CVE-2026-58213 HIGH
7.1 Jul 06

Protocol injection in NATS Server MQTT support allows an authenticated MQTT client to smuggle control characters (tab, n

CVE-2022-26652 MEDIUM
6.5 Mar 10

NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStre

Share

CVE-2019-13126 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy