GHSA-FWHJ-785H-43HH: Denial of Service via Null Pointer Dereference in OliveTin
Vulnerability ID: GHSA-FWHJ-785H-43HH
CVSS Score: 7.5
Published: 2026-03-05
A Null Pointer Dereference vulnerability has been identified in OliveTin, an open-source web interface for shell commands. The flaw exists within the API handlers responsible for action execution and management, specifically allowing unauthenticated remote attackers to trigger a server-side panic. By manipulating the sequence of API calls, an attacker can create an invalid internal state that crashes the application process, resulting in a Denial of Service (DoS).
TL;DR
OliveTin versions prior to 3000.11.1 are vulnerable to a Denial of Service attack. Unauthenticated attackers can crash the server by sending a specific sequence of HTTP requests that trigger a Null Pointer Dereference in the Go runtime. A patch is available in version 3000.11.1.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-476
- CWE Name: NULL Pointer Dereference
- Attack Vector: Network
- Impact: Denial of Service
- CVSS Score: 7.5 (High)
- Exploit Status: POC Available
Affected Systems
- OliveTin
-
OliveTin: < 3000.11.1 (Fixed in:
3000.11.1)
Code Analysis
Commit: bb14c5d
Fix potential crash when action binding is nil
Mitigation Strategies
- Restrict network access to the OliveTin interface using firewalls or VPNs.
- Implement a reverse proxy with authentication in front of OliveTin.
- Configure WAF rules to validate 'actionId' parameters against an allowlist.
Remediation Steps:
- Stop the running OliveTin service.
- Download the latest release (version 3000.11.1 or higher) from the official repository.
- Replace the existing binary/container.
- Restart the service.
- Verify the fix by attempting to trigger the panic with an invalid action ID.
References
Read the full report for GHSA-FWHJ-785H-43HH on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)