Trail of Bits
Audit Open Original ↗

NATS Server

Type

Security review

Client

Date

2025-02

Domain

AppSec

Effort

6 wks

Section

Technology Product Reviews

Trail of Bits's security review of NATS Server (Feb 2025) identified 10 issues: 3 medium, 1 low, and 6 informational.

Findings · 10

  1. 1 Ignored error values during file store operations Informational
  2. 2 User and NKeyUser clone() methods can fail to deep copy an empty allowed connection types list Informational
  3. 3 Non–constant time comparison of plaintext passwords Medium
  4. 4 Risk of denial of service when restoring Streams Medium
  5. 5 Inconsistent behavior around \r character in parser Informational
  6. 6 Use of unpinned third-party workflow Medium
  7. 7 Use of non-TLS download in Travis CI configuration file Informational
  8. 8 Missing mutex unlocks before return statements Informational
  9. 9 Windows DLL loading susceptible to DLL hijacking attacks Informational
  10. 10 HTTP servers are vulnerable to Slowloris denial-of-service attacks Low

Findings extracted from the published report PDF. See the full report below for details and remediation.

Related