CNNVD-202509-2673 Information

CNNVD ID

CNNVD-202509-2673

Related CVE

CVE-2025-59351

• CNNVD Published: 2025-09-17

Description (Chinese)

Dragonfly是DragonflyDB开源的一个框架，可以对任何内容类型进行动态处理。 Dragonfly 2.1.0之前版本存在代码问题漏洞，该漏洞源于函数返回错误时仍解引用第一个返回值，可能导致空指针取消引用。

Description (English)

Dragonfly is an open-source framework for DragonflyDB that can dynamically process any type of content. There is a code problem loophole in the pre-Dragonfly 2.1.0 version, which arises from the fact that the first return value is unlocked when the function returns an error, which may lead to an empty pointer cancelling the reference.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

如梦技术

Published

2025-09-17

Last Modified

2026-02-24

References

https://github.com/dragonflyoss/dragonfly/blob/main/docs/security/dragonfly-comprehensive-report-2023.pdf https://github.com/dragonflyoss/dragonfly/security/advisories/GHSA-4mhv-8rh3-4ghw

Patch

https://d7y.io/