Primary

Context

OSV-SCALIBR Filesystem Traversal Vulnerability Leading to Denial-of-Service

Vulnerability

A denial-of-service vulnerability has been identified in OSV-SCALIBR due to a bug in the filesystem traversal fallback path. When the ReadDir function returns nil for an empty directory, the diriterate.Next() method overindexes an empty slice, causing a panic from an index-out-of-range error and crashing the application. This issue arises in scenarios where a custom filesystem implementation does not support the fs.ReadDirFile interface, leading to the incorrect assumption that a nil response indicates the presence of files.

Impact

Exploitation of this vulnerability causes a panic from an index-out-of-range error, leading to an application crash.

Remediation

Users can update to OSV-SCALIBR version 0.4.0, which includes the necessary fix. Instructions for updating can be found in the OSV-SCALIBR repository on GitHub.

Added: Nov 20, 2025, 4:27 PM

Updated: Nov 20, 2025, 4:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

1.1

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

1.1

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OSV-SCALIBR Filesystem Traversal Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating