Is there an existing issue for this?
Current Behavior
Discovered over at bbot when our automatic nuclei version update test pipeline failed.
Looks like it affects 3.4.8 and 3.4.9.
Expected Behavior
no segmentation fault
Steps To Reproduce
nuclei -u https://example.com --automatic-scan
Relevant log output
./nuclei -u https://example.com --automatic-scan
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v3.4.9
projectdiscovery.io
[WRN] Found 2 templates with runtime error (use -validate flag for further examination)
[INF] Current nuclei version: v3.4.9 (latest)
[INF] Current nuclei-templates version: v10.2.7 (latest)
[INF] New templates added in latest release: 52
[INF] Templates loaded for current scan: 7661
[INF] Executing 7280 signed templates from projectdiscovery/nuclei-templates
[WRN] Loading 381 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] Automatic scan tech-detect: Templates clustered: 432 (Reduced 409 Requests)
[INF] Executing Automatic scan on 1 target[s]
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x20c0ce6]
goroutine 25911 [running]:
github.com/projectdiscovery/nuclei/v3/pkg/tmplexec.(*TemplateExecuter).ExecuteWithResults(0xde1745?, 0xc011375540)
github.com/projectdiscovery/nuclei/v3/pkg/tmplexec/exec.go:287 +0x126
github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/automaticscan.(*Service).getTagsUsingDetectionTemplates.func1(0xc012ff9348)
github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/automaticscan/automaticscan.go:304 +0x1aa
created by github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/automaticscan.(*Service).getTagsUsingDetectionTemplates in goroutine 16813
github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/automaticscan/automaticscan.go:260 +0x106Environment
- OS: ubuntu 24 LTS
- Nuclei: 3.4.8 / 3.4.9
Anything else?
No response
Is there an existing issue for this?
Current Behavior
Discovered over at bbot when our automatic nuclei version update test pipeline failed.
Looks like it affects 3.4.8 and 3.4.9.
Expected Behavior
no segmentation fault
Steps To Reproduce
nuclei -u https://example.com --automatic-scan
Relevant log output
./nuclei -u https://example.com --automatic-scan __ _ ____ __ _______/ /__ (_) / __ \/ / / / ___/ / _ \/ / / / / / /_/ / /__/ / __/ / /_/ /_/\__,_/\___/_/\___/_/ v3.4.9 projectdiscovery.io [WRN] Found 2 templates with runtime error (use -validate flag for further examination) [INF] Current nuclei version: v3.4.9 (latest) [INF] Current nuclei-templates version: v10.2.7 (latest) [INF] New templates added in latest release: 52 [INF] Templates loaded for current scan: 7661 [INF] Executing 7280 signed templates from projectdiscovery/nuclei-templates [WRN] Loading 381 unsigned templates for scan. Use with caution. [INF] Targets loaded for current scan: 1 [INF] Automatic scan tech-detect: Templates clustered: 432 (Reduced 409 Requests) [INF] Executing Automatic scan on 1 target[s] panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x20c0ce6] goroutine 25911 [running]: github.com/projectdiscovery/nuclei/v3/pkg/tmplexec.(*TemplateExecuter).ExecuteWithResults(0xde1745?, 0xc011375540) github.com/projectdiscovery/nuclei/v3/pkg/tmplexec/exec.go:287 +0x126 github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/automaticscan.(*Service).getTagsUsingDetectionTemplates.func1(0xc012ff9348) github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/automaticscan/automaticscan.go:304 +0x1aa created by github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/automaticscan.(*Service).getTagsUsingDetectionTemplates in goroutine 16813 github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/automaticscan/automaticscan.go:260 +0x106Environment
Anything else?
No response