Is there an existing issue for this?
Current Behavior
Nuclei crashes immediately with a fatal Go runtime error when running templates that use Interactsh (OOB out-of-band interaction).
The error is: fatal error: concurrent map iteration and map write
Expected Behavior
Nuclei should run stably without crashing when using Interactsh templates.
Concurrent map access must be thread-safe to avoid panics.
Steps To Reproduce
- Run Nuclei v3.7.1 on Ubuntu 24.04 x86_64
- Execute any template with Interactsh enabled
- Nuclei crashes with the fatal map error
Relevant log output
fatal error: concurrent map iteration and map write
goroutine 30188 [running]:
internal/runtime/maps.fatal({0x3b82f28?, 0x1068aac0b040?})
runtime/panic.go:1181 +0x18
internal/runtime/maps.(*Iter).Next(...)
runtime/panic.go:1181 +0x18
github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/replacer.Replace({0x106888b37b40, 0x36}, 0x1068bb5f1560)
github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/replacer/replacer.go:15 +0x11d
github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/expressions.evaluate({0x106888b37b40?, 0x0?}, 0x1068bb5f1560)
github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/expressions/expressions.go:47 +0x32
github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/expressions.Evaluate(...)
github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/expressions/expressions.go:31
github.com/projectdiscovery/nuclei/v3/pkg/operators/matchers.(*Matcher).MatchWords(0x1068878e8580, {0x1068c7348000?, 0x3a978e1?}, 0xb?)
github.com/projectdiscovery/nuclei/v3/pkg/operators/matchers/match.go:68 +0x12e
github.com/projectdiscovery/nuclei/v3/pkg/protocols/http.(*Request).Match(0x1068aac0b818?, 0x1068bb5f1560, 0x1068878e8580)
github.com/projectdiscovery/nuclei/v3/pkg/protocols/http/operators.go:38 +0x50c
github.com/projectdiscovery/nuclei/v3/pkg/operators.(*Operators).Execute(0x106887501600, 0x1068bb5f1560, 0x1068a32d92a0, 0x1068a32d92b0, 0x0)
github.com/projectdiscovery/nuclei/v3/pkg/operators/operators.go:303 +0xc69
github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/interactsh.(*Client).processInteractionForRequest(0x1068829f1810, 0x1068cd6ee4d0, 0x1068976e8b40)
github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/interactsh/interactsh.go:169 +0x358
github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/interactsh.(*Client).poll.func1(0x1068cd6ee4d0)
github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/interactsh/interactsh.go:127 +0x373
github.com/projectdiscovery/interactsh/pkg/client.(*Client).getInteractions(0x10689de5a5a0, 0x10689ccf79d0)
github.com/projectdiscovery/interactsh@v1.3.0/pkg/client/client.go:467 +0xec6
github.com/projectdiscovery/interactsh/pkg/client.(*Client).StartPolling.func1()
github.com/projectdiscovery/interactsh@v1.3.0/pkg/client/client.go:389 +0x125
created by github.com/projectdiscovery/interactsh/pkg/client.(*Client).StartPolling in goroutine 27633
github.com/projectdiscovery/interactsh@v1.3.0/pkg/client/client.go:381 +0x1a5Environment
- Nuclei: v3.7.1 (latest version)
- go:
- OS: Ubuntu 24.04
Anything else?
No response
Is there an existing issue for this?
Current Behavior
Nuclei crashes immediately with a fatal Go runtime error when running templates that use Interactsh (OOB out-of-band interaction).
The error is: fatal error: concurrent map iteration and map write
Expected Behavior
Nuclei should run stably without crashing when using Interactsh templates.
Concurrent map access must be thread-safe to avoid panics.
Steps To Reproduce
Relevant log output
fatal error: concurrent map iteration and map write goroutine 30188 [running]: internal/runtime/maps.fatal({0x3b82f28?, 0x1068aac0b040?}) runtime/panic.go:1181 +0x18 internal/runtime/maps.(*Iter).Next(...) runtime/panic.go:1181 +0x18 github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/replacer.Replace({0x106888b37b40, 0x36}, 0x1068bb5f1560) github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/replacer/replacer.go:15 +0x11d github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/expressions.evaluate({0x106888b37b40?, 0x0?}, 0x1068bb5f1560) github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/expressions/expressions.go:47 +0x32 github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/expressions.Evaluate(...) github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/expressions/expressions.go:31 github.com/projectdiscovery/nuclei/v3/pkg/operators/matchers.(*Matcher).MatchWords(0x1068878e8580, {0x1068c7348000?, 0x3a978e1?}, 0xb?) github.com/projectdiscovery/nuclei/v3/pkg/operators/matchers/match.go:68 +0x12e github.com/projectdiscovery/nuclei/v3/pkg/protocols/http.(*Request).Match(0x1068aac0b818?, 0x1068bb5f1560, 0x1068878e8580) github.com/projectdiscovery/nuclei/v3/pkg/protocols/http/operators.go:38 +0x50c github.com/projectdiscovery/nuclei/v3/pkg/operators.(*Operators).Execute(0x106887501600, 0x1068bb5f1560, 0x1068a32d92a0, 0x1068a32d92b0, 0x0) github.com/projectdiscovery/nuclei/v3/pkg/operators/operators.go:303 +0xc69 github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/interactsh.(*Client).processInteractionForRequest(0x1068829f1810, 0x1068cd6ee4d0, 0x1068976e8b40) github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/interactsh/interactsh.go:169 +0x358 github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/interactsh.(*Client).poll.func1(0x1068cd6ee4d0) github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/interactsh/interactsh.go:127 +0x373 github.com/projectdiscovery/interactsh/pkg/client.(*Client).getInteractions(0x10689de5a5a0, 0x10689ccf79d0) github.com/projectdiscovery/interactsh@v1.3.0/pkg/client/client.go:467 +0xec6 github.com/projectdiscovery/interactsh/pkg/client.(*Client).StartPolling.func1() github.com/projectdiscovery/interactsh@v1.3.0/pkg/client/client.go:389 +0x125 created by github.com/projectdiscovery/interactsh/pkg/client.(*Client).StartPolling in goroutine 27633 github.com/projectdiscovery/interactsh@v1.3.0/pkg/client/client.go:381 +0x1a5Environment
Anything else?
No response