CWE-170
AllowedImproper Null Termination
Abstraction: Base · Status: Incomplete
The product does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator.
77 vulnerabilities reference this CWE, most recent first.
CVE-2026-23749 (GCVE-0-2026-23749)
Vulnerability from cvelistv5 – Published: 2026-02-26 17:32 – Updated: 2026-07-14 15:53- CWE-170 - Improper Null Termination
| URL | Tags |
|---|---|
| https://secmate.dev/disclosures/SECMATE-2025-0017 | technical-description |
| https://blog.secmate.dev/posts/golioth-vulnerabil… | technical-descriptionexploit |
| https://github.com/golioth/golioth-firmware-sdk/r… | release-notes |
| https://github.com/golioth/golioth-firmware-sdk/c… | patch |
| https://www.vulncheck.com/advisories/golioth-firm… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Golioth | Firmware SDK |
Affected:
0.19.1 , < 0.22.0
(semver)
Unaffected: 0e788217ab4b61a7c1d9fadd1b4a40f5f538a26d (git) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23749",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-27T17:55:58.632725Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T17:56:08.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:github/golioth/golioth-firmware-sdk",
"product": "Firmware SDK",
"repo": "https://github.com/golioth/golioth-firmware-sdk",
"vendor": "Golioth",
"versions": [
{
"lessThan": "0.22.0",
"status": "affected",
"version": "0.19.1",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "0e788217ab4b61a7c1d9fadd1b4a40f5f538a26d",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "SecMate (https://secmate.dev)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Golioth Firmware SDK version\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e0.19.1\u003c/span\u003e\u0026nbsp;prior to 0.22.0, fixed in commit\u0026nbsp;0e788217, contain an out-of-bounds read due to improper null termination of a blockwise transfer path. blockwise_transfer_init() accepts a path whose length equals CONFIG_GOLIOTH_COAP_MAX_PATH_LEN and copies it using strncpy() without guaranteeing a trailing NUL byte, leaving ctx-\u0026gt;path unterminated. A later strlen() on this buffer (in golioth_coap_client_get_internal()) can read past the end of the allocation, resulting in a crash/denial of service. The input is application-controlled (not network by default)."
}
],
"value": "Golioth Firmware SDK version\u00a00.19.1\u00a0prior to 0.22.0, fixed in commit\u00a00e788217, contain an out-of-bounds read due to improper null termination of a blockwise transfer path. blockwise_transfer_init() accepts a path whose length equals CONFIG_GOLIOTH_COAP_MAX_PATH_LEN and copies it using strncpy() without guaranteeing a trailing NUL byte, leaving ctx-\u003epath unterminated. A later strlen() on this buffer (in golioth_coap_client_get_internal()) can read past the end of the allocation, resulting in a crash/denial of service. The input is application-controlled (not network by default)."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 2.1,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-170",
"description": "CWE-170: Improper Null Termination",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T15:53:37.722Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"technical-description"
],
"url": "https://secmate.dev/disclosures/SECMATE-2025-0017"
},
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://blog.secmate.dev/posts/golioth-vulnerabilities-disclosure/"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/golioth/golioth-firmware-sdk/releases/tag/v0.22.0"
},
{
"tags": [
"patch"
],
"url": "https://github.com/golioth/golioth-firmware-sdk/commit/0e788217ab4b61a7c1d9fadd1b4a40f5f538a26d"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/golioth-firmware-sdk-blockwise-transfer-path-out-of-bounds-read"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Golioth Firmware SDK \u003c 0.22.0 Blockwise Transfer Path Out-of-Bounds Read",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-23749",
"datePublished": "2026-02-26T17:32:30.795Z",
"dateReserved": "2026-01-15T18:42:20.938Z",
"dateUpdated": "2026-07-14T15:53:37.722Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21488 (GCVE-0-2026-21488)
Vulnerability from cvelistv5 – Published: 2026-01-06 13:52 – Updated: 2026-01-06 14:22| URL | Tags |
|---|---|
| https://github.com/InternationalColorConsortium/i… | x_refsource_CONFIRM |
| https://github.com/InternationalColorConsortium/i… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| InternationalColorConsortium | iccDEV |
Affected:
< 2.3.1.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21488",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-06T14:22:20.962464Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T14:22:27.581Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iccDEV",
"vendor": "InternationalColorConsortium",
"versions": [
{
"status": "affected",
"version": "\u003c 2.3.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Out-of-bounds Read, Heap-based Buffer Overflow and Improper Null Termination through its CIccTagText::Read function. This issue is fixed in version 2.3.1.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-170",
"description": "CWE-170: Improper Null Termination",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T13:52:21.380Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-4j2g-rvv4-86vg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-4j2g-rvv4-86vg"
},
{
"name": "https://github.com/InternationalColorConsortium/iccDEV/commit/9daaccceb231c43db8cab312ee5bbe9d2aa6b153",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/InternationalColorConsortium/iccDEV/commit/9daaccceb231c43db8cab312ee5bbe9d2aa6b153"
}
],
"source": {
"advisory": "GHSA-4j2g-rvv4-86vg",
"discovery": "UNKNOWN"
},
"title": "iccDEV has Out-of-bounds Read, Heap-based Buffer Overflow and Improper Null Termination"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-21488",
"datePublished": "2026-01-06T13:52:21.380Z",
"dateReserved": "2025-12-29T14:34:16.006Z",
"dateUpdated": "2026-01-06T14:22:27.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12386 (GCVE-0-2026-12386)
Vulnerability from cvelistv5 – Published: 2026-07-05 14:31 – Updated: 2026-07-06 13:25- CWE-170 - Improper null termination
| URL | Tags |
|---|---|
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
| Vendor | Product | Version | |
|---|---|---|---|
| TUBITAK BILGEM Software Technologies Research Institute | Pardus Pen |
Affected:
<=4.1.5 , < 4.2.1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12386",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T13:25:21.649209Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T13:25:28.190Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pardus Pen",
"vendor": "TUBITAK BILGEM Software Technologies Research Institute",
"versions": [
{
"lessThan": "4.2.1",
"status": "affected",
"version": "\u003c=4.1.5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Muhammed KAYA"
}
],
"datePublic": "2026-07-05T14:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper null termination vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Pen allows Overflow Buffers.\u003cp\u003eThis issue affects Pardus Pen: from \u0026lt;=4.1.5 before 4.2.1.\u003c/p\u003e"
}
],
"value": "Improper null termination vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Pen allows Overflow Buffers.\n\nThis issue affects Pardus Pen: from \u003c=4.1.5 before 4.2.1."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-170",
"description": "CWE-170 Improper null termination",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-05T14:31:47.467Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0499"
}
],
"source": {
"advisory": "TR-26-0499",
"defect": [
"TR-26-0499"
],
"discovery": "UNKNOWN"
},
"title": "Buffer Overflow in TUBITAK BILGEM\u0027s Pardus Pen",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2026-12386",
"datePublished": "2026-07-05T14:31:47.467Z",
"dateReserved": "2026-06-16T11:12:47.226Z",
"dateUpdated": "2026-07-06T13:25:28.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8721 (GCVE-0-2026-8721)
Vulnerability from cvelistv5 – Published: 2026-05-17 18:51 – Updated: 2026-05-18 12:56- CWE-170 - Improper Null Termination
| Vendor | Product | Version | |
|---|---|---|---|
| JONASBN | Crypt::OpenSSL::PKCS12 |
Affected:
0 , ≤ 1.94
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-17T21:18:34.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/17/6"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8721",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-18T12:56:25.907387Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T12:56:41.486Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Crypt-OpenSSL-PKCS12",
"product": "Crypt::OpenSSL::PKCS12",
"programFiles": [
"PKCS12.xs"
],
"programRoutines": [
{
"name": "Crypt::OpenSSL::PKCS12::mac_ok"
},
{
"name": "Crypt::OpenSSL::PKCS12::changepass"
},
{
"name": "Crypt::OpenSSL::PKCS12::create"
},
{
"name": "Crypt::OpenSSL::PKCS12::create_as_string"
},
{
"name": "Crypt::OpenSSL::PKCS12::certificate"
},
{
"name": "Crypt::OpenSSL::PKCS12::ca_certificate"
},
{
"name": "Crypt::OpenSSL::PKCS12::private_key"
},
{
"name": "Crypt::OpenSSL::PKCS12::info_as_hash"
},
{
"name": "Crypt::OpenSSL::PKCS12::info"
}
],
"repo": "https://github.com/dsully/perl-crypt-openssl-pkcs12",
"vendor": "JONASBN",
"versions": [
{
"lessThanOrEqual": "1.94",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs.\n\nPassword parameters in PKCS12.xs are declared char *, which routes through Perl\u0027s default typemap to SvPV_nolen. The Perl length is discarded.\n\nThe C code (or OpenSSL internally) calls strlen() on the buffer. Any password byte at or after the first NULL is silently dropped. Binary / KDF-derived / HMAC-derived passwords lose entropy without any warnings."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-170",
"description": "CWE-170 Improper Null Termination",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-17T18:51:41.420Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/JONASBN/Crypt-OpenSSL-PKCS12-1.95/view/Changes.md"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to 1.95 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-05-13T00:00:00.000Z",
"value": "CPANSec identified issue"
},
{
"lang": "en",
"time": "2026-05-13T00:00:00.000Z",
"value": "Author was notified"
},
{
"lang": "en",
"time": "2026-05-17T00:00:00.000Z",
"value": "Maintainer released patch version"
}
],
"title": "Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-8721",
"datePublished": "2026-05-17T18:51:41.420Z",
"dateReserved": "2026-05-16T01:07:36.063Z",
"dateUpdated": "2026-05-18T12:56:41.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5067 (GCVE-0-2026-5067)
Vulnerability from cvelistv5 – Published: 2026-06-09 06:01 – Updated: 2026-06-09 13:12| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject-rtos | Zephyr |
Affected:
3.7.0 , ≤ 4.3.0
(git)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5067",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T13:11:48.752906Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T13:12:08.853Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wgr4-9pwq-94vj"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Zephyr",
"product": "Zephyr",
"repo": "https://github.com/zephyrproject-rtos/zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThanOrEqual": "4.3.0",
"status": "affected",
"version": "3.7.0",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bounds read/write in HTTP WebSocket upgrade via non-null-terminated Sec-WebSocket-Key"
}
],
"value": "A remote, unauthenticated attacker can trigger memory corruption in Zephyr\u0027s HTTP server WebSocket upgrade path by sending a crafted Sec-WebSocket-Key header. The HTTP/1 header parser copies the header into a fixed-size buffer using a bounded copy that does not guarantee NUL termination when the input length reaches the buffer size. During upgrade handling the buffer is copied to a local stack buffer and passed to strlen(); if no NUL exists in-bounds, strlen() reads beyond the stack buffer and subsequent concatenation with the WebSocket magic string can write out of bounds. This leads to out-of-bounds read and write on stack memory, resulting in crash (denial of service) and potentially code execution. The path is reachable when CONFIG_HTTP_SERVER_WEBSOCKET is enabled."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-170",
"description": "Improper Null Termination",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T06:01:02.559Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wgr4-9pwq-94vj"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds read/write in HTTP WebSocket upgrade via non-null-terminated Sec-WebSocket-Key",
"x_generator": {
"engine": "swg-tools/create-cve-info"
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2026-5067",
"datePublished": "2026-06-09T06:01:02.559Z",
"dateReserved": "2026-03-27T22:30:27.757Z",
"dateUpdated": "2026-06-09T13:12:08.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2239 (GCVE-0-2026-2239)
Vulnerability from cvelistv5 – Published: 2026-03-26 20:00 – Updated: 2026-04-03 20:25- CWE-170 - Improper Null Termination
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2026-2239 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2437675 | issue-trackingx_refsource_REDHAT |
| https://gitlab.gnome.org/GNOME/gimp/-/issues/15812 |
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2239",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-30T11:29:11.654804Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T11:29:20.235Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "gimp",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "gimp:2.8/gimp",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "gimp",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"datePublic": "2026-02-09T07:07:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the fread_pascal_string function when processing a specially crafted PSD (Photoshop Document) file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an out-of-bounds read when strlen() is subsequently called. Successfully exploiting this vulnerability can cause the application to crash, resulting in an application level Denial of Service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-170",
"description": "Improper Null Termination",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T20:25:04.014Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-2239"
},
{
"name": "RHBZ#2437675",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437675"
},
{
"url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/15812"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-09T09:04:28.726Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-02-09T07:07:00.000Z",
"value": "Made public."
}
],
"title": "Gimp: gimp: application crash (dos) via crafted psd file due to heap-buffer-overflow",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-170: Improper Null Termination"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-2239",
"datePublished": "2026-03-26T20:00:28.595Z",
"dateReserved": "2026-02-09T09:07:05.426Z",
"dateUpdated": "2026-04-03T20:25:04.014Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66220 (GCVE-0-2025-66220)
Vulnerability from cvelistv5 – Published: 2025-12-03 18:31 – Updated: 2025-12-03 19:10- CWE-170 - Improper Null Termination
| URL | Tags |
|---|---|
| https://github.com/envoyproxy/envoy/security/advi… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy |
Affected:
>= 1.36.0, <= 1.36.2
Affected: >= 1.35.0, <= 1.35.6 Affected: >= 1.34.0, <= 1.34.10 Affected: <= 1.33.12 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66220",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T19:10:43.590627Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T19:10:53.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.36.0, \u003c= 1.36.2"
},
{
"status": "affected",
"version": "\u003e= 1.35.0, \u003c= 1.35.6"
},
{
"status": "affected",
"version": "\u003e= 1.34.0, \u003c= 1.34.10"
},
{
"status": "affected",
"version": "\u003c= 1.33.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy\u2019s mTLS certificate matcher for match_typed_subject_alt_names may incorrectly treat certificates containing an embedded null byte (\\0) inside an OTHERNAME SAN value as valid matches."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-170",
"description": "CWE-170: Improper Null Termination",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T18:31:50.389Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-rwjg-c3h2-f57p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-rwjg-c3h2-f57p"
}
],
"source": {
"advisory": "GHSA-rwjg-c3h2-f57p",
"discovery": "UNKNOWN"
},
"title": "Envoy\u2019s TLS certificate matcher for `match_typed_subject_alt_names` may incorrectly treat certificates containing an embedded null byte"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66220",
"datePublished": "2025-12-03T18:31:50.389Z",
"dateReserved": "2025-11-24T23:01:29.679Z",
"dateUpdated": "2025-12-03T19:10:53.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62792 (GCVE-0-2025-62792)
Vulnerability from cvelistv5 – Published: 2025-10-29 16:50 – Updated: 2025-10-29 18:10| URL | Tags |
|---|---|
| https://github.com/wazuh/wazuh/security/advisorie… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62792",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-29T18:10:06.172333Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T18:10:35.915Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "wazuh",
"vendor": "wazuh",
"versions": [
{
"status": "affected",
"version": "\u003c 4.12.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.12.0, a buffer over-read occurs in w_expression_match() when strlen() is called on str_test, because the corresponding buffer is not being properly NULL terminated during its allocation in OS_CleanMSG(). A compromised agent can cause a READ operation beyond the end of the allocated buffer (which may contain sensitive information) by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can cause a buffer over-read and potentially access sensitive data. This vulnerability is fixed in 4.12.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126: Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-170",
"description": "CWE-170: Improper Null Termination",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T16:50:05.994Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/wazuh/wazuh/security/advisories/GHSA-2672-vfhm-xhr6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/wazuh/wazuh/security/advisories/GHSA-2672-vfhm-xhr6"
}
],
"source": {
"advisory": "GHSA-2672-vfhm-xhr6",
"discovery": "UNKNOWN"
},
"title": "Wazuh vulnerable to Heap-based Buffer Over-read in w_expression_match"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-62792",
"datePublished": "2025-10-29T16:50:05.994Z",
"dateReserved": "2025-10-22T18:55:48.011Z",
"dateUpdated": "2025-10-29T18:10:35.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-61912 (GCVE-0-2025-61912)
Vulnerability from cvelistv5 – Published: 2025-10-10 22:04 – Updated: 2025-10-14 14:58| URL | Tags |
|---|---|
| https://github.com/python-ldap/python-ldap/securi… | x_refsource_CONFIRM |
| https://github.com/python-ldap/python-ldap/commit… | x_refsource_MISC |
| https://github.com/python-ldap/python-ldap/releas… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| python-ldap | python-ldap |
Affected:
< 3.4.5
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61912",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T14:57:58.750366Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T14:58:06.682Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "python-ldap",
"vendor": "python-ldap",
"versions": [
{
"status": "affected",
"version": "\u003c 3.4.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, ldap.dn.escape_dn_chars() escapes \\x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \\00. Any application that uses this helper to construct DNs from untrusted input can be made to consistently fail before a request is sent to the LDAP server (e.g., AD), resulting in a client-side denial of service. Version 3.4.5 contains a patch for the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116: Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-170",
"description": "CWE-170: Improper Null Termination",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T22:04:25.028Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/python-ldap/python-ldap/security/advisories/GHSA-p34h-wq7j-h5v6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/python-ldap/python-ldap/security/advisories/GHSA-p34h-wq7j-h5v6"
},
{
"name": "https://github.com/python-ldap/python-ldap/commit/6ea80326a34ee6093219628d7690bced50c49a3f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-ldap/python-ldap/commit/6ea80326a34ee6093219628d7690bced50c49a3f"
},
{
"name": "https://github.com/python-ldap/python-ldap/releases/tag/python-ldap-3.4.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-ldap/python-ldap/releases/tag/python-ldap-3.4.5"
}
],
"source": {
"advisory": "GHSA-p34h-wq7j-h5v6",
"discovery": "UNKNOWN"
},
"title": "python-ldap Vulnerable to Improper Encoding or Escaping of Output and Improper Null Termination"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-61912",
"datePublished": "2025-10-10T22:04:25.028Z",
"dateReserved": "2025-10-03T22:21:59.614Z",
"dateUpdated": "2025-10-14T14:58:06.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2026 (GCVE-0-2025-2026)
Vulnerability from cvelistv5 – Published: 2025-12-31 07:32 – Updated: 2025-12-31 16:07- CWE-170 - Improper Null Termination
| URL | Tags |
|---|---|
| https://www.moxa.com/en/support/product-support/s… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Moxa | NPort 6100-G2/6200-G2 Series |
Affected:
1.0.0
(custom)
Unaffected: 1.1.0 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2026",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-31T16:07:24.186121Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-31T16:07:29.435Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NPort 6100-G2/6200-G2 Series",
"vendor": "Moxa",
"versions": [
{
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Cory YH Tseng"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe NPort 6100-G2/6200-G2 Series is affected by a high-severity vulnerability (CVE-2025-2026) that allows remote attackers to execute a null byte injection through the device\u2019s web API. This may lead to an unexpected device reboot and result in a denial-of-service (DoS) condition.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cp\u003eAn authenticated remote attacker with web read-only privileges can exploit the vulnerable API to inject malicious input. Successful exploitation may cause the device to reboot, disrupting normal operations and causing a temporary denial of service.\u003c/p\u003e"
}
],
"value": "The NPort 6100-G2/6200-G2 Series is affected by a high-severity vulnerability (CVE-2025-2026) that allows remote attackers to execute a null byte injection through the device\u2019s web API. This may lead to an unexpected device reboot and result in a denial-of-service (DoS) condition.\n\nAn authenticated remote attacker with web read-only privileges can exploit the vulnerable API to inject malicious input. Successful exploitation may cause the device to reboot, disrupting normal operations and causing a temporary denial of service."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153: Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-170",
"description": "CWE-170: Improper Null Termination",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-31T07:32:26.427Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-251731-cve-2025-1977-cve-2025-2026-multiple-vulnerabilities-in-nport-6100-g2-6200-g2-series"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNPort 6100-G2/6200-G2 Series\u003c/span\u003e\u003cbr\u003e\u003cul\u003e\u003cli\u003eUpdate to firmware\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ev1.1.0 or later\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "NPort 6100-G2/6200-G2 Series\n * Update to firmware\u00a0v1.1.0 or later"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2025-2026",
"datePublished": "2025-12-31T07:32:26.427Z",
"dateReserved": "2025-03-06T02:21:13.887Z",
"dateUpdated": "2025-12-31T16:07:29.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Use a language that is not susceptible to these issues. However, be careful of null byte interaction errors (CWE-626) with lower-level constructs that may be written in a language that is susceptible.
Mitigation
Ensure that all string functions used are understood fully as to how they append null characters. Also, be wary of off-by-one errors when appending nulls to the end of strings.
Mitigation
If performance constraints permit, special code can be added that validates null-termination of string buffers, this is a rather naive and error-prone solution.
Mitigation
Switch to bounded string manipulation functions. Inspect buffer lengths involved in the buffer overrun trace reported with the defect.
Mitigation
Add code that fills buffers with nulls (however, the length of buffers still needs to be inspected, to ensure that the non null-terminated string is not written at the physical end of the buffer).
No CAPEC attack patterns related to this CWE.