CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6305 vulnerabilities reference this CWE, most recent first.
CVE-2026-31973 (GCVE-0-2026-31973)
Vulnerability from cvelistv5 – Published: 2026-03-18 20:34 – Updated: 2026-03-19 16:14- CWE-476 - NULL Pointer Dereference
| URL | Tags |
|---|---|
| https://github.com/samtools/samtools/security/adv… | x_refsource_CONFIRM |
| https://github.com/samtools/samtools/commit/06fc2… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2026/0… |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-03-18T23:08:20.721Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/03/18/12"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-31973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-19T16:14:49.923184Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-19T16:14:59.386Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "samtools",
"vendor": "samtools",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.17, \u003c 1.21.1"
},
{
"status": "affected",
"version": "\u003e= 1.22, \u003c 1.22.2"
},
{
"status": "affected",
"version": "= 1.23"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAMtools is a program for reading, manipulating and writing bioinformatics file formats. Starting in version 1.17, in the cram-size command, used to write information about how well CRAM files are compressed, a check to see if the `cram_decode_compression_header()` was missing. If the function returned an error, this could lead to a NULL pointer dereference. Exploiting this bug causes a NULL pointer dereference. Typically this will cause the program to crash. Versions 1.23.1, 1.22.2 and 1.21.1 include fixes for this issue. There is no workaround for this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-18T20:34:00.846Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/samtools/samtools/security/advisories/GHSA-x86f-q6fj-cm43",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/samtools/samtools/security/advisories/GHSA-x86f-q6fj-cm43"
},
{
"name": "https://github.com/samtools/samtools/commit/06fc2a219b3d7c94d3f412c09f6d1efd51199f2f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/samtools/samtools/commit/06fc2a219b3d7c94d3f412c09f6d1efd51199f2f"
}
],
"source": {
"advisory": "GHSA-x86f-q6fj-cm43",
"discovery": "UNKNOWN"
},
"title": "NULL pointer dereference in samtools cram-size"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-31973",
"datePublished": "2026-03-18T20:34:00.846Z",
"dateReserved": "2026-03-10T15:40:10.486Z",
"dateUpdated": "2026-03-19T16:14:59.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-31964 (GCVE-0-2026-31964)
Vulnerability from cvelistv5 – Published: 2026-03-18 18:27 – Updated: 2026-03-18 18:46- CWE-476 - NULL Pointer Dereference
| URL | Tags |
|---|---|
| https://github.com/samtools/htslib/security/advis… | x_refsource_CONFIRM |
| https://github.com/samtools/htslib/commit/e64e68d… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-31964",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-18T18:46:07.706478Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-18T18:46:29.177Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "htslib",
"vendor": "samtools",
"versions": [
{
"status": "affected",
"version": "\u003c 1.21.1"
},
{
"status": "affected",
"version": "\u003e= 1.22, \u003c 1.22.2"
},
{
"status": "affected",
"version": "= 1.23"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. While most alignment records store DNA sequence and quality values, the format also allows them to omit this data in certain cases to save space. Due to some quirks of the CRAM format, it is necessary to handle these records carefully as they will actually store data that needs to be consumed and then discarded. Unfortunately the `CONST`, `XPACK` and `XRLE` encodings did not properly implement the interface needed to do this. Trying to decode records with omitted sequence or quality data using these encodings would result in an attempt to write to a NULL pointer. Exploiting this bug causes a NULL pointer dereference. Typically this will cause the program to crash. Versions 1.23.1, 1.22.2 and 1.21.1 include fixes for this issue. There is no workaround for this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-18T18:27:26.099Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/samtools/htslib/security/advisories/GHSA-5w97-85gf-86rm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/samtools/htslib/security/advisories/GHSA-5w97-85gf-86rm"
},
{
"name": "https://github.com/samtools/htslib/commit/e64e68da567d2309509d059ace016d5d7fc7514f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/samtools/htslib/commit/e64e68da567d2309509d059ace016d5d7fc7514f"
}
],
"source": {
"advisory": "GHSA-5w97-85gf-86rm",
"discovery": "UNKNOWN"
},
"title": "HTSlib CRAM decoder has a NULL Pointer Dereference"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-31964",
"datePublished": "2026-03-18T18:27:26.099Z",
"dateReserved": "2026-03-10T15:40:10.484Z",
"dateUpdated": "2026-03-18T18:46:29.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-31931 (GCVE-0-2026-31931)
Vulnerability from cvelistv5 – Published: 2026-04-02 14:01 – Updated: 2026-04-02 14:18- CWE-476 - NULL Pointer Dereference
| URL | Tags |
|---|---|
| https://github.com/OISF/suricata/security/advisor… | x_refsource_CONFIRM |
| https://redmine.openinfosecfoundation.org/issues/8294 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-31931",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-02T14:18:13.377669Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T14:18:27.902Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, use of the \"tls.alpn\" rule keyword can cause Suricata to crash with a NULL dereference. This issue has been patched in version 8.0.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T14:01:03.512Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-gr22-4784-xvw3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-gr22-4784-xvw3"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/8294",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/8294"
}
],
"source": {
"advisory": "GHSA-gr22-4784-xvw3",
"discovery": "UNKNOWN"
},
"title": "Suricata tls: null dereference in tls.alpn rule keyword"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-31931",
"datePublished": "2026-04-02T14:01:03.512Z",
"dateReserved": "2026-03-10T15:10:10.653Z",
"dateUpdated": "2026-04-02T14:18:27.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-31792 (GCVE-0-2026-31792)
Vulnerability from cvelistv5 – Published: 2026-03-10 18:00 – Updated: 2026-03-10 19:32- CWE-476 - NULL Pointer Dereference
| URL | Tags |
|---|---|
| https://github.com/InternationalColorConsortium/i… | x_refsource_CONFIRM |
| https://github.com/InternationalColorConsortium/i… | x_refsource_MISC |
| https://github.com/InternationalColorConsortium/i… | x_refsource_MISC |
| https://github.com/InternationalColorConsortium/i… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| InternationalColorConsortium | iccDEV |
Affected:
< 2.3.1.5
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-31792",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T19:23:52.951761Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T19:32:26.834Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iccDEV",
"vendor": "InternationalColorConsortium",
"versions": [
{
"status": "affected",
"version": "\u003c 2.3.1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a null pointer dereference in CIccTagXmlStruct::ParseTag() causing a segmentation fault or denial of service. This vulnerability is fixed in 2.3.1.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T18:00:29.364Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-j3mh-rjg5-8gw7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-j3mh-rjg5-8gw7"
},
{
"name": "https://github.com/InternationalColorConsortium/iccDEV/issues/633",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/InternationalColorConsortium/iccDEV/issues/633"
},
{
"name": "https://github.com/InternationalColorConsortium/iccDEV/pull/639",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/InternationalColorConsortium/iccDEV/pull/639"
},
{
"name": "https://github.com/InternationalColorConsortium/iccDEV/releases/tag/v2.3.1.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/InternationalColorConsortium/iccDEV/releases/tag/v2.3.1.5"
}
],
"source": {
"advisory": "GHSA-j3mh-rjg5-8gw7",
"discovery": "UNKNOWN"
},
"title": "iccDEV has a null pointer dereference in CIccTagXmlStruct::ParseTag()"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-31792",
"datePublished": "2026-03-10T18:00:29.364Z",
"dateReserved": "2026-03-09T16:33:42.912Z",
"dateUpdated": "2026-03-10T19:32:26.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-30986 (GCVE-0-2026-30986)
Vulnerability from cvelistv5 – Published: 2026-03-10 17:56 – Updated: 2026-03-10 19:32| URL | Tags |
|---|---|
| https://github.com/InternationalColorConsortium/i… | x_refsource_CONFIRM |
| https://github.com/InternationalColorConsortium/i… | x_refsource_MISC |
| https://github.com/InternationalColorConsortium/i… | x_refsource_MISC |
| https://github.com/InternationalColorConsortium/i… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| InternationalColorConsortium | iccDEV |
Affected:
< 2.3.1.5
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-30986",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T19:23:26.825515Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T19:32:27.085Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iccDEV",
"vendor": "InternationalColorConsortium",
"versions": [
{
"status": "affected",
"version": "\u003c 2.3.1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow write in CIccMatrixMath::SetRange() causing memory corruption or crash. This vulnerability is fixed in 2.3.1.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T17:56:44.676Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-w3g9-rmvh-49gh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-w3g9-rmvh-49gh"
},
{
"name": "https://github.com/InternationalColorConsortium/iccDEV/issues/620",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/InternationalColorConsortium/iccDEV/issues/620"
},
{
"name": "https://github.com/InternationalColorConsortium/iccDEV/pull/637",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/InternationalColorConsortium/iccDEV/pull/637"
},
{
"name": "https://github.com/InternationalColorConsortium/iccDEV/releases/tag/v2.3.1.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/InternationalColorConsortium/iccDEV/releases/tag/v2.3.1.5"
}
],
"source": {
"advisory": "GHSA-w3g9-rmvh-49gh",
"discovery": "UNKNOWN"
},
"title": "iccDEV has a heap-based buffer overflow write in CIccCLUT::Interp3d()"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-30986",
"datePublished": "2026-03-10T17:56:44.676Z",
"dateReserved": "2026-03-07T17:53:48.818Z",
"dateUpdated": "2026-03-10T19:32:27.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-29785 (GCVE-0-2026-29785)
Vulnerability from cvelistv5 – Published: 2026-03-25 19:38 – Updated: 2026-07-15 01:10| URL | Tags |
|---|---|
| https://github.com/nats-io/nats-server/security/a… | x_refsource_CONFIRM |
| https://github.com/nats-io/nats-server/commit/a14… | x_refsource_MISC |
| https://advisories.nats.io/CVE/secnote-2026-04.txt | x_refsource_MISC |
| https://access.redhat.com/security/cve/CVE-2026-29785 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2451444 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| https://access.redhat.com/errata/RHSA-2026:22347 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:21769 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:23345 | vendor-advisoryx_refsource_REDHAT |
| Vendor | Product | Version | |
|---|---|---|---|
| nats-io | nats-server |
Affected:
< 2.11.14
Affected: >= 2.12.0-RC.1, < 2.12.5 |
|
| Red Hat | Multicluster Global Hub 1.4.5 |
Unaffected:
1779579439 , < *
(rpm)
cpe:/a:redhat:multicluster_globalhub:1.4::el9 |
|
| Red Hat | Multicluster Global Hub 1.5.4 |
Unaffected:
1778867753 , < *
(rpm)
cpe:/a:redhat:multicluster_globalhub:1.5::el9 |
|
| Red Hat | Multicluster Global Hub 1.6.2 |
Unaffected:
1780167118 , < *
(rpm)
cpe:/a:redhat:multicluster_globalhub:1.6::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-29785",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-28T01:33:48.548539Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-28T01:34:06.528Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:multicluster_globalhub:1.4::el9"
],
"defaultStatus": "affected",
"packageName": "multicluster-globalhub/multicluster-globalhub-grafana-rhel9",
"product": "Multicluster Global Hub 1.4.5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1779579439",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:multicluster_globalhub:1.5::el9"
],
"defaultStatus": "affected",
"packageName": "multicluster-globalhub/multicluster-globalhub-grafana-rhel9",
"product": "Multicluster Global Hub 1.5.4",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1778867753",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:multicluster_globalhub:1.6::el9"
],
"defaultStatus": "affected",
"packageName": "multicluster-globalhub/multicluster-globalhub-grafana-rhel9",
"product": "Multicluster Global Hub 1.6.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1780167118",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "unaffected",
"packageName": "openshift4/oc-mirror-plugin-rhel9",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
}
],
"datePublic": "2026-03-25T19:38:44.587Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in NATS-Server. A remote attacker can exploit this vulnerability by connecting to a NATS-Server instance where the \u0027leafnode\u0027 configuration is enabled and compression is active. This pre-authentication flaw allows the attacker to trigger a server crash, resulting in a Denial of Service (DoS) for the affected system."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-409",
"description": "Improper Handling of Highly Compressed Data (Data Amplification)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T01:10:17.048Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-29785"
},
{
"name": "RHBZ#2451444",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451444"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-29785.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:22347: Multicluster Global Hub 1.4.5"
},
{
"lang": "en",
"value": "RHSA-2026:21769: Multicluster Global Hub 1.5.4"
},
{
"lang": "en",
"value": "RHSA-2026:23345: Multicluster Global Hub 1.6.2"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-25T20:01:35.121Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-03-25T19:38:44.587Z",
"value": "Made public."
}
],
"title": "github.com/nats-io/nats-server: NATS-Server: Denial of Service via leafnode compression",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "nats-server",
"vendor": "nats-io",
"versions": [
{
"status": "affected",
"version": "\u003c 2.11.14"
},
{
"status": "affected",
"version": "\u003e= 2.12.0-RC.1, \u003c 2.12.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.14 and 2.12.5, if the nats-server has the \"leafnode\" configuration enabled (not default), then anyone who can connect can crash the nats-server by triggering a panic. This happens pre-authentication and requires that compression be enabled (which it is, by default, when leafnodes are used). Versions 2.11.14 and 2.12.5 contain a fix. As a workaround, disable compression on the leafnode port."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T19:40:51.282Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nats-io/nats-server/security/advisories/GHSA-52jh-2xxh-pwh6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-52jh-2xxh-pwh6"
},
{
"name": "https://github.com/nats-io/nats-server/commit/a1488de6f2ba6e666aef0f9cce0016f7f167d6a8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nats-io/nats-server/commit/a1488de6f2ba6e666aef0f9cce0016f7f167d6a8"
},
{
"name": "https://advisories.nats.io/CVE/secnote-2026-04.txt",
"tags": [
"x_refsource_MISC"
],
"url": "https://advisories.nats.io/CVE/secnote-2026-04.txt"
}
],
"source": {
"advisory": "GHSA-52jh-2xxh-pwh6",
"discovery": "UNKNOWN"
},
"title": "NATS Server panic via malicious compression on leafnode port"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-29785",
"datePublished": "2026-03-25T19:38:44.587Z",
"dateReserved": "2026-03-04T16:26:02.899Z",
"dateUpdated": "2026-07-15T01:10:17.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-29781 (GCVE-0-2026-29781)
Vulnerability from cvelistv5 – Published: 2026-03-07 15:25 – Updated: 2026-03-09 18:26- CWE-476 - NULL Pointer Dereference
| URL | Tags |
|---|---|
| https://github.com/BishopFox/sliver/security/advi… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-29781",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-09T17:52:33.760045Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T18:26:52.610Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "sliver",
"vendor": "BishopFox",
"versions": [
{
"status": "affected",
"version": "\u003c= 1.7.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sliver is a command and control framework that uses a custom Wireguard netstack. In versions from 1.7.3 and prior, a vulnerability exists in the Sliver C2 server\u0027s Protobuf unmarshalling logic due to a systemic lack of nil-pointer validation. By extracting valid implant credentials and omitting nested fields in a signed message, an authenticated actor can trigger an unhandled runtime panic. Because the mTLS, WireGuard, and DNS transport layers lack the panic recovery middleware present in the HTTP transport, this results in a global process termination. While requiring post-authentication access (a captured implant), this flaw effectively acts as an infrastructure \"kill-switch,\" instantly severing all active sessions across the entire fleet and requiring a manual server restart to restore operations. At time of publication, there are no publicly available patches."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2.1,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-07T15:25:23.698Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/BishopFox/sliver/security/advisories/GHSA-hx52-cv84-jr5v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/BishopFox/sliver/security/advisories/GHSA-hx52-cv84-jr5v"
}
],
"source": {
"advisory": "GHSA-hx52-cv84-jr5v",
"discovery": "UNKNOWN"
},
"title": "Sliver: Authenticated Nil-Pointer Dereference in Handlers"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-29781",
"datePublished": "2026-03-07T15:25:23.698Z",
"dateReserved": "2026-03-04T16:26:02.898Z",
"dateUpdated": "2026-03-09T18:26:52.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-29169 (GCVE-0-2026-29169)
Vulnerability from cvelistv5 – Published: 2026-05-04 14:48 – Updated: 2026-05-05 20:23- CWE-476 - NULL Pointer Dereference
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache HTTP Server |
Affected:
0 , ≤ 2.4.66
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-29169",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-04T15:52:40.756863Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T15:53:03.670Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-05-05T20:23:49.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/04/20"
},
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/05/12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache HTTP Server",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.4.66",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pavel Kohout, Aisle Research, Aisle.com"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod_dav_lock is not used internally by mod_dav or mod_dav_fs.\u003cbr\u003e\u003cbr\u003eThe only known use-case for mod_dav_lock was mod_dav_svn from Apache Subversion earlier than version 1.2.0.\u003cbr\u003e\u003cbr\u003eUsers are recommended to upgrade to version 2.4.66, which fixes this issue, or remove mod_dav_lock.\u003cbr\u003e"
}
],
"value": "A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod_dav_lock is not used internally by mod_dav or mod_dav_fs.\n\nThe only known use-case for mod_dav_lock was mod_dav_svn from Apache Subversion earlier than version 1.2.0.\n\nUsers are recommended to upgrade to version 2.4.66, which fixes this issue, or remove mod_dav_lock."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T14:48:29.832Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2026-03-04T11:46:00.000Z",
"value": "Report received"
},
{
"lang": "eng",
"time": "2026-05-04T12:00:00.000Z",
"value": "2.4.67 released"
},
{
"lang": "en",
"time": "2026-05-04T12:00:00.000Z",
"value": "fixed in 2.4.x by r1933354"
}
],
"title": "Apache HTTP Server: mod_dav_lock indirect lock crash",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2026-29169",
"datePublished": "2026-05-04T14:48:29.832Z",
"dateReserved": "2026-03-04T11:50:32.014Z",
"dateUpdated": "2026-05-05T20:23:49.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28522 (GCVE-0-2026-28522)
Vulnerability from cvelistv5 – Published: 2026-03-15 13:36 – Updated: 2026-05-26 11:52- CWE-476 - NULL Pointer Dereference
| URL | Tags |
|---|---|
| https://src.tuya.com/announcement/32 | vendor-advisory |
| https://github.com/tuya/arduino-TuyaOpen | product |
| https://www.vulncheck.com/advisories/arduino-tuya… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Tuya | arduino-TuyaOpen |
Affected:
0 , < 1.2.1
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28522",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-16T14:12:51.483461Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T14:20:18.964Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "arduino-TuyaOpen",
"vendor": "Tuya",
"versions": [
{
"lessThan": "1.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maxime ROSSI BELLOM"
}
],
"datePublic": "2026-03-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "arduino-TuyaOpen before version 1.2.1 contains a null pointer dereference vulnerability in the WiFiUDP component. An attacker on the same local area network can send a large volume of malicious UDP packets that trigger a null pointer dereference, resulting in a denial-of-service condition."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T11:52:08.514Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Tuya SRC Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://src.tuya.com/announcement/32"
},
{
"name": "arduino-TuyaOpen GitHub Repository",
"tags": [
"product"
],
"url": "https://github.com/tuya/arduino-TuyaOpen"
},
{
"name": "VulnCheck Advisory: arduino-TuyaOpen WiFiUDP Null Pointer Dereference Denial of Service",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/arduino-tuyaopen-wifiudp-null-pointer-dereference-denial-of-service"
}
],
"title": "arduino-TuyaOpen WiFiUDP Null Pointer Dereference Denial of Service",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-28522",
"datePublished": "2026-03-15T13:36:52.798Z",
"dateReserved": "2026-02-27T21:07:55.467Z",
"dateUpdated": "2026-05-26T11:52:08.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28390 (GCVE-0-2026-28390)
Vulnerability from cvelistv5 – Published: 2026-04-07 22:00 – Updated: 2026-05-12 12:09- CWE-476 - NULL Pointer Dereference
| Vendor | Product | Version | |
|---|---|---|---|
| OpenSSL | OpenSSL |
Affected:
3.6.0 , < 3.6.2
(semver)
Affected: 3.5.0 , < 3.5.6 (semver) Affected: 3.4.0 , < 3.4.5 (semver) Affected: 3.3.0 , < 3.3.7 (semver) Affected: 3.0.0 , < 3.0.20 (semver) Affected: 1.1.1 , < 1.1.1zg (custom) Affected: 1.0.2 , < 1.0.2zp (custom) |
|
| Siemens | SIMATIC CN 4100 |
Affected:
0 , < V5.0
(custom)
|
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-28390",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-10T20:24:15.925981Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T20:26:06.061Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC CN 4100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:09:02.294Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.6.2",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"lessThan": "3.5.6",
"status": "affected",
"version": "3.5.0",
"versionType": "semver"
},
{
"lessThan": "3.4.5",
"status": "affected",
"version": "3.4.0",
"versionType": "semver"
},
{
"lessThan": "3.3.7",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
},
{
"lessThan": "3.0.20",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThan": "1.1.1zg",
"status": "affected",
"version": "1.1.1",
"versionType": "custom"
},
{
"lessThan": "1.0.2zp",
"status": "affected",
"version": "1.0.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Muhammad Daffa"
},
{
"lang": "en",
"type": "reporter",
"value": "Zhanpeng Liu (Tencent Xuanwu Lab)"
},
{
"lang": "en",
"type": "reporter",
"value": "Guannan Wang (Tencent Xuanwu Lab)"
},
{
"lang": "en",
"type": "reporter",
"value": "Guancheng Li (Tencent Xuanwu Lab)"
},
{
"lang": "en",
"type": "reporter",
"value": "Joshua Rogers (Aisle Research)"
},
{
"lang": "en",
"type": "reporter",
"value": "Chanho Kim"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Neil Horman"
}
],
"datePublic": "2026-04-07T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: During processing of a crafted CMS EnvelopedData message\u003cbr\u003ewith KeyTransportRecipientInfo a NULL pointer dereference can happen.\u003cbr\u003e\u003cbr\u003eImpact summary: Applications that process attacker-controlled CMS data may\u003cbr\u003ecrash before authentication or cryptographic operations occur resulting in\u003cbr\u003eDenial of Service.\u003cbr\u003e\u003cbr\u003eWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\u003cbr\u003eRSA-OAEP encryption is processed, the optional parameters field of\u003cbr\u003eRSA-OAEP SourceFunc algorithm identifier is examined without checking\u003cbr\u003efor its presence. This results in a NULL pointer dereference if the field\u003cbr\u003eis missing.\u003cbr\u003e\u003cbr\u003eApplications and services that call CMS_decrypt() on untrusted input\u003cbr\u003e(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\u003cbr\u003eissue, as the affected code is outside the OpenSSL FIPS module boundary."
}
],
"value": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Low"
},
"type": "https://openssl-library.org/policies/general/security-policy/"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T07:28:22.729Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://openssl-library.org/news/secadv/20260407.txt"
},
{
"name": "3.6.2 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc"
},
{
"name": "3.5.6 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6"
},
{
"name": "3.4.5 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788"
},
{
"name": "3.3.7 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75"
},
{
"name": "3.0.20 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2026-28390",
"datePublished": "2026-04-07T22:00:54.172Z",
"dateReserved": "2026-02-27T13:45:02.161Z",
"dateUpdated": "2026-05-12T12:09:02.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.