CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-4G6F-5R4H-C449
Vulnerability from github – Published: 2024-12-27 15:31 – Updated: 2025-11-03 21:31In the Linux kernel, the following vulnerability has been resolved:
tipc: fix NULL deref in cleanup_bearer()
syzbot found [1] that after blamed commit, ub->ubsock->sk was NULL when attempting the atomic_dec() :
atomic_dec(&tipc_net(sock_net(ub->ubsock->sk))->wq_count);
Fix this by caching the tipc_net pointer.
[1]
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] CPU: 0 UID: 0 PID: 5896 Comm: kworker/0:3 Not tainted 6.13.0-rc1-next-20241203-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: events cleanup_bearer RIP: 0010:read_pnet include/net/net_namespace.h:387 [inline] RIP: 0010:sock_net include/net/sock.h:655 [inline] RIP: 0010:cleanup_bearer+0x1f7/0x280 net/tipc/udp_media.c:820 Code: 18 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 3c f7 99 f6 48 8b 1b 48 83 c3 30 e8 f0 e4 60 00 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 1a f7 99 f6 49 83 c7 e8 48 8b 1b RSP: 0018:ffffc9000410fb70 EFLAGS: 00010206 RAX: 0000000000000006 RBX: 0000000000000030 RCX: ffff88802fe45a00 RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffc9000410f900 RBP: ffff88807e1f0908 R08: ffffc9000410f907 R09: 1ffff92000821f20 R10: dffffc0000000000 R11: fffff52000821f21 R12: ffff888031d19980 R13: dffffc0000000000 R14: dffffc0000000000 R15: ffff88807e1f0918 FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000556ca050b000 CR3: 0000000031c0c000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
{
"affected": [],
"aliases": [
"CVE-2024-56661"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T15:15:25Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix NULL deref in cleanup_bearer()\n\nsyzbot found [1] that after blamed commit, ub-\u003eubsock-\u003esk\nwas NULL when attempting the atomic_dec() :\n\natomic_dec(\u0026tipc_net(sock_net(ub-\u003eubsock-\u003esk))-\u003ewq_count);\n\nFix this by caching the tipc_net pointer.\n\n[1]\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]\nCPU: 0 UID: 0 PID: 5896 Comm: kworker/0:3 Not tainted 6.13.0-rc1-next-20241203-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: events cleanup_bearer\n RIP: 0010:read_pnet include/net/net_namespace.h:387 [inline]\n RIP: 0010:sock_net include/net/sock.h:655 [inline]\n RIP: 0010:cleanup_bearer+0x1f7/0x280 net/tipc/udp_media.c:820\nCode: 18 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 3c f7 99 f6 48 8b 1b 48 83 c3 30 e8 f0 e4 60 00 48 89 d8 48 c1 e8 03 \u003c42\u003e 80 3c 28 00 74 08 48 89 df e8 1a f7 99 f6 49 83 c7 e8 48 8b 1b\nRSP: 0018:ffffc9000410fb70 EFLAGS: 00010206\nRAX: 0000000000000006 RBX: 0000000000000030 RCX: ffff88802fe45a00\nRDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffc9000410f900\nRBP: ffff88807e1f0908 R08: ffffc9000410f907 R09: 1ffff92000821f20\nR10: dffffc0000000000 R11: fffff52000821f21 R12: ffff888031d19980\nR13: dffffc0000000000 R14: dffffc0000000000 R15: ffff88807e1f0918\nFS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000556ca050b000 CR3: 0000000031c0c000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400",
"id": "GHSA-4g6f-5r4h-c449",
"modified": "2025-11-03T21:31:59Z",
"published": "2024-12-27T15:31:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56661"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/07b569eda6fe6a1e83be5a587abee12d1303f95e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/754ec823ee53422361da7958a8c8bf3275426912"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/89ecda492d0a37fd00aaffc4151f1f44c26d93ac"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a771f349c95d3397636861a0a6462d4a7a7ecb25"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a852c82eda4991e21610837aaa160965be71f5cc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b04d86fff66b15c07505d226431f808c15b1703c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d1d4dfb189a115734bff81c411bc58d9e348db7d"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4G78-VC7Q-C4J6
Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-12-04 15:30In the Linux kernel, the following vulnerability has been resolved:
ASoC: qcom: Add checks for devm_kcalloc
As the devm_kcalloc may return NULL, the return value needs to be checked to avoid NULL poineter dereference.
{
"affected": [],
"aliases": [
"CVE-2022-50308"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-15T15:15:42Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: Add checks for devm_kcalloc\n\nAs the devm_kcalloc may return NULL, the return value needs to be checked\nto avoid NULL poineter dereference.",
"id": "GHSA-4g78-vc7q-c4j6",
"modified": "2025-12-04T15:30:30Z",
"published": "2025-09-15T15:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50308"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1bf5ee979076ceb121ee51c95197d890b1cee7f4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4518d7cc38b7d1a7ce5a7878ca601c91e19fe47d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7830e2289eb4b74970b6cd1b6cc68dcd021c2281"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b1e4f92dd0c1d3c162d7ca6c1196995565cca96d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f849c116d320e85d1e2c2804c0edb0be3953b62d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4G83-M3VP-774R
Vulnerability from github – Published: 2022-05-02 06:09 – Updated: 2022-05-02 06:09The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.32.4, when network namespaces are enabled, allows remote attackers to cause a denial of service (NULL pointer dereference) via an invalid IPv6 jumbogram, a related issue to CVE-2007-4567.
{
"affected": [],
"aliases": [
"CVE-2010-0006"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-01-26T18:30:00Z",
"severity": "HIGH"
},
"details": "The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.32.4, when network namespaces are enabled, allows remote attackers to cause a denial of service (NULL pointer dereference) via an invalid IPv6 jumbogram, a related issue to CVE-2007-4567.",
"id": "GHSA-4g83-m3vp-774r",
"modified": "2022-05-02T06:09:42Z",
"published": "2022-05-02T06:09:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0006"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2010-0006"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=555217"
},
{
"type": "WEB",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=300951"
},
{
"type": "WEB",
"url": "http://cert.fi/en/reports/2010/vulnerability341748.html"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2570a4f5428bcdb1077622342181755741e7fa60"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2570a4f5428bcdb1077622342181755741e7fa60"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034250.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html"
},
{
"type": "WEB",
"url": "http://marc.info/?l=linux-netdev\u0026m=126343325807340\u0026w=2"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/38168"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/38333"
},
{
"type": "WEB",
"url": "http://security-tracker.debian.org/tracker/CVE-2010-0006"
},
{
"type": "WEB",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.4"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2010/01/14/2"
},
{
"type": "WEB",
"url": "http://www.osvdb.org/61876"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/37810"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-4G89-MG9X-4CHC
Vulnerability from github – Published: 2025-02-18 18:33 – Updated: 2025-02-19 15:32An issue was discovered in Fluent Bit 3.1.9. When the OpenTelemetry input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user (with access to the endpoint) to perform a remote Denial of service attack. The crash happens because of a NULL pointer dereference when 0 (from the Content-Length) is passed to the function cfl_sds_len, which in turn tries to cast a NULL pointer into struct cfl_sds. This is related to process_payload_traces_proto_ng() at opentelemetry_prot.c.
{
"affected": [],
"aliases": [
"CVE-2024-50609"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-18T18:15:25Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Fluent Bit 3.1.9. When the OpenTelemetry input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user (with access to the endpoint) to perform a remote Denial of service attack. The crash happens because of a NULL pointer dereference when 0 (from the Content-Length) is passed to the function cfl_sds_len, which in turn tries to cast a NULL pointer into struct cfl_sds. This is related to process_payload_traces_proto_ng() at opentelemetry_prot.c.",
"id": "GHSA-4g89-mg9x-4chc",
"modified": "2025-02-19T15:32:12Z",
"published": "2025-02-18T18:33:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50609"
},
{
"type": "WEB",
"url": "https://fluentbit.io/announcements"
},
{
"type": "WEB",
"url": "https://github.com/fluent/fluent-bit/releases"
},
{
"type": "WEB",
"url": "https://www.ebryx.com/blogs/exploring-cve-2024-50608-and-cve-2024-50609"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4G95-MJCF-CXRR
Vulnerability from github – Published: 2021-12-22 00:00 – Updated: 2022-04-02 00:00A Null Pointer Dereference vulnerability exists in the gf_sg_vrml_mf_alloc function, which causes a segmentation fault and application crash.
{
"affected": [],
"aliases": [
"CVE-2021-44919"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-21T21:15:00Z",
"severity": "MODERATE"
},
"details": "A Null Pointer Dereference vulnerability exists in the gf_sg_vrml_mf_alloc function, which causes a segmentation fault and application crash.",
"id": "GHSA-4g95-mjcf-cxrr",
"modified": "2022-04-02T00:00:51Z",
"published": "2021-12-22T00:00:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44919"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/issues/1963"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4G9F-63RX-5CW4
Vulnerability from github – Published: 2020-09-25 18:28 – Updated: 2024-10-28 20:05Impact
The tf.raw_ops.Switch operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor.
However, the eager runtime traverses all tensors in the output: https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/core/common_runtime/eager/kernel_and_device.cc#L308-L313
Since only one of the tensors is defined, the other one is nullptr, hence we are binding a reference to nullptr. This is undefined behavior and reported as an error if compiling with -fsanitize=null. In this case, this results in a segmentation fault
Patches
We have patched the issue in da8558533d925694483d2c136a9220d6d49d843c and will release a patch release for all affected versions.
We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by members of the Aivul Team from Qihoo 360.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.15.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.1.0"
},
{
"fixed": "2.1.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.2.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.3.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.15.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.1.0"
},
{
"fixed": "2.1.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.2.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.3.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.15.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.1.0"
},
{
"fixed": "2.1.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.2.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.3.0"
]
}
],
"aliases": [
"CVE-2020-15190"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-476"
],
"github_reviewed": true,
"github_reviewed_at": "2020-09-25T16:14:42Z",
"nvd_published_at": "2020-09-25T19:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nThe [`tf.raw_ops.Switch`](https://www.tensorflow.org/api_docs/python/tf/raw_ops/Switch) operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor.\n\nHowever, the eager runtime traverses all tensors in the output:\nhttps://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/core/common_runtime/eager/kernel_and_device.cc#L308-L313\n\nSince only one of the tensors is defined, the other one is `nullptr`, hence we are binding a reference to `nullptr`. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. In this case, this results in a segmentation fault\n\n### Patches\nWe have patched the issue in da8558533d925694483d2c136a9220d6d49d843c and will release a patch release for all affected versions.\n\nWe recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by members of the Aivul Team from Qihoo 360.",
"id": "GHSA-4g9f-63rx-5cw4",
"modified": "2024-10-28T20:05:37Z",
"published": "2020-09-25T18:28:14Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4g9f-63rx-5cw4"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15190"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/da8558533d925694483d2c136a9220d6d49d843c"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2020-270.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2020-305.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2020-113.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Segfault in Tensorflow"
}
GHSA-4GP5-H62V-PF2F
Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2024-03-21 03:34** UNSUPPORTED WHEN ASSIGNED **Null Pointer Dereference vulnerability in D-Link DIR-825 2.10b02, which could let a remote malicious user cause a denial of service. The vulnerability could be triggered by sending an HTTP request with URL /vct_wan; the sbin/httpd would invoke the strchr function and take NULL as a first argument, which finally leads to the segmentation fault. NOTE: The DIR-825 and all hardware revisions is considered End of Life and as such this issue will not be patched.
{
"affected": [],
"aliases": [
"CVE-2021-29296"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-10T20:15:00Z",
"severity": "HIGH"
},
"details": "** UNSUPPORTED WHEN ASSIGNED **Null Pointer Dereference vulnerability in D-Link DIR-825 2.10b02, which could let a remote malicious user cause a denial of service. The vulnerability could be triggered by sending an HTTP request with URL /vct_wan; the sbin/httpd would invoke the strchr function and take NULL as a first argument, which finally leads to the segmentation fault. NOTE: The DIR-825 and all hardware revisions is considered End of Life and as such this issue will not be patched.",
"id": "GHSA-4gp5-h62v-pf2f",
"modified": "2024-03-21T03:34:05Z",
"published": "2022-05-24T19:10:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29296"
},
{
"type": "WEB",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10212"
},
{
"type": "WEB",
"url": "https://www.dlink.com/en/security-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4GPQ-JPQC-J6V2
Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2024-03-21 03:34** UNSUPPORTED WHEN ASSIGNED ** Null Pointer Dereference vulnerability exists in D-Link DSL-2740R UK_1.01, which could let a remove malicious user cause a denial of service via the send_hnap_unauthorized function. It could be triggered by sending crafted POST request to /HNAP1/. NOTE: The DSL-2740R and all hardware revisions are considered End of Life and as such this issue will not be patched.
{
"affected": [],
"aliases": [
"CVE-2021-29294"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-10T20:15:00Z",
"severity": "HIGH"
},
"details": "** UNSUPPORTED WHEN ASSIGNED ** Null Pointer Dereference vulnerability exists in D-Link DSL-2740R UK_1.01, which could let a remove malicious user cause a denial of service via the send_hnap_unauthorized function. It could be triggered by sending crafted POST request to /HNAP1/. NOTE: The DSL-2740R and all hardware revisions are considered End of Life and as such this issue will not be patched.",
"id": "GHSA-4gpq-jpqc-j6v2",
"modified": "2024-03-21T03:34:05Z",
"published": "2022-05-24T19:10:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29294"
},
{
"type": "WEB",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10213"
},
{
"type": "WEB",
"url": "https://www.dlink.com/en/security-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4GW2-R6X4-XXXG
Vulnerability from github – Published: 2024-09-11 18:31 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
mmc: mmc_test: Fix NULL dereference on allocation failure
If the "test->highmem = alloc_pages()" allocation fails then calling __free_pages(test->highmem) will result in a NULL dereference. Also change the error code to -ENOMEM instead of returning success.
{
"affected": [],
"aliases": [
"CVE-2024-45028"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-11T16:15:07Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: mmc_test: Fix NULL dereference on allocation failure\n\nIf the \"test-\u003ehighmem = alloc_pages()\" allocation fails then calling\n__free_pages(test-\u003ehighmem) will result in a NULL dereference. Also\nchange the error code to -ENOMEM instead of returning success.",
"id": "GHSA-4gw2-r6x4-xxxg",
"modified": "2025-11-04T00:31:23Z",
"published": "2024-09-11T18:31:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45028"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2b507b03991f44dfb202fc2a82c9874d1b1f0c06"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3b4e76ceae5b5a46c968bd952f551ce173809f63"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9b9ba386d7bfdbc38445932c90fa9444c0524bea"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a1e627af32ed60713941cbfc8075d44cad07f6dd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cac2815f49d343b2f0acc4973d2c14918ac3ab0c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e40515582141a9e7c84b269be699c05236a499a6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e97be13a9f51284da450dd2a592e3fa87b49cdc9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ecb15b8ca12c0cbdab81e307e9795214d8b90890"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4GXP-6CHJ-C99R
Vulnerability from github – Published: 2024-03-27 06:30 – Updated: 2025-11-04 21:31Mesa 23.0.4 was discovered to contain a NULL pointer dereference in check_xshm() for the has_error state. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrated.
{
"affected": [],
"aliases": [
"CVE-2023-45931"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-27T04:15:11Z",
"severity": "HIGH"
},
"details": "Mesa 23.0.4 was discovered to contain a NULL pointer dereference in check_xshm() for the has_error state. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrated.",
"id": "GHSA-4gxp-6chj-c99r",
"modified": "2025-11-04T21:31:22Z",
"published": "2024-03-27T06:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45931"
},
{
"type": "WEB",
"url": "https://gitlab.freedesktop.org/mesa/mesa/-/issues/9859"
},
{
"type": "WEB",
"url": "https://seclists.org/fulldisclosure/2024/Jan/71"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/176813/Mesa-23.0.4-Null-Pointer.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jan/59"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jan/71"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.