Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-5444-33R6-WMW7

Vulnerability from github – Published: 2022-01-07 00:00 – Updated: 2023-05-27 06:30
VLAI
Details

A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1via ShiftMetaOffset.isra, which causes a Denial of Service (context-dependent).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-46044"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-06T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1via ShiftMetaOffset.isra, which causes a Denial of Service (context-dependent).",
  "id": "GHSA-5444-33r6-wmw7",
  "modified": "2023-05-27T06:30:37Z",
  "published": "2022-01-07T00:00:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46044"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/issues/2006"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5411"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-544Q-M99H-WG4H

Vulnerability from github – Published: 2025-12-18 21:31 – Updated: 2025-12-19 18:31
VLAI
Details

A denial-of-service vulnerability exists in the omec-project UPF (component upf-epc/pfcpiface) up to at least version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Association Setup Request that is missing the mandatory NodeID Information Element, the association setup handler dereferences a nil pointer instead of validating the message, causing a panic and terminating the UPF process. An attacker who can send PFCP Association Setup Request messages to the UPF's N4/PFCP endpoint can exploit this issue to repeatedly crash the UPF and disrupt user-plane services.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-65563"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-18T19:16:33Z",
    "severity": "HIGH"
  },
  "details": "A denial-of-service vulnerability exists in the omec-project UPF (component upf-epc/pfcpiface) up to at least version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Association Setup Request that is missing the mandatory NodeID Information Element, the association setup handler dereferences a nil pointer instead of validating the message, causing a panic and terminating the UPF process. An attacker who can send PFCP Association Setup Request messages to the UPF\u0027s N4/PFCP endpoint can exploit this issue to repeatedly crash the UPF and disrupt user-plane services.",
  "id": "GHSA-544q-m99h-wg4h",
  "modified": "2025-12-19T18:31:12Z",
  "published": "2025-12-18T21:31:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65563"
    },
    {
      "type": "WEB",
      "url": "https://github.com/omec-project/upf/issues/955"
    },
    {
      "type": "WEB",
      "url": "https://github.com/omec-project/upf/pull/963"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-544V-7W28-M77X

Vulnerability from github – Published: 2022-08-31 00:00 – Updated: 2022-09-07 00:01
VLAI
Details

res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-46837"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-30T07:15:00Z",
    "severity": "MODERATE"
  },
  "details": "res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation.",
  "id": "GHSA-544v-7w28-m77x",
  "modified": "2022-09-07T00:01:49Z",
  "published": "2022-08-31T00:00:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46837"
    },
    {
      "type": "WEB",
      "url": "https://downloads.asterisk.org/pub/security/AST-2021-006.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5285"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-547M-23X7-CXG5

Vulnerability from github – Published: 2024-01-03 09:30 – Updated: 2024-11-22 18:17
VLAI
Summary
PaddlePaddle null pointer dereference in paddle.nextafter
Details

Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "PaddlePaddle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.6.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-52302"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-03T20:10:38Z",
    "nvd_published_at": "2024-01-03T09:15:09Z",
    "severity": "MODERATE"
  },
  "details": "Nullptr in paddle.nextafter\u00a0in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.\n\n\n\n",
  "id": "GHSA-547m-23x7-cxg5",
  "modified": "2024-11-22T18:17:42Z",
  "published": "2024-01-03T09:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52302"
    },
    {
      "type": "WEB",
      "url": "https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/PaddlePaddle/Paddle"
    },
    {
      "type": "WEB",
      "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-011.md"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-134.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "PaddlePaddle null pointer dereference in paddle.nextafter"
}

GHSA-54CH-GJQ5-4976

Vulnerability from github – Published: 2022-05-24 22:12 – Updated: 2022-05-24 22:12
VLAI
Summary
Segfault due to missing support for quantized types
Details

Impact

There is a potential for segfault / denial of service in TensorFlow by calling tf.compat.v1.* ops which don't yet have support for quantized types (added after migration to TF 2.x):

import numpy as np
import tensorflow as tf

tf.compat.v1.placeholder_with_default(input=np.array([2]),shape=tf.constant(dtype=tf.qint8, value=np.array([1])))

In these scenarios, since the kernel is missing, a nullptr value is passed to ParseDimensionValue for the py_value argument. Then, this is dereferenced, resulting in segfault.

Patches

We have patched the issue in GitHub commit 237822b59fc504dda2c564787f5d3ad9c4aa62d9.

The fix will be included in TensorFlow 2.9.0. We will also cherrypick this commit on TensorFlow 2.8.1, TensorFlow 2.7.2, and TensorFlow 2.6.4, as these are also affected and still in supported range.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by Hong Jin from Singapore Management University.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.6.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.7.0"
            },
            {
              "fixed": "2.7.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.8.0"
            },
            {
              "fixed": "2.8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.6.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.7.0"
            },
            {
              "fixed": "2.7.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.8.0"
            },
            {
              "fixed": "2.8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.6.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.7.0"
            },
            {
              "fixed": "2.7.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.8.0"
            },
            {
              "fixed": "2.8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-29205"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476",
      "CWE-908"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-05-24T22:12:52Z",
    "nvd_published_at": "2022-05-20T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nThere is a potential for segfault / denial of service in TensorFlow by calling `tf.compat.v1.*` ops which don\u0027t yet have support for quantized types (added after migration to TF 2.x):\n\n```python\nimport numpy as np\nimport tensorflow as tf\n\ntf.compat.v1.placeholder_with_default(input=np.array([2]),shape=tf.constant(dtype=tf.qint8, value=np.array([1])))\n```\n\nIn these scenarios, since the kernel is missing, a [`nullptr` value is passed](https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/eager/pywrap_tfe_src.cc#L480-L482) to [`ParseDimensionValue`](https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/eager/pywrap_tfe_src.cc#L296-L320) for the `py_value` argument. Then, this is dereferenced, resulting in segfault.\n\n### Patches\nWe have patched the issue in GitHub commit [237822b59fc504dda2c564787f5d3ad9c4aa62d9](https://github.com/tensorflow/tensorflow/commit/237822b59fc504dda2c564787f5d3ad9c4aa62d9).\n\nThe fix will be included in TensorFlow 2.9.0. We will also cherrypick this commit on TensorFlow 2.8.1, TensorFlow 2.7.2, and TensorFlow 2.6.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by Hong Jin from Singapore Management University.",
  "id": "GHSA-54ch-gjq5-4976",
  "modified": "2022-05-24T22:12:52Z",
  "published": "2022-05-24T22:12:52Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-54ch-gjq5-4976"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29205"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/commit/237822b59fc504dda2c564787f5d3ad9c4aa62d9"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tensorflow/tensorflow"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/eager/pywrap_tfe_src.cc#L296-L320"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/eager/pywrap_tfe_src.cc#L480-L482"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Segfault due to missing support for quantized types"
}

GHSA-54H6-8X6R-VR9V

Vulnerability from github – Published: 2022-05-17 00:26 – Updated: 2022-05-17 00:26
VLAI
Details

An issue was discovered in Irssi before 1.0.4. When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-10965"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-07-07T14:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered in Irssi before 1.0.4. When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer.",
  "id": "GHSA-54h6-8x6r-vr9v",
  "modified": "2022-05-17T00:26:31Z",
  "published": "2022-05-17T00:26:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10965"
    },
    {
      "type": "WEB",
      "url": "https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291"
    },
    {
      "type": "WEB",
      "url": "https://irssi.org/security/irssi_sa_2017_07.txt"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2017/dsa-4016"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-54HC-GQ3W-C935

Vulnerability from github – Published: 2024-11-19 18:31 – Updated: 2024-11-20 18:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/i915/hdcp: Add encoder check in hdcp2_get_capability

Add encoder check in intel_hdcp2_get_capability to avoid null pointer error.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-53050"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-19T18:15:25Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/hdcp: Add encoder check in hdcp2_get_capability\n\nAdd encoder check in intel_hdcp2_get_capability to avoid\nnull pointer error.",
  "id": "GHSA-54hc-gq3w-c935",
  "modified": "2024-11-20T18:32:16Z",
  "published": "2024-11-19T18:31:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53050"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5b89dcf23575eb5bb95ce8d672cbc2232c2eb096"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d34f4f058edf1235c103ca9c921dc54820d14d40"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-54JG-MRHP-6457

Vulnerability from github – Published: 2024-06-07 00:30 – Updated: 2024-10-15 21:30
VLAI
Details

dnspod-sr 0dfbd37 contains a SEGV.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-22525"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-06T22:15:10Z",
    "severity": "MODERATE"
  },
  "details": "dnspod-sr 0dfbd37 contains a SEGV.",
  "id": "GHSA-54jg-mrhp-6457",
  "modified": "2024-10-15T21:30:35Z",
  "published": "2024-06-07T00:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22525"
    },
    {
      "type": "WEB",
      "url": "https://github.com/DNSPod/dnspod-sr/issues/61"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-54JH-FPRR-26MW

Vulnerability from github – Published: 2022-05-14 03:32 – Updated: 2025-04-20 03:48
VLAI
Details

drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-16646"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-11-07T23:29:00Z",
    "severity": "HIGH"
  },
  "details": "drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device.",
  "id": "GHSA-54jh-fprr-26mw",
  "modified": "2025-04-20T03:48:09Z",
  "published": "2022-05-14T03:32:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16646"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/d/msg/syzkaller/-d6ilzbVu_g/OBy8_62mAwAJ"
    },
    {
      "type": "WEB",
      "url": "https://patchwork.linuxtv.org/patch/45291"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3617-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3617-2"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3617-3"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3619-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3619-2"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101846"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-54P3-947H-6FPR

Vulnerability from github – Published: 2022-01-22 00:00 – Updated: 2022-01-28 00:03
VLAI
Details

NULL Pointer Dereference in Homebrew mruby prior to 3.2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-0326"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-21T07:15:00Z",
    "severity": "MODERATE"
  },
  "details": "NULL Pointer Dereference in Homebrew mruby prior to 3.2.",
  "id": "GHSA-54p3-947h-6fpr",
  "modified": "2022-01-28T00:03:47Z",
  "published": "2022-01-22T00:00:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0326"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mruby/mruby/commit/b611c43a5de061ec21b343967e1b64c45c373d7e"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/795dcbd9-1695-44bb-8c59-ad327c97c976"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.