CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6309 vulnerabilities reference this CWE, most recent first.
GHSA-5CQ4-QJGG-QX47
Vulnerability from github – Published: 2022-09-30 00:00 – Updated: 2022-10-01 00:00NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959.
{
"affected": [],
"aliases": [
"CVE-2022-1725"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-29T03:15:00Z",
"severity": "MODERATE"
},
"details": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959.",
"id": "GHSA-5cq4-qjgg-qx47",
"modified": "2022-10-01T00:00:19Z",
"published": "2022-09-30T00:00:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1725"
},
{
"type": "WEB",
"url": "https://github.com/vim/vim/commit/b62dc5e7825bc195efe3041d5b3a9f1528359e1c"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/4363cf07-233e-4d0a-a1d5-c731a400525c"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213488"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5CR7-8523-MGR2
Vulnerability from github – Published: 2026-05-08 15:31 – Updated: 2026-05-15 21:31In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix NULL pointer dereference in dcn401_init_hw()
dcn401_init_hw() assumes that update_bw_bounding_box() is valid when entering the update path. However, the existing condition:
((!fams2_enable && update_bw_bounding_box) || freq_changed)
does not guarantee this, as the freq_changed branch can evaluate to true independently of the callback pointer.
This can result in calling update_bw_bounding_box() when it is NULL.
Fix this by separating the update condition from the pointer checks and ensuring the callback, dc->clk_mgr, and bw_params are validated before use.
Fixes the below: ../dc/hwss/dcn401/dcn401_hwseq.c:367 dcn401_init_hw() error: we previously assumed 'dc->res_pool->funcs->update_bw_bounding_box' could be null (see line 362)
(cherry picked from commit 86117c5ab42f21562fedb0a64bffea3ee5fcd477)
{
"affected": [],
"aliases": [
"CVE-2026-43337"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-08T14:16:43Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix NULL pointer dereference in dcn401_init_hw()\n\ndcn401_init_hw() assumes that update_bw_bounding_box() is valid when\nentering the update path. However, the existing condition:\n\n ((!fams2_enable \u0026\u0026 update_bw_bounding_box) || freq_changed)\n\ndoes not guarantee this, as the freq_changed branch can evaluate to true\nindependently of the callback pointer.\n\nThis can result in calling update_bw_bounding_box() when it is NULL.\n\nFix this by separating the update condition from the pointer checks and\nensuring the callback, dc-\u003eclk_mgr, and bw_params are validated before\nuse.\n\nFixes the below:\n../dc/hwss/dcn401/dcn401_hwseq.c:367 dcn401_init_hw() error: we previously assumed \u0027dc-\u003eres_pool-\u003efuncs-\u003eupdate_bw_bounding_box\u0027 could be null (see line 362)\n\n(cherry picked from commit 86117c5ab42f21562fedb0a64bffea3ee5fcd477)",
"id": "GHSA-5cr7-8523-mgr2",
"modified": "2026-05-15T21:31:30Z",
"published": "2026-05-08T15:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43337"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/10c13c111d0d7f8e101c742feff264fc98e3f9f7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2d4a6f0702c5211e0be8b688c5fc24f082ec74d6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e927b36ae18b66b49219eaa9f46edc7b4fdbb25e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5CRJ-C72X-M7GQ
Vulnerability from github – Published: 2021-11-10 18:55 – Updated: 2024-11-07 22:15Impact
The process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when nodes that should be paired are not:
import tensorflow as tf
@tf.function
def func():
return tf.raw_ops.Exit(data=[False,False])
func()
This occurs because the code assumes that the first node in the pairing (e.g., an Enter node) always exists when encountering the second node (e.g., an Exit node):
...
} else if (IsExit(curr_node)) {
// Exit to the parent frame.
parent = parent_nodes[curr_id];
frame_name = cf_info->frame_names[parent->id()];
...
When this is not the case, parent is nullptr so dereferencing it causes a crash.
Patches
We have patched the issue in GitHub commit 05cbebd3c6bb8f517a158b0155debb8df79017ff.
The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by members of the Aivul Team from Qihoo 360.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-41217"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": true,
"github_reviewed_at": "2021-11-08T22:12:27Z",
"nvd_published_at": "2021-11-05T21:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nThe [process of building the control flow graph](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/common_runtime/immutable_executor_state.cc#L284-L346) for a TensorFlow model is vulnerable to a null pointer exception when nodes that should be paired are not:\n \n```python\nimport tensorflow as tf\n \n@tf.function\ndef func():\n return tf.raw_ops.Exit(data=[False,False])\n \nfunc()\n```\n\nThis occurs because the code assumes that the first node in the pairing (e.g., an `Enter` node) always exists when encountering the second node (e.g., an `Exit` node):\n \n```cc\n ...\n} else if (IsExit(curr_node)) {\n // Exit to the parent frame.\n parent = parent_nodes[curr_id]; \n frame_name = cf_info-\u003eframe_names[parent-\u003eid()];\n ... \n```\n\nWhen this is not the case, `parent` is `nullptr` so dereferencing it causes a crash.\n\n### Patches\nWe have patched the issue in GitHub commit [05cbebd3c6bb8f517a158b0155debb8df79017ff](https://github.com/tensorflow/tensorflow/commit/05cbebd3c6bb8f517a158b0155debb8df79017ff).\n\nThe fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by members of the Aivul Team from Qihoo 360.",
"id": "GHSA-5crj-c72x-m7gq",
"modified": "2024-11-07T22:15:50Z",
"published": "2021-11-10T18:55:11Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5crj-c72x-m7gq"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41217"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/05cbebd3c6bb8f517a158b0155debb8df79017ff"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-626.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-824.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-409.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Null pointer exception when `Exit` node is not preceded by `Enter` op"
}
GHSA-5F2F-22G2-G2GQ
Vulnerability from github – Published: 2024-05-21 18:31 – Updated: 2025-01-14 18:31In the Linux kernel, the following vulnerability has been resolved:
hwmon: (axi-fan-control) Fix possible NULL pointer dereference
axi_fan_control_irq_handler(), dependent on the private axi_fan_control_data structure, might be called before the hwmon device is registered. That will cause an "Unable to handle kernel NULL pointer dereference" error.
{
"affected": [],
"aliases": [
"CVE-2023-52863"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-21T16:15:23Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (axi-fan-control) Fix possible NULL pointer dereference\n\naxi_fan_control_irq_handler(), dependent on the private\naxi_fan_control_data structure, might be called before the hwmon\ndevice is registered. That will cause an \"Unable to handle kernel\nNULL pointer dereference\" error.",
"id": "GHSA-5f2f-22g2-g2gq",
"modified": "2025-01-14T18:31:50Z",
"published": "2024-05-21T18:31:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52863"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2a5b3370a1d9750eca325292e291c8c7cb8cf2e0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/33de53a2706066d526173dc743faf43d92c62105"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7d870088db4863c514a7f8751cd593751983029a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b3e7eb23a6e97642ff3190431c06475d9ca1e062"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c49f14cc1bb12c625a1c572e8a95b6adefd4d8eb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f62b8969847850ba7596cb145cc47c65ea57dae0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5F39-WJPQ-XRRJ
Vulnerability from github – Published: 2026-06-25 09:31 – Updated: 2026-07-07 18:30In the Linux kernel, the following vulnerability has been resolved:
futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock
When FUTEX_CMP_REQUEUE_PI requeues a non-top waiter that already owns the target PI futex, task_blocks_on_rt_mutex() returns -EDEADLK before setting waiter->task.
The subsequent remove_waiter() in rt_mutex_start_proxy_lock() dereferences the NULL waiter->task, causing a kernel crash.
Add a self-deadlock check for non-top waiters before calling rt_mutex_start_proxy_lock(), analogous to the top-waiter check in futex_lock_pi_atomic().
{
"affected": [],
"aliases": [
"CVE-2026-53166"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-25T09:16:33Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfutex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock\n\nWhen FUTEX_CMP_REQUEUE_PI requeues a non-top waiter that already owns the\ntarget PI futex, task_blocks_on_rt_mutex() returns -EDEADLK before setting\nwaiter-\u003etask.\n\nThe subsequent remove_waiter() in rt_mutex_start_proxy_lock() dereferences\nthe NULL waiter-\u003etask, causing a kernel crash.\n\nAdd a self-deadlock check for non-top waiters before calling\nrt_mutex_start_proxy_lock(), analogous to the top-waiter check in\nfutex_lock_pi_atomic().",
"id": "GHSA-5f39-wjpq-xrrj",
"modified": "2026-07-07T18:30:28Z",
"published": "2026-06-25T09:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53166"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/16f8e17184b31382076f84751db5ac51fc02733e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1f2f3f3eacd6653ab215c5d2ea70811148d433fc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/74e144274af39935b0f410c0ee4d2b91c3730414"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5F42-CQ3C-QRM7
Vulnerability from github – Published: 2022-05-24 17:01 – Updated: 2022-05-24 17:01fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device, aka CID-09ba3bc9dd15.
{
"affected": [],
"aliases": [
"CVE-2019-18885"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-11-14T14:15:00Z",
"severity": "LOW"
},
"details": "fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices-\u003edevices is mishandled within find_device, aka CID-09ba3bc9dd15.",
"id": "GHSA-5f42-cq3c-qrm7",
"modified": "2022-05-24T17:01:18Z",
"published": "2022-05-24T17:01:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18885"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/09ba3bc9dd150457c506e4661380a6183af651c1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=09ba3bc9dd150457c506e4661380a6183af651c1"
},
{
"type": "WEB",
"url": "https://github.com/bobfuzzer/CVE-2019-18885"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20191205-0001"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4254-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4254-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4258-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4287-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4287-2"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-5F4V-RCV7-7FMJ
Vulnerability from github – Published: 2022-05-14 03:38 – Updated: 2025-04-20 03:46The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial of service (OOPS and system crash) via a crafted KEYCTL_READ operation.
{
"affected": [],
"aliases": [
"CVE-2017-12192"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-10-12T00:29:00Z",
"severity": "MODERATE"
},
"details": "The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial of service (OOPS and system crash) via a crafted KEYCTL_READ operation.",
"id": "GHSA-5f4v-rcv7-7fmj",
"modified": "2025-04-20T03:46:39Z",
"published": "2022-05-14T03:38:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12192"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/37863c43b2c6464f252862bf2e9768264e961678"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:0151"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:0152"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:0181"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:0654"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:2430"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2017-12192"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493435"
},
{
"type": "WEB",
"url": "https://lkml.org/lkml/2017/9/18/764"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3583-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3583-2"
},
{
"type": "WEB",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=37863c43b2c6464f252862bf2e9768264e961678"
},
{
"type": "WEB",
"url": "http://seclists.org/oss-sec/2017/q4/63"
},
{
"type": "WEB",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5F75-4873-QCW8
Vulnerability from github – Published: 2022-06-03 00:01 – Updated: 2022-06-11 00:00In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::FetchRegion in linebuffer.cpp.
{
"affected": [],
"aliases": [
"CVE-2022-32202"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-02T14:16:00Z",
"severity": "MODERATE"
},
"details": "In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::FetchRegion in linebuffer.cpp.",
"id": "GHSA-5f75-4873-qcw8",
"modified": "2022-06-11T00:00:28Z",
"published": "2022-06-03T00:01:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32202"
},
{
"type": "WEB",
"url": "https://github.com/thorfdbg/libjpeg/issues/74"
},
{
"type": "WEB",
"url": "https://github.com/thorfdbg/libjpeg/commit/51c3241b6da39df30f016b63f43f31c4011222c7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5F77-76R3-QF34
Vulnerability from github – Published: 2022-05-24 16:55 – Updated: 2024-04-04 01:54Onigmo through 6.2.0 has a NULL pointer dereference in onig_error_code_to_str because of fetch_token in regparse.c.
{
"affected": [],
"aliases": [
"CVE-2019-16161"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-09T17:15:00Z",
"severity": "HIGH"
},
"details": "Onigmo through 6.2.0 has a NULL pointer dereference in onig_error_code_to_str because of fetch_token in regparse.c.",
"id": "GHSA-5f77-76r3-qf34",
"modified": "2024-04-04T01:54:09Z",
"published": "2022-05-24T16:55:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16161"
},
{
"type": "WEB",
"url": "https://github.com/k-takata/Onigmo/issues/132"
},
{
"type": "WEB",
"url": "https://github.com/k-takata/Onigmo/commit/9827d5a0298ee766f6041db9c0080166ff6cdce8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5F8W-QVC2-2V3P
Vulnerability from github – Published: 2026-03-16 15:30 – Updated: 2026-03-16 15:30arduino-TuyaOpen before version 1.2.1 contains a null pointer dereference vulnerability in the WiFiUDP component. An attacker on the same local area network can send a large volume of malicious UDP packets to cause memory exhaustion on the device, triggering a null pointer dereference and resulting in a denial-of-service condition.
{
"affected": [],
"aliases": [
"CVE-2026-28522"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-16T14:19:28Z",
"severity": "HIGH"
},
"details": "arduino-TuyaOpen before version 1.2.1 contains a null pointer dereference vulnerability in the WiFiUDP component. An attacker on the same local area network can send a large volume of malicious UDP packets to cause memory exhaustion on the device, triggering a null pointer dereference and resulting in a denial-of-service condition.",
"id": "GHSA-5f8w-qvc2-2v3p",
"modified": "2026-03-16T15:30:42Z",
"published": "2026-03-16T15:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28522"
},
{
"type": "WEB",
"url": "https://github.com/tuya/arduino-TuyaOpen"
},
{
"type": "WEB",
"url": "https://src.tuya.com/announcement/32"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/arduino-tuyaopen-wifiudp-null-pointer-dereference-denial-of-service"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.