Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6309 vulnerabilities reference this CWE, most recent first.

GHSA-5CQ4-QJGG-QX47

Vulnerability from github – Published: 2022-09-30 00:00 – Updated: 2022-10-01 00:00
VLAI
Details

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-1725"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-29T03:15:00Z",
    "severity": "MODERATE"
  },
  "details": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959.",
  "id": "GHSA-5cq4-qjgg-qx47",
  "modified": "2022-10-01T00:00:19Z",
  "published": "2022-09-30T00:00:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1725"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vim/vim/commit/b62dc5e7825bc195efe3041d5b3a9f1528359e1c"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/4363cf07-233e-4d0a-a1d5-c731a400525c"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202305-16"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213488"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2022/Oct/28"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2022/Oct/41"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5CR7-8523-MGR2

Vulnerability from github – Published: 2026-05-08 15:31 – Updated: 2026-05-15 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Fix NULL pointer dereference in dcn401_init_hw()

dcn401_init_hw() assumes that update_bw_bounding_box() is valid when entering the update path. However, the existing condition:

((!fams2_enable && update_bw_bounding_box) || freq_changed)

does not guarantee this, as the freq_changed branch can evaluate to true independently of the callback pointer.

This can result in calling update_bw_bounding_box() when it is NULL.

Fix this by separating the update condition from the pointer checks and ensuring the callback, dc->clk_mgr, and bw_params are validated before use.

Fixes the below: ../dc/hwss/dcn401/dcn401_hwseq.c:367 dcn401_init_hw() error: we previously assumed 'dc->res_pool->funcs->update_bw_bounding_box' could be null (see line 362)

(cherry picked from commit 86117c5ab42f21562fedb0a64bffea3ee5fcd477)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-43337"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-08T14:16:43Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix NULL pointer dereference in dcn401_init_hw()\n\ndcn401_init_hw() assumes that update_bw_bounding_box() is valid when\nentering the update path. However, the existing condition:\n\n  ((!fams2_enable \u0026\u0026 update_bw_bounding_box) || freq_changed)\n\ndoes not guarantee this, as the freq_changed branch can evaluate to true\nindependently of the callback pointer.\n\nThis can result in calling update_bw_bounding_box() when it is NULL.\n\nFix this by separating the update condition from the pointer checks and\nensuring the callback, dc-\u003eclk_mgr, and bw_params are validated before\nuse.\n\nFixes the below:\n../dc/hwss/dcn401/dcn401_hwseq.c:367 dcn401_init_hw() error: we previously assumed \u0027dc-\u003eres_pool-\u003efuncs-\u003eupdate_bw_bounding_box\u0027 could be null (see line 362)\n\n(cherry picked from commit 86117c5ab42f21562fedb0a64bffea3ee5fcd477)",
  "id": "GHSA-5cr7-8523-mgr2",
  "modified": "2026-05-15T21:31:30Z",
  "published": "2026-05-08T15:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43337"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/10c13c111d0d7f8e101c742feff264fc98e3f9f7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2d4a6f0702c5211e0be8b688c5fc24f082ec74d6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e927b36ae18b66b49219eaa9f46edc7b4fdbb25e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5CRJ-C72X-M7GQ

Vulnerability from github – Published: 2021-11-10 18:55 – Updated: 2024-11-07 22:15
VLAI
Summary
Null pointer exception when `Exit` node is not preceded by `Enter` op
Details

Impact

The process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when nodes that should be paired are not:

import tensorflow as tf

@tf.function
def func():
  return tf.raw_ops.Exit(data=[False,False])

func()

This occurs because the code assumes that the first node in the pairing (e.g., an Enter node) always exists when encountering the second node (e.g., an Exit node):

  ...
} else if (IsExit(curr_node)) {
  // Exit to the parent frame.
  parent = parent_nodes[curr_id];         
  frame_name = cf_info->frame_names[parent->id()];
  ...                

When this is not the case, parent is nullptr so dereferencing it causes a crash.

Patches

We have patched the issue in GitHub commit 05cbebd3c6bb8f517a158b0155debb8df79017ff.

The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by members of the Aivul Team from Qihoo 360.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.6.0"
            },
            {
              "fixed": "2.6.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.5.0"
            },
            {
              "fixed": "2.5.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.6.0"
            },
            {
              "fixed": "2.6.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.5.0"
            },
            {
              "fixed": "2.5.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.6.0"
            },
            {
              "fixed": "2.6.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.5.0"
            },
            {
              "fixed": "2.5.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-41217"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-11-08T22:12:27Z",
    "nvd_published_at": "2021-11-05T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nThe [process of building the control flow graph](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/common_runtime/immutable_executor_state.cc#L284-L346) for a TensorFlow model is vulnerable to a null pointer exception when nodes that should be paired are not:\n  \n```python\nimport tensorflow as tf\n  \n@tf.function\ndef func():\n  return tf.raw_ops.Exit(data=[False,False])\n    \nfunc()\n```\n\nThis occurs because the code assumes that the first node in the pairing (e.g., an `Enter` node) always exists when encountering the second node (e.g., an `Exit` node):\n  \n```cc\n  ...\n} else if (IsExit(curr_node)) {\n  // Exit to the parent frame.\n  parent = parent_nodes[curr_id];         \n  frame_name = cf_info-\u003eframe_names[parent-\u003eid()];\n  ...                \n```\n\nWhen this is not the case, `parent` is `nullptr` so dereferencing it causes a crash.\n\n### Patches\nWe have patched the issue in GitHub commit [05cbebd3c6bb8f517a158b0155debb8df79017ff](https://github.com/tensorflow/tensorflow/commit/05cbebd3c6bb8f517a158b0155debb8df79017ff).\n\nThe fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by members of the Aivul Team from Qihoo 360.",
  "id": "GHSA-5crj-c72x-m7gq",
  "modified": "2024-11-07T22:15:50Z",
  "published": "2021-11-10T18:55:11Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5crj-c72x-m7gq"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41217"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/commit/05cbebd3c6bb8f517a158b0155debb8df79017ff"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-626.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-824.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-409.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tensorflow/tensorflow"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Null pointer exception when `Exit` node is not preceded by `Enter` op"
}

GHSA-5F2F-22G2-G2GQ

Vulnerability from github – Published: 2024-05-21 18:31 – Updated: 2025-01-14 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

hwmon: (axi-fan-control) Fix possible NULL pointer dereference

axi_fan_control_irq_handler(), dependent on the private axi_fan_control_data structure, might be called before the hwmon device is registered. That will cause an "Unable to handle kernel NULL pointer dereference" error.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52863"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T16:15:23Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (axi-fan-control) Fix possible NULL pointer dereference\n\naxi_fan_control_irq_handler(), dependent on the private\naxi_fan_control_data structure, might be called before the hwmon\ndevice is registered. That will cause an \"Unable to handle kernel\nNULL pointer dereference\" error.",
  "id": "GHSA-5f2f-22g2-g2gq",
  "modified": "2025-01-14T18:31:50Z",
  "published": "2024-05-21T18:31:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52863"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2a5b3370a1d9750eca325292e291c8c7cb8cf2e0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/33de53a2706066d526173dc743faf43d92c62105"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7d870088db4863c514a7f8751cd593751983029a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b3e7eb23a6e97642ff3190431c06475d9ca1e062"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c49f14cc1bb12c625a1c572e8a95b6adefd4d8eb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f62b8969847850ba7596cb145cc47c65ea57dae0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5F39-WJPQ-XRRJ

Vulnerability from github – Published: 2026-06-25 09:31 – Updated: 2026-07-07 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock

When FUTEX_CMP_REQUEUE_PI requeues a non-top waiter that already owns the target PI futex, task_blocks_on_rt_mutex() returns -EDEADLK before setting waiter->task.

The subsequent remove_waiter() in rt_mutex_start_proxy_lock() dereferences the NULL waiter->task, causing a kernel crash.

Add a self-deadlock check for non-top waiters before calling rt_mutex_start_proxy_lock(), analogous to the top-waiter check in futex_lock_pi_atomic().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-53166"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-25T09:16:33Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfutex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock\n\nWhen FUTEX_CMP_REQUEUE_PI requeues a non-top waiter that already owns the\ntarget PI futex, task_blocks_on_rt_mutex() returns -EDEADLK before setting\nwaiter-\u003etask.\n\nThe subsequent remove_waiter() in rt_mutex_start_proxy_lock() dereferences\nthe NULL waiter-\u003etask, causing a kernel crash.\n\nAdd a self-deadlock check for non-top waiters before calling\nrt_mutex_start_proxy_lock(), analogous to the top-waiter check in\nfutex_lock_pi_atomic().",
  "id": "GHSA-5f39-wjpq-xrrj",
  "modified": "2026-07-07T18:30:28Z",
  "published": "2026-06-25T09:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53166"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/16f8e17184b31382076f84751db5ac51fc02733e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1f2f3f3eacd6653ab215c5d2ea70811148d433fc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/74e144274af39935b0f410c0ee4d2b91c3730414"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5F42-CQ3C-QRM7

Vulnerability from github – Published: 2022-05-24 17:01 – Updated: 2022-05-24 17:01
VLAI
Details

fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device, aka CID-09ba3bc9dd15.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-18885"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-11-14T14:15:00Z",
    "severity": "LOW"
  },
  "details": "fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices-\u003edevices is mishandled within find_device, aka CID-09ba3bc9dd15.",
  "id": "GHSA-5f42-cq3c-qrm7",
  "modified": "2022-05-24T17:01:18Z",
  "published": "2022-05-24T17:01:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18885"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/09ba3bc9dd150457c506e4661380a6183af651c1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=09ba3bc9dd150457c506e4661380a6183af651c1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bobfuzzer/CVE-2019-18885"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20191205-0001"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4254-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4254-2"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4258-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4287-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4287-2"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-5F4V-RCV7-7FMJ

Vulnerability from github – Published: 2022-05-14 03:38 – Updated: 2025-04-20 03:46
VLAI
Details

The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial of service (OOPS and system crash) via a crafted KEYCTL_READ operation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-12192"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-12T00:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial of service (OOPS and system crash) via a crafted KEYCTL_READ operation.",
  "id": "GHSA-5f4v-rcv7-7fmj",
  "modified": "2025-04-20T03:46:39Z",
  "published": "2022-05-14T03:38:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12192"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/37863c43b2c6464f252862bf2e9768264e961678"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:0151"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:0152"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:0181"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:0654"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:2430"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2017-12192"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493435"
    },
    {
      "type": "WEB",
      "url": "https://lkml.org/lkml/2017/9/18/764"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3583-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3583-2"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=37863c43b2c6464f252862bf2e9768264e961678"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/oss-sec/2017/q4/63"
    },
    {
      "type": "WEB",
      "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5F75-4873-QCW8

Vulnerability from github – Published: 2022-06-03 00:01 – Updated: 2022-06-11 00:00
VLAI
Details

In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::FetchRegion in linebuffer.cpp.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-32202"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-02T14:16:00Z",
    "severity": "MODERATE"
  },
  "details": "In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::FetchRegion in linebuffer.cpp.",
  "id": "GHSA-5f75-4873-qcw8",
  "modified": "2022-06-11T00:00:28Z",
  "published": "2022-06-03T00:01:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32202"
    },
    {
      "type": "WEB",
      "url": "https://github.com/thorfdbg/libjpeg/issues/74"
    },
    {
      "type": "WEB",
      "url": "https://github.com/thorfdbg/libjpeg/commit/51c3241b6da39df30f016b63f43f31c4011222c7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5F77-76R3-QF34

Vulnerability from github – Published: 2022-05-24 16:55 – Updated: 2024-04-04 01:54
VLAI
Details

Onigmo through 6.2.0 has a NULL pointer dereference in onig_error_code_to_str because of fetch_token in regparse.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-16161"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-09-09T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "Onigmo through 6.2.0 has a NULL pointer dereference in onig_error_code_to_str because of fetch_token in regparse.c.",
  "id": "GHSA-5f77-76r3-qf34",
  "modified": "2024-04-04T01:54:09Z",
  "published": "2022-05-24T16:55:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16161"
    },
    {
      "type": "WEB",
      "url": "https://github.com/k-takata/Onigmo/issues/132"
    },
    {
      "type": "WEB",
      "url": "https://github.com/k-takata/Onigmo/commit/9827d5a0298ee766f6041db9c0080166ff6cdce8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5F8W-QVC2-2V3P

Vulnerability from github – Published: 2026-03-16 15:30 – Updated: 2026-03-16 15:30
VLAI
Details

arduino-TuyaOpen before version 1.2.1 contains a null pointer dereference vulnerability in the WiFiUDP component. An attacker on the same local area network can send a large volume of malicious UDP packets to cause memory exhaustion on the device, triggering a null pointer dereference and resulting in a denial-of-service condition.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-28522"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-16T14:19:28Z",
    "severity": "HIGH"
  },
  "details": "arduino-TuyaOpen before version 1.2.1 contains a null pointer dereference vulnerability in the WiFiUDP component. An attacker on the same local area network can send a large volume of malicious UDP packets to cause memory exhaustion on the device, triggering a null pointer dereference and resulting in a denial-of-service condition.",
  "id": "GHSA-5f8w-qvc2-2v3p",
  "modified": "2026-03-16T15:30:42Z",
  "published": "2026-03-16T15:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28522"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tuya/arduino-TuyaOpen"
    },
    {
      "type": "WEB",
      "url": "https://src.tuya.com/announcement/32"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/arduino-tuyaopen-wifiudp-null-pointer-dereference-denial-of-service"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.