CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6305 vulnerabilities reference this CWE, most recent first.
GHSA-5G8R-GFQ9-RV9G
Vulnerability from github – Published: 2022-05-24 17:20 – Updated: 2023-01-27 21:31An issue was discovered in adns before 1.5.2. It corrupts a pointer when a nameserver speaks first because of a wrong number of pointer dereferences. This bug may well be exploitable as a remote code execution.
{
"affected": [],
"aliases": [
"CVE-2017-9105"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-06-18T14:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in adns before 1.5.2. It corrupts a pointer when a nameserver speaks first because of a wrong number of pointer dereferences. This bug may well be exploitable as a remote code execution.",
"id": "GHSA-5g8r-gfq9-rv9g",
"modified": "2023-01-27T21:31:14Z",
"published": "2022-05-24T17:20:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9105"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRVHN3GGVNQWAOL3PWC5FLAV7HUESLZR"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UGFZ4SPV6KFQK6ZNUZFB5Y32OYFOM5YJ"
},
{
"type": "WEB",
"url": "https://www.chiark.greenend.org.uk/pipermail/adns-announce/2020/000004.html"
},
{
"type": "WEB",
"url": "http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git"
},
{
"type": "WEB",
"url": "http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=blob;f=changelog"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5GCQ-5XRV-2V3W
Vulnerability from github – Published: 2025-11-24 15:30 – Updated: 2025-11-24 21:30NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
{
"affected": [],
"aliases": [
"CVE-2025-65497"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-24T14:15:47Z",
"severity": "MODERATE"
},
"details": "NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.",
"id": "GHSA-5gcq-5xrv-2v3w",
"modified": "2025-11-24T21:30:58Z",
"published": "2025-11-24T15:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65497"
},
{
"type": "WEB",
"url": "https://github.com/obgm/libcoap/issues/1745"
},
{
"type": "WEB",
"url": "https://github.com/obgm/libcoap/pull/1750"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-5GGJ-XWVC-9X57
Vulnerability from github – Published: 2024-11-19 18:31 – Updated: 2024-11-22 21:32In the Linux kernel, the following vulnerability has been resolved:
drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy()
In mtk_crtc_create(), if the call to mbox_request_channel() fails then we set the "mtk_crtc->cmdq_client.chan" pointer to NULL. In that situation, we do not call cmdq_pkt_create().
During the cleanup, we need to check if the "mtk_crtc->cmdq_client.chan" is NULL first before calling cmdq_pkt_destroy(). Calling cmdq_pkt_destroy() is unnecessary if we didn't call cmdq_pkt_create() and it will result in a NULL pointer dereference.
{
"affected": [],
"aliases": [
"CVE-2024-53056"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-19T18:15:25Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy()\n\nIn mtk_crtc_create(), if the call to mbox_request_channel() fails then we\nset the \"mtk_crtc-\u003ecmdq_client.chan\" pointer to NULL. In that situation,\nwe do not call cmdq_pkt_create().\n\nDuring the cleanup, we need to check if the \"mtk_crtc-\u003ecmdq_client.chan\"\nis NULL first before calling cmdq_pkt_destroy(). Calling\ncmdq_pkt_destroy() is unnecessary if we didn\u0027t call cmdq_pkt_create() and\nit will result in a NULL pointer dereference.",
"id": "GHSA-5ggj-xwvc-9x57",
"modified": "2024-11-22T21:32:13Z",
"published": "2024-11-19T18:31:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53056"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4018651ba5c409034149f297d3dd3328b91561fd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c60583a87cb4a85b69d1f448f0be5eb6ec62cbb2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5GHG-H4MM-7VGV
Vulnerability from github – Published: 2022-04-12 00:00 – Updated: 2022-04-20 00:01Null pointer dereference vulnerability in parser_auxC function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.
{
"affected": [],
"aliases": [
"CVE-2022-26094"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-11T20:15:00Z",
"severity": "CRITICAL"
},
"details": "Null pointer dereference vulnerability in parser_auxC function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.",
"id": "GHSA-5ghg-h4mm-7vgv",
"modified": "2022-04-20T00:01:04Z",
"published": "2022-04-12T00:00:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26094"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022\u0026month=4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5GJ8-WG34-RGV9
Vulnerability from github – Published: 2024-08-21 09:31 – Updated: 2024-10-17 15:31In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate()
The subs function argument may be NULL, so do not use it before the NULL check.
{
"affected": [],
"aliases": [
"CVE-2023-52904"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-21T07:15:06Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate()\n\nThe subs function argument may be NULL, so do not use it before the NULL check.",
"id": "GHSA-5gj8-wg34-rgv9",
"modified": "2024-10-17T15:31:07Z",
"published": "2024-08-21T09:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52904"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/92a9c0ad86d47ff4cce899012e355c400f02cfb8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a474d4ad59cd4642d1b7e3a6c08cef9eca0992c8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f57204edc10760c935d8d36ea999dc8acf018030"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5GJG-JGH4-GPPM
Vulnerability from github – Published: 2021-06-23 17:26 – Updated: 2026-01-23 22:35Impact
Depending on implementation, a denial-of-service or privilege escalation vulnerability may occur in software that uses the github.com/ecnepsnai/web package with Web Sockets that have an AuthenticateMethod.
The AuthenticateMethod is not called, and UserData will be nil in request methods. Attempts to read the UserData may result in a panic.
This issue only affects web sockets where an AuthenticateMethod is supplied to the handle options. Users who do not use web sockets, or users who do not require authentication are not at risk.
Example
In the example below, one would expect that the AuthenticateMethod function would be called for each request to /example
handleOptions := web.HandleOptions{
AuthenticateMethod: func(request *http.Request) interface{} {
// Assume there is logic here to check for an active sessions, look at cookies or headers, etc...
var session Session{} // Example
return session
},
}
server.Socket("/example", handle, handleOptions)
However, the method is not called, and therefor the UserData parameter of the request object in the handle will be nil, when it would have been expected to be the session object we returned.
Patches
Release v1.5.2 fixes this vulnerability. The authenticate method is now called for websocket requests.
All users of the web package should update to v1.5.2 or later.
Workarounds
You may work around this issue by making the authenticate method a named function, then calling that function at the start of the handle method for the websocket. Reject connections when the return value of the method is nil.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/ecnepsnai/web"
},
"ranges": [
{
"events": [
{
"introduced": "1.4.0"
},
{
"fixed": "1.5.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-4236"
],
"database_specific": {
"cwe_ids": [
"CWE-304",
"CWE-400",
"CWE-476"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-21T17:41:20Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "### Impact\n\nDepending on implementation, a denial-of-service or privilege escalation vulnerability may occur in software that uses the `github.com/ecnepsnai/web` package with Web Sockets that have an AuthenticateMethod.\n\nThe `AuthenticateMethod` is not called, and `UserData` will be nil in request methods. Attempts to read the `UserData` may result in a panic.\n\nThis issue only affects web sockets where an `AuthenticateMethod` is supplied to the handle options. Users who do not use web sockets, or users who do not require authentication are not at risk.\n\n#### Example\n\nIn the example below, one would expect that the `AuthenticateMethod` function would be called for each request to `/example`\n\n```go\nhandleOptions := web.HandleOptions{\n\tAuthenticateMethod: func(request *http.Request) interface{} {\n\t\t// Assume there is logic here to check for an active sessions, look at cookies or headers, etc...\n\t\tvar session Session{} // Example\n\n\t\treturn session\n\t},\n}\n\nserver.Socket(\"/example\", handle, handleOptions)\n```\n\nHowever, the method is not called, and therefor the `UserData` parameter of the request object in the handle will be nil, when it would have been expected to be the `session` object we returned.\n\n### Patches\n\nRelease v1.5.2 fixes this vulnerability. The authenticate method is now called for websocket requests.\n\nAll users of the web package should update to v1.5.2 or later.\n\n### Workarounds\n\nYou may work around this issue by making the authenticate method a named function, then calling that function at the start of the handle method for the websocket. Reject connections when the return value of the method is nil.",
"id": "GHSA-5gjg-jgh4-gppm",
"modified": "2026-01-23T22:35:54Z",
"published": "2021-06-23T17:26:30Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ecnepsnai/web/security/advisories/GHSA-5gjg-jgh4-gppm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4236"
},
{
"type": "WEB",
"url": "https://github.com/ecnepsnai/web/commit/5a78f8d5c41ce60dcf9f61aaf47a7a8dc3e0002f"
},
{
"type": "PACKAGE",
"url": "https://github.com/ecnepsnai/web"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2021-0107"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Websocket requests did not call AuthenticateMethod"
}
GHSA-5GMX-GRG5-HH7X
Vulnerability from github – Published: 2022-05-24 17:04 – Updated: 2022-05-24 17:04flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).
{
"affected": [],
"aliases": [
"CVE-2019-19923"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-12-24T16:15:00Z",
"severity": "MODERATE"
},
"details": "flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).",
"id": "GHSA-5gmx-grg5-hh7x",
"modified": "2022-05-24T17:04:59Z",
"published": "2022-05-24T17:04:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19923"
},
{
"type": "WEB",
"url": "https://github.com/sqlite/sqlite/commit/396afe6f6aa90a31303c183e11b2b2d4b7956b35"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0514"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200114-0003"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4298-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4638"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5GQF-456P-4836
Vulnerability from github – Published: 2021-05-21 14:25 – Updated: 2024-10-31 21:03Impact
The implementation of tf.raw_ops.SdcaOptimizer triggers undefined behavior due to dereferencing a null pointer:
import tensorflow as tf
sparse_example_indices = [tf.constant((0), dtype=tf.int64), tf.constant((0), dtype=tf.int64)]
sparse_feature_indices = [tf.constant([], shape=[0, 0, 0, 0], dtype=tf.int64), tf.constant((0), dtype=tf.int64)]
sparse_feature_values = []
dense_features = []
dense_weights = []
example_weights = tf.constant((0.0), dtype=tf.float32)
example_labels = tf.constant((0.0), dtype=tf.float32)
sparse_indices = [tf.constant((0), dtype=tf.int64), tf.constant((0), dtype=tf.int64)]
sparse_weights = [tf.constant((0.0), dtype=tf.float32), tf.constant((0.0), dtype=tf.float32)]
example_state_data = tf.constant([0.0, 0.0, 0.0, 0.0], shape=[1, 4], dtype=tf.float32)
tf.raw_ops.SdcaOptimizer(
sparse_example_indices=sparse_example_indices,
sparse_feature_indices=sparse_feature_indices,
sparse_feature_values=sparse_feature_values, dense_features=dense_features,
example_weights=example_weights, example_labels=example_labels,
sparse_indices=sparse_indices, sparse_weights=sparse_weights,
dense_weights=dense_weights, example_state_data=example_state_data,
loss_type="logistic_loss", l1=0.0, l2=0.0, num_loss_partitions=1,
num_inner_iterations=1, adaptative=False)
The implementation does not validate that the user supplied arguments satisfy all constraints expected by the op.
Patches
We have patched the issue in GitHub commit f7cc8755ac6683131fdfa7a8a121f9d7a9dec6fb.
The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Ying Wang and Yakun Zhang of Baidu X-Team.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-29572"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-18T18:48:55Z",
"nvd_published_at": "2021-05-14T20:15:00Z",
"severity": "LOW"
},
"details": "### Impact\nThe implementation of `tf.raw_ops.SdcaOptimizer` triggers undefined behavior due to dereferencing a null pointer:\n\n```python\nimport tensorflow as tf\n\nsparse_example_indices = [tf.constant((0), dtype=tf.int64), tf.constant((0), dtype=tf.int64)]\nsparse_feature_indices = [tf.constant([], shape=[0, 0, 0, 0], dtype=tf.int64), tf.constant((0), dtype=tf.int64)]\nsparse_feature_values = []\n\ndense_features = []\ndense_weights = []\n\nexample_weights = tf.constant((0.0), dtype=tf.float32)\nexample_labels = tf.constant((0.0), dtype=tf.float32)\n\nsparse_indices = [tf.constant((0), dtype=tf.int64), tf.constant((0), dtype=tf.int64)]\nsparse_weights = [tf.constant((0.0), dtype=tf.float32), tf.constant((0.0), dtype=tf.float32)]\n \nexample_state_data = tf.constant([0.0, 0.0, 0.0, 0.0], shape=[1, 4], dtype=tf.float32)\n \ntf.raw_ops.SdcaOptimizer(\n sparse_example_indices=sparse_example_indices,\n sparse_feature_indices=sparse_feature_indices,\n sparse_feature_values=sparse_feature_values, dense_features=dense_features,\n example_weights=example_weights, example_labels=example_labels, \n sparse_indices=sparse_indices, sparse_weights=sparse_weights, \n dense_weights=dense_weights, example_state_data=example_state_data,\n loss_type=\"logistic_loss\", l1=0.0, l2=0.0, num_loss_partitions=1,\n num_inner_iterations=1, adaptative=False)\n```\n\nThe [implementation](https://github.com/tensorflow/tensorflow/blob/60a45c8b6192a4699f2e2709a2645a751d435cc3/tensorflow/core/kernels/sdca_internal.cc) does not validate that the user supplied arguments satisfy all [constraints expected by the op](https://www.tensorflow.org/api_docs/python/tf/raw_ops/SdcaOptimizer).\n\n### Patches\nWe have patched the issue in GitHub commit [f7cc8755ac6683131fdfa7a8a121f9d7a9dec6fb](https://github.com/tensorflow/tensorflow/commit/f7cc8755ac6683131fdfa7a8a121f9d7a9dec6fb).\n\nThe fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by Ying Wang and Yakun Zhang of Baidu X-Team.",
"id": "GHSA-5gqf-456p-4836",
"modified": "2024-10-31T21:03:55Z",
"published": "2021-05-21T14:25:31Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5gqf-456p-4836"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29572"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/f7cc8755ac6683131fdfa7a8a121f9d7a9dec6fb"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-500.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-698.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-209.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Reference binding to nullptr in `SdcaOptimizer`"
}
GHSA-5GQM-QPGC-V969
Vulnerability from github – Published: 2023-02-03 18:30 – Updated: 2023-02-10 03:30An issue was found in MojoJson v1.2.3 allows attackers to execute arbitary code via the destroy function.
{
"affected": [],
"aliases": [
"CVE-2023-23087"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-03T18:15:00Z",
"severity": "CRITICAL"
},
"details": "An issue was found in MojoJson v1.2.3 allows attackers to execute arbitary code via the destroy function.",
"id": "GHSA-5gqm-qpgc-v969",
"modified": "2023-02-10T03:30:18Z",
"published": "2023-02-03T18:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23087"
},
{
"type": "WEB",
"url": "https://github.com/scottcgi/MojoJson/issues/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5GV9-WQV9-XFXQ
Vulnerability from github – Published: 2026-06-26 21:32 – Updated: 2026-07-06 21:30In the Linux kernel, the following vulnerability has been resolved:
reset: amlogic: t7: Fix null reset ops
Fix missing reset ops causing kernel null pointer dereference. This SOC's reset is currently not used yet.
{
"affected": [],
"aliases": [
"CVE-2026-53301"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-26T20:17:23Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nreset: amlogic: t7: Fix null reset ops\n\nFix missing reset ops causing kernel null pointer dereference.\nThis SOC\u0027s reset is currently not used yet.",
"id": "GHSA-5gv9-wqv9-xfxq",
"modified": "2026-07-06T21:30:25Z",
"published": "2026-06-26T21:32:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53301"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/463a0885de665d3f36e219c5502584b99fa61c85"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9797524ef2b69c6b187b55bd844eb72a8c1cbd99"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cde69482d2e6834dcd4ed675d1ef84e48627ee9f"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.