Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6305 vulnerabilities reference this CWE, most recent first.

GHSA-5G8R-GFQ9-RV9G

Vulnerability from github – Published: 2022-05-24 17:20 – Updated: 2023-01-27 21:31
VLAI
Details

An issue was discovered in adns before 1.5.2. It corrupts a pointer when a nameserver speaks first because of a wrong number of pointer dereferences. This bug may well be exploitable as a remote code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-9105"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-18T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in adns before 1.5.2. It corrupts a pointer when a nameserver speaks first because of a wrong number of pointer dereferences. This bug may well be exploitable as a remote code execution.",
  "id": "GHSA-5g8r-gfq9-rv9g",
  "modified": "2023-01-27T21:31:14Z",
  "published": "2022-05-24T17:20:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9105"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRVHN3GGVNQWAOL3PWC5FLAV7HUESLZR"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UGFZ4SPV6KFQK6ZNUZFB5Y32OYFOM5YJ"
    },
    {
      "type": "WEB",
      "url": "https://www.chiark.greenend.org.uk/pipermail/adns-announce/2020/000004.html"
    },
    {
      "type": "WEB",
      "url": "http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git"
    },
    {
      "type": "WEB",
      "url": "http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=blob;f=changelog"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5GCQ-5XRV-2V3W

Vulnerability from github – Published: 2025-11-24 15:30 – Updated: 2025-11-24 21:30
VLAI
Details

NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-65497"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-24T14:15:47Z",
    "severity": "MODERATE"
  },
  "details": "NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.",
  "id": "GHSA-5gcq-5xrv-2v3w",
  "modified": "2025-11-24T21:30:58Z",
  "published": "2025-11-24T15:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65497"
    },
    {
      "type": "WEB",
      "url": "https://github.com/obgm/libcoap/issues/1745"
    },
    {
      "type": "WEB",
      "url": "https://github.com/obgm/libcoap/pull/1750"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5GGJ-XWVC-9X57

Vulnerability from github – Published: 2024-11-19 18:31 – Updated: 2024-11-22 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy()

In mtk_crtc_create(), if the call to mbox_request_channel() fails then we set the "mtk_crtc->cmdq_client.chan" pointer to NULL. In that situation, we do not call cmdq_pkt_create().

During the cleanup, we need to check if the "mtk_crtc->cmdq_client.chan" is NULL first before calling cmdq_pkt_destroy(). Calling cmdq_pkt_destroy() is unnecessary if we didn't call cmdq_pkt_create() and it will result in a NULL pointer dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-53056"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-19T18:15:25Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy()\n\nIn mtk_crtc_create(), if the call to mbox_request_channel() fails then we\nset the \"mtk_crtc-\u003ecmdq_client.chan\" pointer to NULL.  In that situation,\nwe do not call cmdq_pkt_create().\n\nDuring the cleanup, we need to check if the \"mtk_crtc-\u003ecmdq_client.chan\"\nis NULL first before calling cmdq_pkt_destroy().  Calling\ncmdq_pkt_destroy() is unnecessary if we didn\u0027t call cmdq_pkt_create() and\nit will result in a NULL pointer dereference.",
  "id": "GHSA-5ggj-xwvc-9x57",
  "modified": "2024-11-22T21:32:13Z",
  "published": "2024-11-19T18:31:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53056"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4018651ba5c409034149f297d3dd3328b91561fd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c60583a87cb4a85b69d1f448f0be5eb6ec62cbb2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5GHG-H4MM-7VGV

Vulnerability from github – Published: 2022-04-12 00:00 – Updated: 2022-04-20 00:01
VLAI
Details

Null pointer dereference vulnerability in parser_auxC function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-26094"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-11T20:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Null pointer dereference vulnerability in parser_auxC function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.",
  "id": "GHSA-5ghg-h4mm-7vgv",
  "modified": "2022-04-20T00:01:04Z",
  "published": "2022-04-12T00:00:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26094"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022\u0026month=4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5GJ8-WG34-RGV9

Vulnerability from github – Published: 2024-08-21 09:31 – Updated: 2024-10-17 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate()

The subs function argument may be NULL, so do not use it before the NULL check.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52904"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-21T07:15:06Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate()\n\nThe subs function argument may be NULL, so do not use it before the NULL check.",
  "id": "GHSA-5gj8-wg34-rgv9",
  "modified": "2024-10-17T15:31:07Z",
  "published": "2024-08-21T09:31:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52904"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/92a9c0ad86d47ff4cce899012e355c400f02cfb8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a474d4ad59cd4642d1b7e3a6c08cef9eca0992c8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f57204edc10760c935d8d36ea999dc8acf018030"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5GJG-JGH4-GPPM

Vulnerability from github – Published: 2021-06-23 17:26 – Updated: 2026-01-23 22:35
VLAI
Summary
Websocket requests did not call AuthenticateMethod
Details

Impact

Depending on implementation, a denial-of-service or privilege escalation vulnerability may occur in software that uses the github.com/ecnepsnai/web package with Web Sockets that have an AuthenticateMethod.

The AuthenticateMethod is not called, and UserData will be nil in request methods. Attempts to read the UserData may result in a panic.

This issue only affects web sockets where an AuthenticateMethod is supplied to the handle options. Users who do not use web sockets, or users who do not require authentication are not at risk.

Example

In the example below, one would expect that the AuthenticateMethod function would be called for each request to /example

handleOptions := web.HandleOptions{
    AuthenticateMethod: func(request *http.Request) interface{} {
        // Assume there is logic here to check for an active sessions, look at cookies or headers, etc...
        var session Session{} // Example

        return session
    },
}

server.Socket("/example", handle, handleOptions)

However, the method is not called, and therefor the UserData parameter of the request object in the handle will be nil, when it would have been expected to be the session object we returned.

Patches

Release v1.5.2 fixes this vulnerability. The authenticate method is now called for websocket requests.

All users of the web package should update to v1.5.2 or later.

Workarounds

You may work around this issue by making the authenticate method a named function, then calling that function at the start of the handle method for the websocket. Reject connections when the return value of the method is nil.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/ecnepsnai/web"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.4.0"
            },
            {
              "fixed": "1.5.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-4236"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-304",
      "CWE-400",
      "CWE-476"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-21T17:41:20Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "### Impact\n\nDepending on implementation, a denial-of-service or privilege escalation vulnerability may occur in software that uses the `github.com/ecnepsnai/web` package with Web Sockets that have an AuthenticateMethod.\n\nThe `AuthenticateMethod` is not called, and `UserData` will be nil in request methods. Attempts to read the `UserData` may result in a panic.\n\nThis issue only affects web sockets where an `AuthenticateMethod` is supplied to the handle options. Users who do not use web sockets, or users who do not require authentication are not at risk.\n\n#### Example\n\nIn the example below, one would expect that the `AuthenticateMethod` function would be called for each request to `/example`\n\n```go\nhandleOptions := web.HandleOptions{\n\tAuthenticateMethod: func(request *http.Request) interface{} {\n\t\t// Assume there is logic here to check for an active sessions, look at cookies or headers, etc...\n\t\tvar session Session{} // Example\n\n\t\treturn session\n\t},\n}\n\nserver.Socket(\"/example\", handle, handleOptions)\n```\n\nHowever, the method is not called, and therefor the `UserData` parameter of the request object in the handle will be nil, when it would have been expected to be the `session` object we returned.\n\n### Patches\n\nRelease v1.5.2 fixes this vulnerability. The authenticate method is now called for websocket requests.\n\nAll users of the web package should update to v1.5.2 or later.\n\n### Workarounds\n\nYou may work around this issue by making the authenticate method a named function, then calling that function at the start of the handle method for the websocket. Reject connections when the return value of the method is nil.",
  "id": "GHSA-5gjg-jgh4-gppm",
  "modified": "2026-01-23T22:35:54Z",
  "published": "2021-06-23T17:26:30Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ecnepsnai/web/security/advisories/GHSA-5gjg-jgh4-gppm"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4236"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ecnepsnai/web/commit/5a78f8d5c41ce60dcf9f61aaf47a7a8dc3e0002f"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ecnepsnai/web"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2021-0107"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Websocket requests did not call AuthenticateMethod"
}

GHSA-5GMX-GRG5-HH7X

Vulnerability from github – Published: 2022-05-24 17:04 – Updated: 2022-05-24 17:04
VLAI
Details

flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-19923"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-12-24T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).",
  "id": "GHSA-5gmx-grg5-hh7x",
  "modified": "2022-05-24T17:04:59Z",
  "published": "2022-05-24T17:04:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19923"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sqlite/sqlite/commit/396afe6f6aa90a31303c183e11b2b2d4b7956b35"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0514"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20200114-0003"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4298-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4638"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5GQF-456P-4836

Vulnerability from github – Published: 2021-05-21 14:25 – Updated: 2024-10-31 21:03
VLAI
Summary
Reference binding to nullptr in `SdcaOptimizer`
Details

Impact

The implementation of tf.raw_ops.SdcaOptimizer triggers undefined behavior due to dereferencing a null pointer:

import tensorflow as tf

sparse_example_indices = [tf.constant((0), dtype=tf.int64), tf.constant((0), dtype=tf.int64)]
sparse_feature_indices = [tf.constant([], shape=[0, 0, 0, 0], dtype=tf.int64), tf.constant((0), dtype=tf.int64)]
sparse_feature_values = []

dense_features = []
dense_weights = []

example_weights = tf.constant((0.0), dtype=tf.float32)
example_labels = tf.constant((0.0), dtype=tf.float32)

sparse_indices = [tf.constant((0), dtype=tf.int64), tf.constant((0), dtype=tf.int64)]
sparse_weights = [tf.constant((0.0), dtype=tf.float32), tf.constant((0.0), dtype=tf.float32)]

example_state_data = tf.constant([0.0, 0.0, 0.0, 0.0], shape=[1, 4], dtype=tf.float32)

tf.raw_ops.SdcaOptimizer(
  sparse_example_indices=sparse_example_indices,
  sparse_feature_indices=sparse_feature_indices,
  sparse_feature_values=sparse_feature_values, dense_features=dense_features,
  example_weights=example_weights, example_labels=example_labels, 
  sparse_indices=sparse_indices, sparse_weights=sparse_weights, 
  dense_weights=dense_weights, example_state_data=example_state_data,
  loss_type="logistic_loss", l1=0.0, l2=0.0, num_loss_partitions=1,
  num_inner_iterations=1, adaptative=False)

The implementation does not validate that the user supplied arguments satisfy all constraints expected by the op.

Patches

We have patched the issue in GitHub commit f7cc8755ac6683131fdfa7a8a121f9d7a9dec6fb.

The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by Ying Wang and Yakun Zhang of Baidu X-Team.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-29572"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-18T18:48:55Z",
    "nvd_published_at": "2021-05-14T20:15:00Z",
    "severity": "LOW"
  },
  "details": "### Impact\nThe implementation of `tf.raw_ops.SdcaOptimizer` triggers undefined behavior due to dereferencing a null pointer:\n\n```python\nimport tensorflow as tf\n\nsparse_example_indices = [tf.constant((0), dtype=tf.int64), tf.constant((0), dtype=tf.int64)]\nsparse_feature_indices = [tf.constant([], shape=[0, 0, 0, 0], dtype=tf.int64), tf.constant((0), dtype=tf.int64)]\nsparse_feature_values = []\n\ndense_features = []\ndense_weights = []\n\nexample_weights = tf.constant((0.0), dtype=tf.float32)\nexample_labels = tf.constant((0.0), dtype=tf.float32)\n\nsparse_indices = [tf.constant((0), dtype=tf.int64), tf.constant((0), dtype=tf.int64)]\nsparse_weights = [tf.constant((0.0), dtype=tf.float32), tf.constant((0.0), dtype=tf.float32)]\n  \nexample_state_data = tf.constant([0.0, 0.0, 0.0, 0.0], shape=[1, 4], dtype=tf.float32)\n  \ntf.raw_ops.SdcaOptimizer(\n  sparse_example_indices=sparse_example_indices,\n  sparse_feature_indices=sparse_feature_indices,\n  sparse_feature_values=sparse_feature_values, dense_features=dense_features,\n  example_weights=example_weights, example_labels=example_labels, \n  sparse_indices=sparse_indices, sparse_weights=sparse_weights, \n  dense_weights=dense_weights, example_state_data=example_state_data,\n  loss_type=\"logistic_loss\", l1=0.0, l2=0.0, num_loss_partitions=1,\n  num_inner_iterations=1, adaptative=False)\n```\n\nThe [implementation](https://github.com/tensorflow/tensorflow/blob/60a45c8b6192a4699f2e2709a2645a751d435cc3/tensorflow/core/kernels/sdca_internal.cc) does not validate that the user supplied arguments satisfy all [constraints expected by the op](https://www.tensorflow.org/api_docs/python/tf/raw_ops/SdcaOptimizer).\n\n### Patches\nWe have patched the issue in GitHub commit [f7cc8755ac6683131fdfa7a8a121f9d7a9dec6fb](https://github.com/tensorflow/tensorflow/commit/f7cc8755ac6683131fdfa7a8a121f9d7a9dec6fb).\n\nThe fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by Ying Wang and Yakun Zhang of Baidu X-Team.",
  "id": "GHSA-5gqf-456p-4836",
  "modified": "2024-10-31T21:03:55Z",
  "published": "2021-05-21T14:25:31Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5gqf-456p-4836"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29572"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/commit/f7cc8755ac6683131fdfa7a8a121f9d7a9dec6fb"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-500.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-698.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-209.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tensorflow/tensorflow"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Reference binding to nullptr in `SdcaOptimizer`"
}

GHSA-5GQM-QPGC-V969

Vulnerability from github – Published: 2023-02-03 18:30 – Updated: 2023-02-10 03:30
VLAI
Details

An issue was found in MojoJson v1.2.3 allows attackers to execute arbitary code via the destroy function.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-23087"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-03T18:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was found in MojoJson v1.2.3 allows attackers to execute arbitary code via the destroy function.",
  "id": "GHSA-5gqm-qpgc-v969",
  "modified": "2023-02-10T03:30:18Z",
  "published": "2023-02-03T18:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23087"
    },
    {
      "type": "WEB",
      "url": "https://github.com/scottcgi/MojoJson/issues/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5GV9-WQV9-XFXQ

Vulnerability from github – Published: 2026-06-26 21:32 – Updated: 2026-07-06 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

reset: amlogic: t7: Fix null reset ops

Fix missing reset ops causing kernel null pointer dereference. This SOC's reset is currently not used yet.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-53301"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-26T20:17:23Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nreset: amlogic: t7: Fix null reset ops\n\nFix missing reset ops causing kernel null pointer dereference.\nThis SOC\u0027s reset is currently not used yet.",
  "id": "GHSA-5gv9-wqv9-xfxq",
  "modified": "2026-07-06T21:30:25Z",
  "published": "2026-06-26T21:32:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53301"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/463a0885de665d3f36e219c5502584b99fa61c85"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9797524ef2b69c6b187b55bd844eb72a8c1cbd99"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cde69482d2e6834dcd4ed675d1ef84e48627ee9f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.