CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-6GCR-47JJ-9VWP
Vulnerability from github – Published: 2022-05-14 01:49 – Updated: 2022-05-14 01:49Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference in the function find_label in asm/labels.c that will lead to a DoS attack.
{
"affected": [],
"aliases": [
"CVE-2018-19209"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-11-12T19:29:00Z",
"severity": "MODERATE"
},
"details": "Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference in the function find_label in asm/labels.c that will lead to a DoS attack.",
"id": "GHSA-6gcr-47jj-9vwp",
"modified": "2022-05-14T01:49:43Z",
"published": "2022-05-14T01:49:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19209"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1115797"
},
{
"type": "WEB",
"url": "https://repo.or.cz/nasm.git/commitdiff/e996d28c70d45008085322b442b44a9224308548"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6GH5-4FVC-RW6C
Vulnerability from github – Published: 2025-03-27 18:31 – Updated: 2025-04-15 15:30In the Linux kernel, the following vulnerability has been resolved:
usb: typec: ucsi: Don't attempt to resume the ports before they exist
This will fix null pointer dereference that was caused by the driver attempting to resume ports that were not yet registered.
{
"affected": [],
"aliases": [
"CVE-2023-52938"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-27T17:15:43Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Don\u0027t attempt to resume the ports before they exist\n\nThis will fix null pointer dereference that was caused by\nthe driver attempting to resume ports that were not yet\nregistered.",
"id": "GHSA-6gh5-4fvc-rw6c",
"modified": "2025-04-15T15:30:46Z",
"published": "2025-03-27T18:31:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52938"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f82060da749c611ed427523b6d1605d87338aac1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fdd11d7136fd070b3a74d6d8799d9eac28a57fc5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6GHP-VVQP-VXV2
Vulnerability from github – Published: 2022-06-15 00:00 – Updated: 2022-06-23 00:00Possible null pointer dereference due to improper validation of RRC connection reconfiguration message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
{
"affected": [],
"aliases": [
"CVE-2021-35076"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-14T10:15:00Z",
"severity": "HIGH"
},
"details": "Possible null pointer dereference due to improper validation of RRC connection reconfiguration message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile",
"id": "GHSA-6ghp-vvqp-vxv2",
"modified": "2022-06-23T00:00:22Z",
"published": "2022-06-15T00:00:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35076"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6GM8-3G4H-W82M
Vulnerability from github – Published: 2026-04-01 22:59 – Updated: 2026-04-06 17:32Summary
Ella Core panics when processing a NGAP handover failure message.
Impact
If an attacker can force a gNodeB to send NGAP handover failure messages to Ella Core, the process will crash, thereby disrupting service for all connected subscribers.
Fix
Improve guards in NGAP handover handlers.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.7.0"
},
"package": {
"ecosystem": "Go",
"name": "github.com/ellanetworks/core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.8.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-34761"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-01T22:59:12Z",
"nvd_published_at": "2026-04-02T20:16:25Z",
"severity": "MODERATE"
},
"details": "## Summary\n\nElla Core panics when processing a NGAP handover failure message.\n\n## Impact\n\nIf an attacker can force a gNodeB to send NGAP handover failure messages to Ella Core, the process will crash, thereby disrupting service for all connected subscribers.\n\n## Fix \n\nImprove guards in NGAP handover handlers.",
"id": "GHSA-6gm8-3g4h-w82m",
"modified": "2026-04-06T17:32:47Z",
"published": "2026-04-01T22:59:12Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ellanetworks/core/security/advisories/GHSA-6gm8-3g4h-w82m"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34761"
},
{
"type": "PACKAGE",
"url": "https://github.com/ellanetworks/core"
},
{
"type": "WEB",
"url": "https://github.com/ellanetworks/core/releases/tag/v1.8.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Ella Core Panics Upon NGAP handover failure"
}
GHSA-6GPC-MJXQ-HJ23
Vulnerability from github – Published: 2025-12-18 21:31 – Updated: 2025-12-19 18:31A denial-of-service vulnerability exists in the omec-project UPF (pfcpiface component) in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association is established, a PFCP Session Establishment Request that is missing the mandatory F-SEID (CPF-SEID) Information Element is not properly validated. The session establishment handler calls IE.FSEID() on a nil pointer, which triggers a panic and terminates the UPF process. An attacker who can send PFCP Session Establishment Request messages to the UPF's N4/PFCP endpoint can exploit this issue to repeatedly crash the UPF and disrupt user-plane services.
{
"affected": [],
"aliases": [
"CVE-2025-65565"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-18T19:16:34Z",
"severity": "HIGH"
},
"details": "A denial-of-service vulnerability exists in the omec-project UPF (pfcpiface component) in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association is established, a PFCP Session Establishment Request that is missing the mandatory F-SEID (CPF-SEID) Information Element is not properly validated. The session establishment handler calls IE.FSEID() on a nil pointer, which triggers a panic and terminates the UPF process. An attacker who can send PFCP Session Establishment Request messages to the UPF\u0027s N4/PFCP endpoint can exploit this issue to repeatedly crash the UPF and disrupt user-plane services.",
"id": "GHSA-6gpc-mjxq-hj23",
"modified": "2025-12-19T18:31:12Z",
"published": "2025-12-18T21:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65565"
},
{
"type": "WEB",
"url": "https://github.com/omec-project/upf/issues/957"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6GV8-FGF9-GQGC
Vulnerability from github – Published: 2025-04-14 21:32 – Updated: 2025-04-14 21:32In the Linux kernel, the following vulnerability has been resolved:
powerpc/papr_scm: don't requests stats with '0' sized stats buffer
Sachin reported [1] that on a POWER-10 lpar he is seeing a kernel panic being reported with vPMEM when papr_scm probe is being called. The panic is of the form below and is observed only with following option disabled(profile) for the said LPAR 'Enable Performance Information Collection' in the HMC:
Kernel attempted to write user page (1c) - exploit attempt? (uid: 0) BUG: Kernel NULL pointer dereference on write at 0x0000001c Faulting instruction address: 0xc008000001b90844 Oops: Kernel access of bad area, sig: 11 [#1] NIP [c008000001b90844] drc_pmem_query_stats+0x5c/0x270 [papr_scm] LR [c008000001b92794] papr_scm_probe+0x2ac/0x6ec [papr_scm] Call Trace: 0xc00000000941bca0 (unreliable) papr_scm_probe+0x2ac/0x6ec [papr_scm] platform_probe+0x98/0x150 really_probe+0xfc/0x510 __driver_probe_device+0x17c/0x230 ---[ end trace 0000000000000000 ]--- Kernel panic - not syncing: Fatal exception
On investigation looks like this panic was caused due to a 'stat_buffer' of size==0 being provided to drc_pmem_query_stats() to fetch all performance stats-ids of an NVDIMM. However drc_pmem_query_stats() shouldn't have been called since the vPMEM NVDIMM doesn't support and performance stat-id's. This was caused due to missing check for 'p->stat_buffer_len' at the beginning of papr_scm_pmu_check_events() which indicates that the NVDIMM doesn't support performance-stats.
Fix this by introducing the check for 'p->stat_buffer_len' at the beginning of papr_scm_pmu_check_events().
[1] https://lore.kernel.org/all/6B3A522A-6A5F-4CC9-B268-0C63AA6E07D3@linux.ibm.com
{
"affected": [],
"aliases": [
"CVE-2022-49353"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:12Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/papr_scm: don\u0027t requests stats with \u00270\u0027 sized stats buffer\n\nSachin reported [1] that on a POWER-10 lpar he is seeing a kernel panic being\nreported with vPMEM when papr_scm probe is being called. The panic is of the\nform below and is observed only with following option disabled(profile) for the\nsaid LPAR \u0027Enable Performance Information Collection\u0027 in the HMC:\n\n Kernel attempted to write user page (1c) - exploit attempt? (uid: 0)\n BUG: Kernel NULL pointer dereference on write at 0x0000001c\n Faulting instruction address: 0xc008000001b90844\n Oops: Kernel access of bad area, sig: 11 [#1]\n\u003csnip\u003e\n NIP [c008000001b90844] drc_pmem_query_stats+0x5c/0x270 [papr_scm]\n LR [c008000001b92794] papr_scm_probe+0x2ac/0x6ec [papr_scm]\n Call Trace:\n 0xc00000000941bca0 (unreliable)\n papr_scm_probe+0x2ac/0x6ec [papr_scm]\n platform_probe+0x98/0x150\n really_probe+0xfc/0x510\n __driver_probe_device+0x17c/0x230\n\u003csnip\u003e\n ---[ end trace 0000000000000000 ]---\n Kernel panic - not syncing: Fatal exception\n\nOn investigation looks like this panic was caused due to a \u0027stat_buffer\u0027 of\nsize==0 being provided to drc_pmem_query_stats() to fetch all performance\nstats-ids of an NVDIMM. However drc_pmem_query_stats() shouldn\u0027t have been called\nsince the vPMEM NVDIMM doesn\u0027t support and performance stat-id\u0027s. This was caused\ndue to missing check for \u0027p-\u003estat_buffer_len\u0027 at the beginning of\npapr_scm_pmu_check_events() which indicates that the NVDIMM doesn\u0027t support\nperformance-stats.\n\nFix this by introducing the check for \u0027p-\u003estat_buffer_len\u0027 at the beginning of\npapr_scm_pmu_check_events().\n\n[1] https://lore.kernel.org/all/6B3A522A-6A5F-4CC9-B268-0C63AA6E07D3@linux.ibm.com",
"id": "GHSA-6gv8-fgf9-gqgc",
"modified": "2025-04-14T21:32:22Z",
"published": "2025-04-14T21:32:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49353"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/07bf9431b1590d1cd7a8d62075d0b50b073f0495"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e1295aab2ebcda1c1a9ed342baedc080e5c393e5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6GV8-P3VJ-PXVR
Vulnerability from github – Published: 2021-08-25 14:43 – Updated: 2024-11-13 17:23Impact
The code for tf.raw_ops.UncompressElement can be made to trigger a null pointer dereference:
import tensorflow as tf
data = tf.data.Dataset.from_tensors([0.0])
tf.raw_ops.UncompressElement(
compressed=tf.data.experimental.to_variant(data),
output_types=[tf.int64],
output_shapes=[2])
The implementation obtains a pointer to a CompressedElement from a Variant tensor and then proceeds to dereference it for decompressing. There is no check that the Variant tensor contained a CompressedElement, so the pointer is actually nullptr.
Patches
We have patched the issue in GitHub commit 7bdf50bb4f5c54a4997c379092888546c97c3ebd.
The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by members of the Aivul Team from Qihoo 360.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.5.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.5.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.5.0"
]
}
],
"aliases": [
"CVE-2021-37649"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-23T21:14:27Z",
"nvd_published_at": "2021-08-12T19:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\nThe code for `tf.raw_ops.UncompressElement` can be made to trigger a null pointer dereference: \n\n```python\nimport tensorflow as tf\n\ndata = tf.data.Dataset.from_tensors([0.0])\ntf.raw_ops.UncompressElement(\n compressed=tf.data.experimental.to_variant(data),\n output_types=[tf.int64],\n output_shapes=[2])\n```\n \nThe [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/data/experimental/compression_ops.cc#L50-L53) obtains a pointer to a `CompressedElement` from a `Variant` tensor and then proceeds to dereference it for decompressing. There is no check that the `Variant` tensor contained a `CompressedElement`, so the pointer is actually `nullptr`.\n\n### Patches\nWe have patched the issue in GitHub commit [7bdf50bb4f5c54a4997c379092888546c97c3ebd](https://github.com/tensorflow/tensorflow/commit/7bdf50bb4f5c54a4997c379092888546c97c3ebd).\n\nThe fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by members of the Aivul Team from Qihoo 360.",
"id": "GHSA-6gv8-p3vj-pxvr",
"modified": "2024-11-13T17:23:51Z",
"published": "2021-08-25T14:43:27Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6gv8-p3vj-pxvr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37649"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/7bdf50bb4f5c54a4997c379092888546c97c3ebd"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-562.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-760.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-271.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Null pointer dereference in `UncompressElement`"
}
GHSA-6GX3-9944-XMMR
Vulnerability from github – Published: 2024-10-21 21:30 – Updated: 2024-10-25 18:30In the Linux kernel, the following vulnerability has been resolved:
ASoC: soc-pcm: Add NULL check in BE reparenting
Add NULL check in dpcm_be_reparent API, to handle kernel NULL pointer dereference error. The issue occurred in fuzzing test.
{
"affected": [],
"aliases": [
"CVE-2022-48992"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T20:15:11Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: soc-pcm: Add NULL check in BE reparenting\n\nAdd NULL check in dpcm_be_reparent API, to handle\nkernel NULL pointer dereference error.\nThe issue occurred in fuzzing test.",
"id": "GHSA-6gx3-9944-xmmr",
"modified": "2024-10-25T18:30:48Z",
"published": "2024-10-21T21:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48992"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0760acc2e6598ad4f7bd3662db2d907ef0838139"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/34a9796bf0684bfd54e96a142560d560c21c983b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9f74b9aa8d58c18927bb9b65dd5ba70a5fd61615"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d4dd21a79dbb862d2ebcf9ed90e646416009ff0d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/db8f91d424fe0ea6db337aca8bc05908bbce1498"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e7166d6821c15f3516bcac8ae3f155924da1908c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f2ba66d8738584d124aff4e760ed1337f5f6dfb6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f6f45e538328df9ce66aa61bafee1a5717c4b700"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6GX5-FPWH-H99M
Vulnerability from github – Published: 2022-05-14 01:39 – Updated: 2022-05-14 01:39An issue was discovered in lib60870 2.1.1. LinkLayer_setAddress in link_layer/link_layer.c has a NULL pointer dereference.
{
"affected": [],
"aliases": [
"CVE-2019-6137"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-01-11T17:29:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in lib60870 2.1.1. LinkLayer_setAddress in link_layer/link_layer.c has a NULL pointer dereference.",
"id": "GHSA-6gx5-fpwh-h99m",
"modified": "2022-05-14T01:39:14Z",
"published": "2022-05-14T01:39:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6137"
},
{
"type": "WEB",
"url": "https://github.com/mz-automation/lib60870/issues/39"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6H2G-R5XM-682C
Vulnerability from github – Published: 2022-05-17 00:20 – Updated: 2022-05-17 00:20The Node_ValidatePtr function in corec/corec/node/node.c in mkclean 0.8.9 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.
{
"affected": [],
"aliases": [
"CVE-2017-12803"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-11-10T02:29:00Z",
"severity": "MODERATE"
},
"details": "The Node_ValidatePtr function in corec/corec/node/node.c in mkclean 0.8.9 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.",
"id": "GHSA-6h2g-r5xm-682c",
"modified": "2022-05-17T00:20:54Z",
"published": "2022-05-17T00:20:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12803"
},
{
"type": "WEB",
"url": "https://github.com/Matroska-Org/foundation-source/issues/24"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/144902/mkvalidator-0.5.1-Denial-Of-Service.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2017/Nov/19"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.