Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-6PQ3-8569-3687

Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2022-05-24 19:05
VLAI
Details

In RenderStruct of protostream_objectsource.cc, there is a possible crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179161711

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-0555"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-22T11:15:00Z",
    "severity": "HIGH"
  },
  "details": "In RenderStruct of protostream_objectsource.cc, there is a possible crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179161711",
  "id": "GHSA-6pq3-8569-3687",
  "modified": "2022-05-24T19:05:57Z",
  "published": "2022-05-24T19:05:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0555"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2021-06-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-6PW8-39HW-QCP8

Vulnerability from github – Published: 2024-10-21 18:30 – Updated: 2025-11-04 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix a NULL pointer dereference when failed to start a new trasacntion

[BUG] Syzbot reported a NULL pointer dereference with the following crash:

FAULT_INJECTION: forcing a failure. start_transaction+0x830/0x1670 fs/btrfs/transaction.c:676 prepare_to_relocate+0x31f/0x4c0 fs/btrfs/relocation.c:3642 relocate_block_group+0x169/0xd20 fs/btrfs/relocation.c:3678 ... BTRFS info (device loop0): balance: ended with status: -12 Oops: general protection fault, probably for non-canonical address 0xdffffc00000000cc: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000660-0x0000000000000667] RIP: 0010:btrfs_update_reloc_root+0x362/0xa80 fs/btrfs/relocation.c:926 Call Trace: commit_fs_roots+0x2ee/0x720 fs/btrfs/transaction.c:1496 btrfs_commit_transaction+0xfaf/0x3740 fs/btrfs/transaction.c:2430 del_balance_item fs/btrfs/volumes.c:3678 [inline] reset_balance_state+0x25e/0x3c0 fs/btrfs/volumes.c:3742 btrfs_balance+0xead/0x10c0 fs/btrfs/volumes.c:4574 btrfs_ioctl_balance+0x493/0x7c0 fs/btrfs/ioctl.c:3673 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f

[CAUSE] The allocation failure happens at the start_transaction() inside prepare_to_relocate(), and during the error handling we call unset_reloc_control(), which makes fs_info->balance_ctl to be NULL.

Then we continue the error path cleanup in btrfs_balance() by calling reset_balance_state() which will call del_balance_item() to fully delete the balance item in the root tree.

However during the small window between set_reloc_contrl() and unset_reloc_control(), we can have a subvolume tree update and created a reloc_root for that subvolume.

Then we go into the final btrfs_commit_transaction() of del_balance_item(), and into btrfs_update_reloc_root() inside commit_fs_roots().

That function checks if fs_info->reloc_ctl is in the merge_reloc_tree stage, but since fs_info->reloc_ctl is NULL, it results a NULL pointer dereference.

[FIX] Just add extra check on fs_info->reloc_ctl inside btrfs_update_reloc_root(), before checking fs_info->reloc_ctl->merge_reloc_tree.

That DEAD_RELOC_TREE handling is to prevent further modification to the reloc tree during merge stage, but since there is no reloc_ctl at all, we do not need to bother that.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49868"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T18:15:06Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix a NULL pointer dereference when failed to start a new trasacntion\n\n[BUG]\nSyzbot reported a NULL pointer dereference with the following crash:\n\n  FAULT_INJECTION: forcing a failure.\n   start_transaction+0x830/0x1670 fs/btrfs/transaction.c:676\n   prepare_to_relocate+0x31f/0x4c0 fs/btrfs/relocation.c:3642\n   relocate_block_group+0x169/0xd20 fs/btrfs/relocation.c:3678\n  ...\n  BTRFS info (device loop0): balance: ended with status: -12\n  Oops: general protection fault, probably for non-canonical address 0xdffffc00000000cc: 0000 [#1] PREEMPT SMP KASAN NOPTI\n  KASAN: null-ptr-deref in range [0x0000000000000660-0x0000000000000667]\n  RIP: 0010:btrfs_update_reloc_root+0x362/0xa80 fs/btrfs/relocation.c:926\n  Call Trace:\n   \u003cTASK\u003e\n   commit_fs_roots+0x2ee/0x720 fs/btrfs/transaction.c:1496\n   btrfs_commit_transaction+0xfaf/0x3740 fs/btrfs/transaction.c:2430\n   del_balance_item fs/btrfs/volumes.c:3678 [inline]\n   reset_balance_state+0x25e/0x3c0 fs/btrfs/volumes.c:3742\n   btrfs_balance+0xead/0x10c0 fs/btrfs/volumes.c:4574\n   btrfs_ioctl_balance+0x493/0x7c0 fs/btrfs/ioctl.c:3673\n   vfs_ioctl fs/ioctl.c:51 [inline]\n   __do_sys_ioctl fs/ioctl.c:907 [inline]\n   __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:893\n   do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n   do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n   entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n[CAUSE]\nThe allocation failure happens at the start_transaction() inside\nprepare_to_relocate(), and during the error handling we call\nunset_reloc_control(), which makes fs_info-\u003ebalance_ctl to be NULL.\n\nThen we continue the error path cleanup in btrfs_balance() by calling\nreset_balance_state() which will call del_balance_item() to fully delete\nthe balance item in the root tree.\n\nHowever during the small window between set_reloc_contrl() and\nunset_reloc_control(), we can have a subvolume tree update and created a\nreloc_root for that subvolume.\n\nThen we go into the final btrfs_commit_transaction() of\ndel_balance_item(), and into btrfs_update_reloc_root() inside\ncommit_fs_roots().\n\nThat function checks if fs_info-\u003ereloc_ctl is in the merge_reloc_tree\nstage, but since fs_info-\u003ereloc_ctl is NULL, it results a NULL pointer\ndereference.\n\n[FIX]\nJust add extra check on fs_info-\u003ereloc_ctl inside\nbtrfs_update_reloc_root(), before checking\nfs_info-\u003ereloc_ctl-\u003emerge_reloc_tree.\n\nThat DEAD_RELOC_TREE handling is to prevent further modification to the\nreloc tree during merge stage, but since there is no reloc_ctl at all,\nwe do not need to bother that.",
  "id": "GHSA-6pw8-39hw-qcp8",
  "modified": "2025-11-04T00:31:40Z",
  "published": "2024-10-21T18:30:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49868"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1282f001cbf56e5dd6e90a18e205a566793f4be0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/37fee9c220b92c3b7bf22b51c51dde5364e7590b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/39356ec0e319ed07627b3a0f402d0608546509e6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7ad0c5868f2f0418619089513d95230c66cb7eb4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c3b47f49e83197e8dffd023ec568403bcdbb774b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d13249c0df7aab885acb149695f82c54c0822a70"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d73d48acf36f57362df7e4f9d76568168bf5e944"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dc02c1440705e3451abd1c2c8114a5c1bb188e9f"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6PXX-9RR9-J7H4

Vulnerability from github – Published: 2023-06-06 06:30 – Updated: 2024-04-04 04:33
VLAI
Details

In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-48442"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476",
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-06T06:15:50Z",
    "severity": "MODERATE"
  },
  "details": "In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.",
  "id": "GHSA-6pxx-9rr9-j7h4",
  "modified": "2024-04-04T04:33:02Z",
  "published": "2023-06-06T06:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48442"
    },
    {
      "type": "WEB",
      "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1664822361414762498"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6Q3C-X5WM-6W9C

Vulnerability from github – Published: 2022-03-12 00:00 – Updated: 2022-03-19 00:01
VLAI
Details

Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-0907"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-11T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.",
  "id": "GHSA-6q3c-x5wm-6w9c",
  "modified": "2022-03-19T00:01:14Z",
  "published": "2022-03-12T00:00:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0907"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0907.json"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/libtiff/libtiff/-/issues/392"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/314"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202210-10"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220506-0002"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5108"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6Q42-8X5P-5C72

Vulnerability from github – Published: 2025-08-19 18:31 – Updated: 2025-11-26 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type()

In ath12k_dp_tx_get_encap_type(), the arvif parameter is only used to retrieve the ab pointer. In vdev delete sequence the arvif->ar could become NULL and that would trigger kernel panic. Since the caller ath12k_dp_tx() already has a valid ab pointer, pass it directly to avoid panic and unnecessary dereferencing.

PC points to "ath12k_dp_tx+0x228/0x988 [ath12k]" LR points to "ath12k_dp_tx+0xc8/0x988 [ath12k]". The Backtrace obtained is as follows: ath12k_dp_tx+0x228/0x988 [ath12k] ath12k_mac_tx_check_max_limit+0x608/0x920 [ath12k] ieee80211_process_measurement_req+0x320/0x348 [mac80211] ieee80211_tx_dequeue+0x9ac/0x1518 [mac80211] ieee80211_tx_dequeue+0xb14/0x1518 [mac80211] ieee80211_tx_prepare_skb+0x224/0x254 [mac80211] ieee80211_xmit+0xec/0x100 [mac80211] __ieee80211_subif_start_xmit+0xc50/0xf40 [mac80211] ieee80211_subif_start_xmit+0x2e8/0x308 [mac80211] netdev_start_xmit+0x150/0x18c dev_hard_start_xmit+0x74/0xc0

Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38605"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-19T17:15:38Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type()\n\nIn ath12k_dp_tx_get_encap_type(), the arvif parameter is only used to\nretrieve the ab pointer. In vdev delete sequence the arvif-\u003ear could\nbecome NULL and that would trigger kernel panic.\nSince the caller ath12k_dp_tx() already has a valid ab pointer, pass it\ndirectly to avoid panic and unnecessary dereferencing.\n\nPC points to \"ath12k_dp_tx+0x228/0x988 [ath12k]\"\nLR points to \"ath12k_dp_tx+0xc8/0x988 [ath12k]\".\nThe Backtrace obtained is as follows:\nath12k_dp_tx+0x228/0x988 [ath12k]\nath12k_mac_tx_check_max_limit+0x608/0x920 [ath12k]\nieee80211_process_measurement_req+0x320/0x348 [mac80211]\nieee80211_tx_dequeue+0x9ac/0x1518 [mac80211]\nieee80211_tx_dequeue+0xb14/0x1518 [mac80211]\nieee80211_tx_prepare_skb+0x224/0x254 [mac80211]\nieee80211_xmit+0xec/0x100 [mac80211]\n__ieee80211_subif_start_xmit+0xc50/0xf40 [mac80211]\nieee80211_subif_start_xmit+0x2e8/0x308 [mac80211]\nnetdev_start_xmit+0x150/0x18c\ndev_hard_start_xmit+0x74/0xc0\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1",
  "id": "GHSA-6q42-8x5p-5c72",
  "modified": "2025-11-26T18:30:58Z",
  "published": "2025-08-19T18:31:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38605"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/05062834350f0bf7ad1abcebc2807220e90220eb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b508f370f88f277c95e2bd3bc47217a96d668cee"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ee4f8e7fa578f9f28cef5f409677db25f4f83d7e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6Q68-7VW9-JPJ7

Vulnerability from github – Published: 2025-09-05 18:31 – Updated: 2026-05-12 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Avoid a NULL pointer dereference

[WHY] Although unlikely drm_atomic_get_new_connector_state() or drm_atomic_get_old_connector_state() can return NULL.

[HOW] Check returns before dereference.

(cherry picked from commit 1e5e8d672fec9f2ab352be121be971877bff2af9)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-39693"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-05T18:15:46Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid a NULL pointer dereference\n\n[WHY]\nAlthough unlikely drm_atomic_get_new_connector_state() or\ndrm_atomic_get_old_connector_state() can return NULL.\n\n[HOW]\nCheck returns before dereference.\n\n(cherry picked from commit 1e5e8d672fec9f2ab352be121be971877bff2af9)",
  "id": "GHSA-6q68-7vw9-jpj7",
  "modified": "2026-05-12T15:31:03Z",
  "published": "2025-09-05T18:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39693"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/07b93a5704b0b72002f0c4bd1076214af67dc661"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0c1a486cbe6f9cb194e3c4a8ade4af2a642ba165"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/36a6b43573d152736eaf2557fe60580dd73e9350"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6f860abff89417c0354b6ee5bbca188a233c5762"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9c92d12b5cb9d9d88c12ae71794d3a7382fcdec0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f653dd30839eb4f573a7539e90b8a58ff9bedf2f"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6Q93-CJ3X-7Q92

Vulnerability from github – Published: 2022-05-14 01:32 – Updated: 2022-05-14 01:32
VLAI
Details

Ming (aka libming) 0.4.8 has a NULL pointer dereference in the function getString() in the decompile.c file in libutil.a.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-9113"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-02-25T04:29:00Z",
    "severity": "HIGH"
  },
  "details": "Ming (aka libming) 0.4.8 has a NULL pointer dereference in the function getString() in the decompile.c file in libutil.a.",
  "id": "GHSA-6q93-cj3x-7q92",
  "modified": "2022-05-14T01:32:35Z",
  "published": "2022-05-14T01:32:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9113"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libming/libming/issues/171"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6QMP-435X-JM84

Vulnerability from github – Published: 2024-06-07 00:30 – Updated: 2024-08-23 21:30
VLAI
Details

robdns commit d76d2e6 was discovered to contain a NULL pointer dereference via the item->tokens component at /src/conf-parse.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-24194"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-06T22:15:10Z",
    "severity": "HIGH"
  },
  "details": "robdns commit d76d2e6 was discovered to contain a NULL pointer dereference via the item-\u003etokens component at /src/conf-parse.c.",
  "id": "GHSA-6qmp-435x-jm84",
  "modified": "2024-08-23T21:30:41Z",
  "published": "2024-06-07T00:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24194"
    },
    {
      "type": "WEB",
      "url": "https://github.com/robertdavidgraham/robdns/issues/10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6QPR-J96R-RH4V

Vulnerability from github – Published: 2022-04-30 18:09 – Updated: 2024-08-02 00:31
VLAI
Details

IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-1999-0052"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "1998-11-04T05:00:00Z",
    "severity": "MODERATE"
  },
  "details": "IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash.",
  "id": "GHSA-6qpr-j96r-rh4v",
  "modified": "2024-08-02T00:31:24Z",
  "published": "2022-04-30T18:09:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-1999-0052"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1389"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/908"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6QV5-C3F6-2JWR

Vulnerability from github – Published: 2022-05-14 00:55 – Updated: 2022-05-14 00:55
VLAI
Details

Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-15855"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-08-25T21:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled.",
  "id": "GHSA-6qv5-c3f6-2jwr",
  "modified": "2022-05-14T00:55:00Z",
  "published": "2022-05-14T00:55:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15855"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xkbcommon/libxkbcommon/commit/917636b1d0d70205a13f89062b95e3a0fc31d4ff"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2079"
    },
    {
      "type": "WEB",
      "url": "https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201810-05"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3786-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3786-2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.