Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-7235-89M6-F4PX

Vulnerability from github – Published: 2026-04-29 20:43 – Updated: 2026-05-08 20:42
VLAI
Summary
GoBGP has Remote Denial of Service (Panic) via Malformed Well-known Path Attribute
Details

Summary

A remote Denial of Service (DoS) vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as "Well-known," the daemon fails to interrupt the message handling flow. This results in an illegal memory access and a full process crash (panic).

Details

The vulnerability is located in the Finite State Machine (FSM) message handling loop in pkg/server/fsm.go. According to RFC 4271, any Path Attribute with the Optional bit set to 0 is treated as "Well-known." If the Type Code is unrecognized, the BGP speaker MUST send a NOTIFICATION message.

In GoBGP v4.3.0, when such an attribute (e.g., Type 0xEE or 0xFF with flags 0x40) is received, the parsing layer identifies the error. However, the logic in recvMessageloop (around Line 1826) does not properly halt execution. It proceeds to reference the body of the parsed message. Because the message was deemed invalid during the initial attribute check, the body pointer is nil, leading to: panic: runtime error: invalid memory address or nil pointer dereference.

This bypasses the intended error-handling mechanism and causes the entire BGP daemon to terminate, rather than just closing the affected session.

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0xc225e4]

goroutine 50 [running]:
github.com/osrg/gobgp/v4/pkg/server.(*fsmHandler).recvMessageloop(0x19f29bca92c0, {0x10069f0, 0x19f29bc48780}, {0x1014658, 0x19f29bc2a890}, 0x19f29baa0540, 0x19f29bc393b0, 0x19f29bc96cc0?)
        /home/base/Desktop/gobgp/pkg/server/fsm.go:1826 +0xa44
created by github.com/osrg/gobgp/v4/pkg/server.(*fsmHandler).established in goroutine 37
        /home/base/Desktop/gobgp/pkg/server/fsm.go:1916 +0x2d5
exit status 2

PoC

GoBGP Version: v4.3.0 Configure GoBGP with a neighbor (e.g., 192.168.31.195) in passive mode. Establish a standard BGP session (OPEN/KEEPALIVE exchange). Send a specifically crafted UPDATE packet containing an unrecognized Type Code marked as "Well-known" (Optional bit = 0). Payload 1 (Hex):

FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
00 17                # Length: 23
02                   # Type: UPDATE
00 00                # Withdrawn Routes Length: 0
00 04                # Total Path Attribute Length: 4     
40 EE 00             # Flag: 0x40 (Well-known, Transitive), Type: 0xEE (Unknown), Len: 0

Payload 2 (Hex):

FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
00 17                # Length: 23
02                   # Type: UPDATE
00 00                # Withdrawn Routes Length: 0
00 04                # Total Path Attribute Length: 4     
40 01 01 00          # IGP Attribute
40 FF 00             # Flag: 0x40 (Well-known, Transitive), Type: 0xFF (Unknown), Len: 0

Impact

This vulnerability affects all GoBGP deployments peering with external or internal speakers. A single malformed UPDATE message from any peer can trigger a nil pointer dereference, causing the GoBGP daemon to panic and crash.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/osrg/gobgp/v4"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.3.0"
            },
            {
              "fixed": "4.4.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "4.3.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2026-41642"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-29T20:43:36Z",
    "nvd_published_at": "2026-05-07T12:16:17Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nA remote Denial of Service (DoS) vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as \"Well-known,\" the daemon fails to interrupt the message handling flow. This results in an illegal memory access and a full process crash (panic).\n\n### Details\nThe vulnerability is located in the Finite State Machine (FSM) message handling loop in pkg/server/fsm.go.\nAccording to RFC 4271, any Path Attribute with the Optional bit set to 0 is treated as \"Well-known.\" If the Type Code is unrecognized, the BGP speaker MUST send a NOTIFICATION message.\n\nIn GoBGP v4.3.0, when such an attribute (e.g., Type 0xEE or 0xFF with flags 0x40) is received, the parsing layer identifies the error. However, the logic in recvMessageloop (around Line 1826) does not properly halt execution. It proceeds to reference the body of the parsed message. Because the message was deemed invalid during the initial attribute check, the body pointer is nil, leading to:\npanic: runtime error: invalid memory address or nil pointer dereference.\n\nThis bypasses the intended error-handling mechanism and causes the entire BGP daemon to terminate, rather than just closing the affected session.\n\n```\npanic: runtime error: invalid memory address or nil pointer dereference\n[signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0xc225e4]\n\ngoroutine 50 [running]:\ngithub.com/osrg/gobgp/v4/pkg/server.(*fsmHandler).recvMessageloop(0x19f29bca92c0, {0x10069f0, 0x19f29bc48780}, {0x1014658, 0x19f29bc2a890}, 0x19f29baa0540, 0x19f29bc393b0, 0x19f29bc96cc0?)\n        /home/base/Desktop/gobgp/pkg/server/fsm.go:1826 +0xa44\ncreated by github.com/osrg/gobgp/v4/pkg/server.(*fsmHandler).established in goroutine 37\n        /home/base/Desktop/gobgp/pkg/server/fsm.go:1916 +0x2d5\nexit status 2\n\n```\n\n### PoC\nGoBGP Version: v4.3.0\nConfigure GoBGP with a neighbor (e.g., 192.168.31.195) in passive mode.\nEstablish a standard BGP session (OPEN/KEEPALIVE exchange).\nSend a specifically crafted UPDATE packet containing an unrecognized Type Code marked as \"Well-known\" (Optional bit = 0).\nPayload 1 (Hex):\n```\nFF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF\n00 17                # Length: 23\n02                   # Type: UPDATE\n00 00                # Withdrawn Routes Length: 0\n00 04                # Total Path Attribute Length: 4     \n40 EE 00             # Flag: 0x40 (Well-known, Transitive), Type: 0xEE (Unknown), Len: 0\n```\nPayload 2 (Hex):\n```\nFF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF\n00 17                # Length: 23\n02                   # Type: UPDATE\n00 00                # Withdrawn Routes Length: 0\n00 04                # Total Path Attribute Length: 4     \n40 01 01 00          # IGP Attribute\n40 FF 00             # Flag: 0x40 (Well-known, Transitive), Type: 0xFF (Unknown), Len: 0\n```\n### Impact\nThis vulnerability affects all GoBGP deployments peering with external or internal speakers. A single malformed UPDATE message from any peer can trigger a nil pointer dereference, causing the GoBGP daemon to panic and crash.",
  "id": "GHSA-7235-89m6-f4px",
  "modified": "2026-05-08T20:42:26Z",
  "published": "2026-04-29T20:43:36Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/osrg/gobgp/security/advisories/GHSA-7235-89m6-f4px"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41642"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/osrg/gobgp"
    },
    {
      "type": "WEB",
      "url": "https://github.com/osrg/gobgp/releases/tag/v4.4.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "GoBGP has Remote Denial of Service (Panic) via Malformed Well-known Path Attribute"
}

GHSA-7246-CVP4-G68W

Vulnerability from github – Published: 2026-01-27 21:31 – Updated: 2026-01-27 21:31
VLAI
Details

In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-24883"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-27T19:16:16Z",
    "severity": "LOW"
  },
  "details": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig-\u003edata[] set to a NULL value, leading to a denial of service (application crash).",
  "id": "GHSA-7246-cvp4-g68w",
  "modified": "2026-01-27T21:31:49Z",
  "published": "2026-01-27T21:31:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883"
    },
    {
      "type": "WEB",
      "url": "https://dev.gnupg.org/T8049"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2026/01/27/8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7246-M99M-Q4PQ

Vulnerability from github – Published: 2023-12-25 09:30 – Updated: 2024-01-04 00:30
VLAI
Details

OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference, daemon crash, and Captive Portal outage) via a GET request to /opennds_auth/ that lacks a custom query string parameter and client-token.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-38321"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-25T09:15:07Z",
    "severity": "HIGH"
  },
  "details": "OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference, daemon crash, and Captive Portal outage) via a GET request to /opennds_auth/ that lacks a custom query string parameter and client-token.",
  "id": "GHSA-7246-m99m-q4pq",
  "modified": "2024-01-04T00:30:20Z",
  "published": "2023-12-25T09:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38321"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openNDS/openNDS/blob/master/ChangeLog"
    },
    {
      "type": "WEB",
      "url": "https://openwrt.org/docs/guide-user/services/captive-portal/opennds"
    },
    {
      "type": "WEB",
      "url": "https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-726G-XGHF-35VC

Vulnerability from github – Published: 2025-05-02 18:31 – Updated: 2025-11-10 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add()

Port is allocated by sas_port_alloc_num() and rphy is allocated by either sas_end_device_alloc() or sas_expander_alloc(), all of which may return NULL. So we need to check the rphy to avoid possible NULL pointer access.

If sas_rphy_add() returned with failure, rphy is set to NULL. We would access the rphy in the following lines which would also result NULL pointer access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53124"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-02T16:15:31Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add()\n\nPort is allocated by sas_port_alloc_num() and rphy is allocated by either\nsas_end_device_alloc() or sas_expander_alloc(), all of which may return\nNULL. So we need to check the rphy to avoid possible NULL pointer access.\n\nIf sas_rphy_add() returned with failure, rphy is set to NULL. We would\naccess the rphy in the following lines which would also result NULL pointer\naccess.",
  "id": "GHSA-726g-xghf-35vc",
  "modified": "2025-11-10T18:30:29Z",
  "published": "2025-05-02T18:31:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53124"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/090305c36185c0547e4441d4c08f1cf096b32134"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6f0c2f70d9929208d8427ec72c3ed91e2251e289"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9937f784a608944107dcc2ba9a9c3333f8330b9e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a26c775ccc4cfe46f9b718b51bd24313053c7e0b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b5e5bbb3fa5f8412e96c5eda7f4a4af6241d6bd3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d3c57724f1569311e4b81e98fad0931028b9bdcd"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7278-8HVX-PP94

Vulnerability from github – Published: 2023-07-01 00:30 – Updated: 2025-11-03 21:30
VLAI
Details

A null pointer dereference issue was discovered in Libtiff's tif_dir.c file. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcp utility, which triggers runtime error, causing an undefined behavior, resulting in an application crash, eventually leading to a denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-2908"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-30T22:15:10Z",
    "severity": "MODERATE"
  },
  "details": "A null pointer dereference issue was discovered in Libtiff\u0027s tif_dir.c file. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcp utility, which triggers runtime error, causing an undefined behavior, resulting in an application crash, eventually leading to a denial of service.",
  "id": "GHSA-7278-8hvx-pp94",
  "modified": "2025-11-03T21:30:49Z",
  "published": "2023-07-01T00:30:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2908"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2023-2908"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218830"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/479"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00019.html"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230731-0004"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-728G-23P2-MF29

Vulnerability from github – Published: 2024-04-03 18:30 – Updated: 2025-01-27 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: ti: edma: Add some null pointer checks to the edma_probe

devm_kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by checking the pointer validity.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26771"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-03T17:15:52Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: edma: Add some null pointer checks to the edma_probe\n\ndevm_kasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure. Ensure the allocation was successful\nby checking the pointer validity.",
  "id": "GHSA-728g-23p2-mf29",
  "modified": "2025-01-27T15:30:56Z",
  "published": "2024-04-03T18:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26771"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4fe4e5adc7d29d214c59b59f61db73dec505ca3d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6e2276203ac9ff10fc76917ec9813c660f627369"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7b24760f3a3c7ae1a176d343136b6c25174b7b27"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9d508c897153ae8dd79303f7f035f078139f6b49"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c432094aa7c9970f2fa10d2305d550d3810657ce"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f2a5e30d1e9a629de6179fa23923a318d5feb29e"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-72FP-3VM2-65G5

Vulnerability from github – Published: 2022-05-13 00:01 – Updated: 2022-05-21 00:00
VLAI
Details

An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8. The event logging of the ASQ sofbus lacbus plugin triggers the dereferencing of a NULL pointer, leading to a crash of SNS. An attacker could exploit this vulnerability via forged sofbus lacbus traffic to cause a firmware crash.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-30279"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-12T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8. The event logging of the ASQ sofbus lacbus plugin triggers the dereferencing of a NULL pointer, leading to a crash of SNS. An attacker could exploit this vulnerability via forged sofbus lacbus traffic to cause a firmware crash.",
  "id": "GHSA-72fp-3vm2-65g5",
  "modified": "2022-05-21T00:00:36Z",
  "published": "2022-05-13T00:01:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30279"
    },
    {
      "type": "WEB",
      "url": "https://advisories.stormshield.eu/2022-015"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-72P2-5GX4-5XPM

Vulnerability from github – Published: 2022-05-13 01:31 – Updated: 2022-05-13 01:31
VLAI
Details

libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-9132"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-03-30T08:29:00Z",
    "severity": "MODERATE"
  },
  "details": "libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.",
  "id": "GHSA-72p2-5gx4-5xpm",
  "modified": "2022-05-13T01:31:09Z",
  "published": "2022-05-13T01:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9132"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libming/libming/issues/133"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00017.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/47KZ5RYWQMBN5DVDITBVRDNDCSFNBJ3V"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CQNIJH5EQV2D6KEFGY2467ZS4I7TZLXP"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBFCINUX3XXAPPH77OH6NKACBPFBQXXW"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-72V6-VMR5-V9QF

Vulnerability from github – Published: 2024-07-16 12:30 – Updated: 2024-08-21 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

mtd: parsers: qcom: Fix kernel panic on skipped partition

In the event of a skipped partition (case when the entry name is empty) the kernel panics in the cleanup function as the name entry is NULL. Rework the parser logic by first checking the real partition number and then allocate the space and set the data for the valid partitions.

The logic was also fundamentally wrong as with a skipped partition, the parts number returned was incorrect by not decreasing it for the skipped partitions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-48777"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-16T12:15:02Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: parsers: qcom: Fix kernel panic on skipped partition\n\nIn the event of a skipped partition (case when the entry name is empty)\nthe kernel panics in the cleanup function as the name entry is NULL.\nRework the parser logic by first checking the real partition number and\nthen allocate the space and set the data for the valid partitions.\n\nThe logic was also fundamentally wrong as with a skipped partition, the\nparts number returned was incorrect by not decreasing it for the skipped\npartitions.",
  "id": "GHSA-72v6-vmr5-v9qf",
  "modified": "2024-08-21T18:31:26Z",
  "published": "2024-07-16T12:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48777"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/65d003cca335cabc0160d3cd7daa689eaa9dd3cd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a2995fe23095ceda2dc382fbe057f5e164595548"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eb03cb6e03ffd9173e18e5fe87e4e3ce83820453"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-72W4-CWFC-V6HR

Vulnerability from github – Published: 2022-05-13 01:44 – Updated: 2022-05-13 01:44
VLAI
Details

XML parser in Huawei DP300 V500R002C00; RP200 V500R002C00SPC200; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has a DoS vulnerability. Due to not check the specially XML file enough an authenticated local attacker may craft specific XML files to the affected products and parse this file which cause to null pointer accessing and result in DoS attacks.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-17134"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-03-05T19:29:00Z",
    "severity": "MODERATE"
  },
  "details": "XML parser in Huawei DP300 V500R002C00; RP200 V500R002C00SPC200; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has a DoS vulnerability. Due to not check the specially XML file enough an authenticated local attacker may craft specific XML files to the affected products and parse this file which cause to null pointer accessing and result in DoS attacks.",
  "id": "GHSA-72w4-cwfc-v6hr",
  "modified": "2022-05-13T01:44:17Z",
  "published": "2022-05-13T01:44:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17134"
    },
    {
      "type": "WEB",
      "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171206-02-xml-en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.