CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-7HPX-3FCF-FXR2
Vulnerability from github – Published: 2024-12-27 15:31 – Updated: 2025-01-06 18:31In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Fix qi_batch NULL pointer with nested parent domain
The qi_batch is allocated when assigning cache tag for a domain. While for nested parent domain, it is missed. Hence, when trying to map pages to the nested parent, NULL dereference occurred. Also, there is potential memleak since there is no lock around domain->qi_batch allocation.
To solve it, add a helper for qi_batch allocation, and call it in both the __cache_tag_assign_domain() and __cache_tag_assign_parent_domain().
BUG: kernel NULL pointer dereference, address: 0000000000000200 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 8104795067 P4D 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 223 UID: 0 PID: 4357 Comm: qemu-system-x86 Not tainted 6.13.0-rc1-00028-g4b50c3c3b998-dirty #2632 Call Trace: ? __die+0x24/0x70 ? page_fault_oops+0x80/0x150 ? do_user_addr_fault+0x63/0x7b0 ? exc_page_fault+0x7c/0x220 ? asm_exc_page_fault+0x26/0x30 ? cache_tag_flush_range_np+0x13c/0x260 intel_iommu_iotlb_sync_map+0x1a/0x30 iommu_map+0x61/0xf0 batch_to_domain+0x188/0x250 iopt_area_fill_domains+0x125/0x320 ? rcu_is_watching+0x11/0x50 iopt_map_pages+0x63/0x100 iopt_map_common.isra.0+0xa7/0x190 iopt_map_user_pages+0x6a/0x80 iommufd_ioas_map+0xcd/0x1d0 iommufd_fops_ioctl+0x118/0x1c0 __x64_sys_ioctl+0x93/0xc0 do_syscall_64+0x71/0x140 entry_SYSCALL_64_after_hwframe+0x76/0x7e
{
"affected": [],
"aliases": [
"CVE-2024-56668"
],
"database_specific": {
"cwe_ids": [
"CWE-401",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T15:15:26Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix qi_batch NULL pointer with nested parent domain\n\nThe qi_batch is allocated when assigning cache tag for a domain. While\nfor nested parent domain, it is missed. Hence, when trying to map pages\nto the nested parent, NULL dereference occurred. Also, there is potential\nmemleak since there is no lock around domain-\u003eqi_batch allocation.\n\nTo solve it, add a helper for qi_batch allocation, and call it in both\nthe __cache_tag_assign_domain() and __cache_tag_assign_parent_domain().\n\n BUG: kernel NULL pointer dereference, address: 0000000000000200\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 8104795067 P4D 0\n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 223 UID: 0 PID: 4357 Comm: qemu-system-x86 Not tainted 6.13.0-rc1-00028-g4b50c3c3b998-dirty #2632\n Call Trace:\n ? __die+0x24/0x70\n ? page_fault_oops+0x80/0x150\n ? do_user_addr_fault+0x63/0x7b0\n ? exc_page_fault+0x7c/0x220\n ? asm_exc_page_fault+0x26/0x30\n ? cache_tag_flush_range_np+0x13c/0x260\n intel_iommu_iotlb_sync_map+0x1a/0x30\n iommu_map+0x61/0xf0\n batch_to_domain+0x188/0x250\n iopt_area_fill_domains+0x125/0x320\n ? rcu_is_watching+0x11/0x50\n iopt_map_pages+0x63/0x100\n iopt_map_common.isra.0+0xa7/0x190\n iopt_map_user_pages+0x6a/0x80\n iommufd_ioas_map+0xcd/0x1d0\n iommufd_fops_ioctl+0x118/0x1c0\n __x64_sys_ioctl+0x93/0xc0\n do_syscall_64+0x71/0x140\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"id": "GHSA-7hpx-3fcf-fxr2",
"modified": "2025-01-06T18:31:00Z",
"published": "2024-12-27T15:31:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56668"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/74536f91962d5f6af0a42414773ce61e653c10ee"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ffd774c34774fd4cc0e9cf2976595623a6c3a077"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7HQ3-JM39-M789
Vulnerability from github – Published: 2022-05-14 01:57 – Updated: 2022-05-14 01:57An issue was discovered in WAVM before 2018-09-16. The run function in Programs/wavm/wavm.cpp does not check whether there is Emscripten memory to store the command-line arguments passed by the input WebAssembly file's main function, which allows attackers to cause a denial of service (application crash by NULL pointer dereference) or possibly have unspecified other impact by crafting certain WebAssembly files.
{
"affected": [],
"aliases": [
"CVE-2018-17293"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-21T07:29:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in WAVM before 2018-09-16. The run function in Programs/wavm/wavm.cpp does not check whether there is Emscripten memory to store the command-line arguments passed by the input WebAssembly file\u0027s main function, which allows attackers to cause a denial of service (application crash by NULL pointer dereference) or possibly have unspecified other impact by crafting certain WebAssembly files.",
"id": "GHSA-7hq3-jm39-m789",
"modified": "2022-05-14T01:57:31Z",
"published": "2022-05-14T01:57:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17293"
},
{
"type": "WEB",
"url": "https://github.com/WAVM/WAVM/issues/110#issuecomment-421764693"
},
{
"type": "WEB",
"url": "https://github.com/WAVM/WAVM/commit/31d670b6489e6d708c3b04b911cdf14ac43d846d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7HW6-WGQH-2G44
Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-14 18:31In the Linux kernel, the following vulnerability has been resolved:
xhci: Fix null pointer dereference in remove if xHC has only one roothub
The remove path in xhci platform driver tries to remove and put both main and shared hcds even if only a main hcd exists (one roothub)
This causes a null pointer dereference in reboot for those controllers.
Check that the shared_hcd exists before trying to remove it.
{
"affected": [],
"aliases": [
"CVE-2022-49962"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-18T11:15:23Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: Fix null pointer dereference in remove if xHC has only one roothub\n\nThe remove path in xhci platform driver tries to remove and put both main\nand shared hcds even if only a main hcd exists (one roothub)\n\nThis causes a null pointer dereference in reboot for those controllers.\n\nCheck that the shared_hcd exists before trying to remove it.",
"id": "GHSA-7hw6-wgqh-2g44",
"modified": "2025-11-14T18:31:23Z",
"published": "2025-06-18T12:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49962"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4a593a62a9e3a25ab4bc37f612e4edec144f7f43"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7081b2f34ff291ada012bd6abacaf7d51c4cf73f"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7HXH-JJXH-RG67
Vulnerability from github – Published: 2022-05-13 01:14 – Updated: 2022-05-13 01:14The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed JavaScript source code, related to the jmem_heap_free_block function.
{
"affected": [],
"aliases": [
"CVE-2017-9250"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-05-28T20:29:00Z",
"severity": "HIGH"
},
"details": "The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed JavaScript source code, related to the jmem_heap_free_block function.",
"id": "GHSA-7hxh-jjxh-rg67",
"modified": "2022-05-13T01:14:02Z",
"published": "2022-05-13T01:14:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9250"
},
{
"type": "WEB",
"url": "https://github.com/jerryscript-project/jerryscript/issues/1821"
},
{
"type": "WEB",
"url": "https://github.com/jerryscript-project/jerryscript/commit/e58f2880df608652aff7fd35c45b242467ec0e79"
},
{
"type": "WEB",
"url": "https://github.com/zherczeg/jerryscript/commit/03a8c630f015f63268639d3ed3bf82cff6fa77d8"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038413"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7J3M-8G3C-9QQQ
Vulnerability from github – Published: 2022-09-16 21:20 – Updated: 2022-09-19 19:03Impact
When mlir::tfg::TFOp::nameAttr receives null type list attributes, it crashes.
StatusOr<unsigned> GraphDefImporter::ArgNumType(const NamedAttrList &attrs,
const OpDef::ArgDef &arg_def,
SmallVectorImpl<Type> &types) {
// Check whether a type list attribute is specified.
if (!arg_def.type_list_attr().empty()) {
if (auto v = attrs.get(arg_def.type_list_attr()).dyn_cast<ArrayAttr>()) {
for (Attribute attr : v) {
if (auto dtype = attr.dyn_cast<TypeAttr>()) {
types.push_back(UnrankedTensorType::get(dtype.getValue()));
} else {
return InvalidArgument("Expected '", arg_def.type_list_attr(),
"' to be a list of types");
}
}
return v.size();
}
return NotFound("Type attr not found: ", arg_def.type_list_attr());
}
unsigned num = 1;
// Check whether a number attribute is specified.
if (!arg_def.number_attr().empty()) {
if (auto v = attrs.get(arg_def.number_attr()).dyn_cast<IntegerAttr>()) {
num = v.getValue().getZExtValue();
} else {
return NotFound("Type attr not found: ", arg_def.number_attr());
}
}
// Check for a type or type attribute.
Type dtype;
if (arg_def.type() != DataType::DT_INVALID) {
TF_RETURN_IF_ERROR(ConvertDataType(arg_def.type(), b_, &dtype));
} else if (arg_def.type_attr().empty()) {
return InvalidArgument("Arg '", arg_def.name(),
"' has invalid type and no type attribute");
} else {
if (auto v = attrs.get(arg_def.type_attr()).dyn_cast<TypeAttr>()) {
dtype = v.getValue();
} else {
return NotFound("Type attr not found: ", arg_def.type_attr());
}
}
types.append(num, UnrankedTensorType::get(dtype));
return num;
}
Patches
We have patched the issue in GitHub commits 3a754740d5414e362512ee981eefba41561a63a6 and a0f0b9a21c9270930457095092f558fbad4c03e5.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-36014"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": true,
"github_reviewed_at": "2022-09-16T21:20:58Z",
"nvd_published_at": "2022-09-16T23:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nWhen [`mlir::tfg::TFOp::nameAttr`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/graphdef_import.cc) receives null type list attributes, it crashes.\n```cpp\n\nStatusOr\u003cunsigned\u003e GraphDefImporter::ArgNumType(const NamedAttrList \u0026attrs,\n const OpDef::ArgDef \u0026arg_def,\n SmallVectorImpl\u003cType\u003e \u0026types) {\n // Check whether a type list attribute is specified.\n if (!arg_def.type_list_attr().empty()) {\n if (auto v = attrs.get(arg_def.type_list_attr()).dyn_cast\u003cArrayAttr\u003e()) {\n for (Attribute attr : v) {\n if (auto dtype = attr.dyn_cast\u003cTypeAttr\u003e()) {\n types.push_back(UnrankedTensorType::get(dtype.getValue()));\n } else {\n return InvalidArgument(\"Expected \u0027\", arg_def.type_list_attr(),\n \"\u0027 to be a list of types\");\n }\n }\n return v.size();\n }\n return NotFound(\"Type attr not found: \", arg_def.type_list_attr());\n }\n\n unsigned num = 1;\n // Check whether a number attribute is specified.\n if (!arg_def.number_attr().empty()) {\n if (auto v = attrs.get(arg_def.number_attr()).dyn_cast\u003cIntegerAttr\u003e()) {\n num = v.getValue().getZExtValue();\n } else {\n return NotFound(\"Type attr not found: \", arg_def.number_attr());\n }\n }\n\n // Check for a type or type attribute.\n Type dtype;\n if (arg_def.type() != DataType::DT_INVALID) {\n TF_RETURN_IF_ERROR(ConvertDataType(arg_def.type(), b_, \u0026dtype));\n } else if (arg_def.type_attr().empty()) {\n return InvalidArgument(\"Arg \u0027\", arg_def.name(),\n \"\u0027 has invalid type and no type attribute\");\n } else {\n if (auto v = attrs.get(arg_def.type_attr()).dyn_cast\u003cTypeAttr\u003e()) {\n dtype = v.getValue();\n } else {\n return NotFound(\"Type attr not found: \", arg_def.type_attr());\n }\n }\n types.append(num, UnrankedTensorType::get(dtype));\n return num;\n}\n```\n\n\n### Patches\nWe have patched the issue in GitHub commits [3a754740d5414e362512ee981eefba41561a63a6](https://github.com/tensorflow/tensorflow/commit/3a754740d5414e362512ee981eefba41561a63a6) and [a0f0b9a21c9270930457095092f558fbad4c03e5](https://github.com/tensorflow/tensorflow/commit/a0f0b9a21c9270930457095092f558fbad4c03e5).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n",
"id": "GHSA-7j3m-8g3c-9qqq",
"modified": "2022-09-19T19:03:26Z",
"published": "2022-09-16T21:20:58Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7j3m-8g3c-9qqq"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36014"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/3a754740d5414e362512ee981eefba41561a63a6"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/a0f0b9a21c9270930457095092f558fbad4c03e5"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/graphdef_import.cc"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "TensorFlow vulnerable to null-dereference in `mlir::tfg::TFOp::nameAttr`"
}
GHSA-7J4G-J46P-8VPH
Vulnerability from github – Published: 2022-05-24 16:58 – Updated: 2024-04-04 02:20Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListWriter::Action in Core/Ap4Descriptor.h, related to AP4_IodsAtom::WriteFields in Core/Ap4IodsAtom.cpp, as demonstrated by mp4encrypt or mp4compact.
{
"affected": [],
"aliases": [
"CVE-2019-17453"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-10T17:15:00Z",
"severity": "MODERATE"
},
"details": "Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListWriter::Action in Core/Ap4Descriptor.h, related to AP4_IodsAtom::WriteFields in Core/Ap4IodsAtom.cpp, as demonstrated by mp4encrypt or mp4compact.",
"id": "GHSA-7j4g-j46p-8vph",
"modified": "2024-04-04T02:20:37Z",
"published": "2022-05-24T16:58:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17453"
},
{
"type": "WEB",
"url": "https://github.com/axiomatic-systems/Bento4/issues/436"
},
{
"type": "WEB",
"url": "https://github.com/axiomatic-systems/Bento4/issues/437"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7J4Q-97PW-5P6R
Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-05-24 19:15An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function callcode() located in code.c. It allows an attacker to cause Denial of Service.
{
"affected": [],
"aliases": [
"CVE-2021-39598"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-20T16:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function callcode() located in code.c. It allows an attacker to cause Denial of Service.",
"id": "GHSA-7j4q-97pw-5p6r",
"modified": "2022-05-24T19:15:04Z",
"published": "2022-05-24T19:15:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39598"
},
{
"type": "WEB",
"url": "https://github.com/matthiaskramm/swftools/issues/145"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-7J73-F8PW-V3WQ
Vulnerability from github – Published: 2022-05-17 03:21 – Updated: 2025-04-12 13:06An error within the "tar_directory_for_file()" function (gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file.
{
"affected": [],
"aliases": [
"CVE-2016-9888"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-12-08T08:59:00Z",
"severity": "MODERATE"
},
"details": "An error within the \"tar_directory_for_file()\" function (gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file.",
"id": "GHSA-7j73-f8pw-v3wq",
"modified": "2025-04-12T13:06:58Z",
"published": "2022-05-17T03:21:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9888"
},
{
"type": "WEB",
"url": "https://github.com/GNOME/libgsf/commit/95a8351a75758cf10b3bf6abae0b6b461f90d9e5"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00016.html"
},
{
"type": "WEB",
"url": "https://secunia.com/advisories/71201"
},
{
"type": "WEB",
"url": "https://secunia.com/secunia_research/2016-17"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/94860"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7J74-RQ7M-GR5M
Vulnerability from github – Published: 2024-02-29 03:33 – Updated: 2024-10-28 03:30The PKCS#7 parser in OpenVPN 3 Core Library versions through 3.8.3 did not properly validate the parsed data, which would result in the application crashing.
{
"affected": [],
"aliases": [
"CVE-2023-6247"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-29T01:42:34Z",
"severity": "MODERATE"
},
"details": "The PKCS#7 parser in OpenVPN 3 Core Library versions through 3.8.3 did not properly validate the parsed data, which would result in the application crashing.",
"id": "GHSA-7j74-rq7m-gr5m",
"modified": "2024-10-28T03:30:39Z",
"published": "2024-02-29T03:33:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6247"
},
{
"type": "WEB",
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2023-6247"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7JF9-HRFM-FHPJ
Vulnerability from github – Published: 2022-05-13 01:24 – Updated: 2022-05-13 01:24A certain Red Hat patch to the sctp_sock_migrate function in net/sctp/socket.c in the Linux kernel before 2.6.21, as used in Red Hat Enterprise Linux (RHEL) 5, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted SCTP packet.
{
"affected": [],
"aliases": [
"CVE-2011-2482"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2013-06-08T13:05:00Z",
"severity": "HIGH"
},
"details": "A certain Red Hat patch to the sctp_sock_migrate function in net/sctp/socket.c in the Linux kernel before 2.6.21, as used in Red Hat Enterprise Linux (RHEL) 5, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted SCTP packet.",
"id": "GHSA-7jf9-hrfm-fhpj",
"modified": "2022-05-13T01:24:56Z",
"published": "2022-05-13T01:24:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2482"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/ea2bc483ff5caada7c4aa0d5fbf87d3a6590273d"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2011:1212"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2011:1813"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2011-2482"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=714867"
},
{
"type": "WEB",
"url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ea2bc483ff5caada7c4aa0d5fbf87d3a6590273d"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ea2bc483ff5caada7c4aa0d5fbf87d3a6590273d"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2011-1212.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2011/08/30/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.