CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-VJJ6-5M9F-WQJW
Vulnerability from github – Published: 2022-05-25 19:23 – Updated: 2022-05-25 19:23A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. This bug can be leveraged by constructing a message whose payload is nil and sending this message with the method 'forwardToLeader'. This bug has been admitted and fixed by the developers of Fabric. If leveraged, any leader node will crash.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/hyperledger/fabric"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/hyperledger/fabric"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-43667"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": true,
"github_reviewed_at": "2022-05-25T19:23:25Z",
"nvd_published_at": "2021-11-18T16:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. This bug can be leveraged by constructing a message whose payload is nil and sending this message with the method \u0027forwardToLeader\u0027. This bug has been admitted and fixed by the developers of Fabric. If leveraged, any leader node will crash.",
"id": "GHSA-vjj6-5m9f-wqjw",
"modified": "2022-05-25T19:23:25Z",
"published": "2022-05-25T19:23:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43667"
},
{
"type": "WEB",
"url": "https://github.com/hyperledger/fabric/pull/2838/commits/ebf94b10ecc86d3a91619b98befc52277b1e3474"
},
{
"type": "WEB",
"url": "https://github.com/hyperledger/fabric/pull/2844"
},
{
"type": "WEB",
"url": "https://jira.hyperledger.org/browse/FAB-18529"
},
{
"type": "PACKAGE",
"url": "github.com/hyperledger/fabric"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "NULL Pointer Dereference in HyperLedger Fabric"
}
GHSA-VJMQ-62R4-4R8M
Vulnerability from github – Published: 2022-05-14 03:29 – Updated: 2022-05-14 03:29In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400, lack of address argument validation in qsee_get_tz_app_name() may lead to an untrusted pointer dereference.
{
"affected": [],
"aliases": [
"CVE-2016-10489"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-04-18T14:29:00Z",
"severity": "CRITICAL"
},
"details": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400, lack of address argument validation in qsee_get_tz_app_name() may lead to an untrusted pointer dereference.",
"id": "GHSA-vjmq-62r4-4r8m",
"modified": "2022-05-14T03:29:47Z",
"published": "2022-05-14T03:29:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10489"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103671"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VJRG-P598-42CQ
Vulnerability from github – Published: 2022-05-13 01:25 – Updated: 2022-05-13 01:25A NULL pointer dereference was discovered in wasm::Module::getFunctionOrNull in wasm/wasm.cpp in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt.
{
"affected": [],
"aliases": [
"CVE-2019-7151"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-01-29T00:29:00Z",
"severity": "MODERATE"
},
"details": "A NULL pointer dereference was discovered in wasm::Module::getFunctionOrNull in wasm/wasm.cpp in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt.",
"id": "GHSA-vjrg-p598-42cq",
"modified": "2022-05-13T01:25:51Z",
"published": "2022-05-13T01:25:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7151"
},
{
"type": "WEB",
"url": "https://github.com/WebAssembly/binaryen/issues/1881"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VJXH-723C-34MP
Vulnerability from github – Published: 2026-02-11 15:30 – Updated: 2026-02-11 21:30A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
{
"affected": [],
"aliases": [
"CVE-2025-48722"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-11T13:15:52Z",
"severity": "LOW"
},
"details": "A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following version:\nQsync Central 5.0.0.4 ( 2026/01/20 ) and later",
"id": "GHSA-vjxh-723c-34mp",
"modified": "2026-02-11T21:30:38Z",
"published": "2026-02-11T15:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48722"
},
{
"type": "WEB",
"url": "https://www.qnap.com/en/security-advisory/qsa-26-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-VM29-JH4P-X8CP
Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-05-07 15:31In the Linux kernel, the following vulnerability has been resolved:
cxl/region: Fix decoder allocation crash
When an intermediate port's decoders have been exhausted by existing regions, and creating a new region with the port in question in it's hierarchical path is attempted, cxl_port_attach_region() fails to find a port decoder (as would be expected), and drops into the failure / cleanup path.
However, during cleanup of the region reference, a sanity check attempts to dereference the decoder, which in the above case didn't exist. This causes a NULL pointer dereference BUG.
To fix this, refactor the decoder allocation and de-allocation into helper routines, and in this 'free' routine, check that the decoder, @cxld, is valid before attempting any operations on it.
{
"affected": [],
"aliases": [
"CVE-2022-49895"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-01T15:16:14Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/region: Fix decoder allocation crash\n\nWhen an intermediate port\u0027s decoders have been exhausted by existing\nregions, and creating a new region with the port in question in it\u0027s\nhierarchical path is attempted, cxl_port_attach_region() fails to find a\nport decoder (as would be expected), and drops into the failure / cleanup\npath.\n\nHowever, during cleanup of the region reference, a sanity check attempts\nto dereference the decoder, which in the above case didn\u0027t exist. This\ncauses a NULL pointer dereference BUG.\n\nTo fix this, refactor the decoder allocation and de-allocation into\nhelper routines, and in this \u0027free\u0027 routine, check that the decoder,\n@cxld, is valid before attempting any operations on it.",
"id": "GHSA-vm29-jh4p-x8cp",
"modified": "2025-05-07T15:31:26Z",
"published": "2025-05-01T15:31:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49895"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/71ee71d7adcba648077997a29a91158d20c40b09"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c6813b5610ac53af73edd87a660d23a0511faa47"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VM5R-R7Q6-4CWX
Vulnerability from github – Published: 2025-05-02 18:31 – Updated: 2025-11-10 18:30In the Linux kernel, the following vulnerability has been resolved:
net/smc: fix NULL sndbuf_desc in smc_cdc_tx_handler()
When performing a stress test on SMC-R by rmmod mlx5_ib driver during the wrk/nginx test, we found that there is a probability of triggering a panic while terminating all link groups.
This issue dues to the race between smc_smcr_terminate_all() and smc_buf_create().
smc_smcr_terminate_all
smc_buf_create / init / conn->sndbuf_desc = NULL; ...
__smc_lgr_terminate
smc_conn_kill
smc_close_abort
smc_cdc_get_slot_and_msg_send
__softirqentry_text_start
smc_wr_tx_process_cqe
smc_cdc_tx_handler
READ(conn->sndbuf_desc->len);
/* panic dues to NULL sndbuf_desc */
conn->sndbuf_desc = xxx;
This patch tries to fix the issue by always to check the sndbuf_desc before send any cdc msg, to make sure that no null pointer is seen during cqe processing.
{
"affected": [],
"aliases": [
"CVE-2023-53110"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-02T16:15:29Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix NULL sndbuf_desc in smc_cdc_tx_handler()\n\nWhen performing a stress test on SMC-R by rmmod mlx5_ib driver\nduring the wrk/nginx test, we found that there is a probability\nof triggering a panic while terminating all link groups.\n\nThis issue dues to the race between smc_smcr_terminate_all()\nand smc_buf_create().\n\n\t\t\tsmc_smcr_terminate_all\n\nsmc_buf_create\n/* init */\nconn-\u003esndbuf_desc = NULL;\n...\n\n\t\t\t__smc_lgr_terminate\n\t\t\t\tsmc_conn_kill\n\t\t\t\t\tsmc_close_abort\n\t\t\t\t\t\tsmc_cdc_get_slot_and_msg_send\n\n\t\t\t__softirqentry_text_start\n\t\t\t\tsmc_wr_tx_process_cqe\n\t\t\t\t\tsmc_cdc_tx_handler\n\t\t\t\t\t\tREAD(conn-\u003esndbuf_desc-\u003elen);\n\t\t\t\t\t\t/* panic dues to NULL sndbuf_desc */\n\nconn-\u003esndbuf_desc = xxx;\n\nThis patch tries to fix the issue by always to check the sndbuf_desc\nbefore send any cdc msg, to make sure that no null pointer is\nseen during cqe processing.",
"id": "GHSA-vm5r-r7q6-4cwx",
"modified": "2025-11-10T18:30:29Z",
"published": "2025-05-02T18:31:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53110"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/22a825c541d775c1dbe7b2402786025acad6727b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/31817c530768b0199771ec6019571b4f0ddbf230"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3c270435db8aa34929263dddae8fd050f5216ecb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3ebac7cf0a184a8102821a7a00203f02bebda83c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b108bd9e6be000492ebebe867daa699285978a10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VM7H-X472-77PQ
Vulnerability from github – Published: 2025-11-24 15:30 – Updated: 2025-11-24 15:30NULL pointer dereference in get_san_or_cn_from_cert() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted X.509 certificate that causes sk_GENERAL_NAME_value() to return NULL.
{
"affected": [],
"aliases": [
"CVE-2025-65494"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-24T14:15:46Z",
"severity": "HIGH"
},
"details": "NULL pointer dereference in get_san_or_cn_from_cert() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted X.509 certificate that causes sk_GENERAL_NAME_value() to return NULL.",
"id": "GHSA-vm7h-x472-77pq",
"modified": "2025-11-24T15:30:28Z",
"published": "2025-11-24T15:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65494"
},
{
"type": "WEB",
"url": "https://github.com/obgm/libcoap/issues/1745"
},
{
"type": "WEB",
"url": "https://github.com/obgm/libcoap/pull/1750"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VM87-VMVC-9C38
Vulnerability from github – Published: 2026-03-25 12:30 – Updated: 2026-07-14 15:31In the Linux kernel, the following vulnerability has been resolved:
net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled
When booting with the 'ipv6.disable=1' parameter, the nd_tbl is never initialized because inet6_init() exits before ndisc_init() is called which initializes it. Then, if neigh_suppress is enabled and an ICMPv6 Neighbor Discovery packet reaches the bridge, br_do_suppress_nd() will dereference ipv6_stub->nd_tbl which is NULL, passing it to neigh_lookup(). This causes a kernel NULL pointer dereference.
BUG: kernel NULL pointer dereference, address: 0000000000000268 Oops: 0000 [#1] PREEMPT SMP NOPTI [...] RIP: 0010:neigh_lookup+0x16/0xe0 [...] Call Trace: ? neigh_lookup+0x16/0xe0 br_do_suppress_nd+0x160/0x290 [bridge] br_handle_frame_finish+0x500/0x620 [bridge] br_handle_frame+0x353/0x440 [bridge] __netif_receive_skb_core.constprop.0+0x298/0x1110 __netif_receive_skb_one_core+0x3d/0xa0 process_backlog+0xa0/0x140 __napi_poll+0x2c/0x170 net_rx_action+0x2c4/0x3a0 handle_softirqs+0xd0/0x270 do_softirq+0x3f/0x60
Fix this by replacing IS_ENABLED(IPV6) call with ipv6_mod_enabled() in the callers. This is in essence disabling NS/NA suppression when IPv6 is disabled.
{
"affected": [],
"aliases": [
"CVE-2026-23381"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-25T11:16:38Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: fix nd_tbl NULL dereference when IPv6 is disabled\n\nWhen booting with the \u0027ipv6.disable=1\u0027 parameter, the nd_tbl is never\ninitialized because inet6_init() exits before ndisc_init() is called\nwhich initializes it. Then, if neigh_suppress is enabled and an ICMPv6\nNeighbor Discovery packet reaches the bridge, br_do_suppress_nd() will\ndereference ipv6_stub-\u003end_tbl which is NULL, passing it to\nneigh_lookup(). This causes a kernel NULL pointer dereference.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000268\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n [...]\n RIP: 0010:neigh_lookup+0x16/0xe0\n [...]\n Call Trace:\n \u003cIRQ\u003e\n ? neigh_lookup+0x16/0xe0\n br_do_suppress_nd+0x160/0x290 [bridge]\n br_handle_frame_finish+0x500/0x620 [bridge]\n br_handle_frame+0x353/0x440 [bridge]\n __netif_receive_skb_core.constprop.0+0x298/0x1110\n __netif_receive_skb_one_core+0x3d/0xa0\n process_backlog+0xa0/0x140\n __napi_poll+0x2c/0x170\n net_rx_action+0x2c4/0x3a0\n handle_softirqs+0xd0/0x270\n do_softirq+0x3f/0x60\n\nFix this by replacing IS_ENABLED(IPV6) call with ipv6_mod_enabled() in\nthe callers. This is in essence disabling NS/NA suppression when IPv6 is\ndisabled.",
"id": "GHSA-vm87-vmvc-9c38",
"modified": "2026-07-14T15:31:43Z",
"published": "2026-03-25T12:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23381"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/20ef5c25422f97dd09d751e5ae6c18406cdc78e6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/33dec6f10777d5a8f71c0a200f690da5ae3c2e55"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7a894eb5de246d79f13105c55a67381039a24d44"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a12cdaa3375f0bd3c8f4e564be7c143529abfe5b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a5c56e65b685360dd3f2278aeff8c21061feb665"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a9d712ccfeef737c0e700a4b5b98f310e07b6b60"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/aa73deb3b6b730ec280d45b3f423bfa9e17bc122"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e5e890630533bdc15b26a34bb8e7ef539bdf1322"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VM8W-J6FW-JC7R
Vulnerability from github – Published: 2026-06-09 18:30 – Updated: 2026-06-10 09:31Issue summary: When a partial-chain certificate verification is enabled together with OCSP response checking for the whole chain, a NULL dereference will happen if the verified chain does not have a self-signed trusted anchor, crashing the process.
Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application.
When performing OCSP response checking for certificates in the verification chain, the code always tries to access the next certificate as the issuer. There is a check for a self-signed certificate. However with the partial chain verification enabled when the chain does not have a self-signed trusted anchor, the issuer will be NULL for the last certificate in the chain. A NULL pointer dereference then happens.
This issue affects only applications which enable both OCSP verification of the certificate chain (X509_V_FLAG_OCSP_RESP_CHECK_ALL) and partial chain verification (X509_V_FLAG_PARTIAL_CHAIN) in the certificate verification. Both flags are disabled by default. For that reason, we have assigned Low severity to the issue.
No FIPS modules are affected by this issue as the affected code is outside the OpenSSL FIPS module boundary.
{
"affected": [],
"aliases": [
"CVE-2026-42765"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-09T17:17:07Z",
"severity": "HIGH"
},
"details": "Issue summary: When a partial-chain certificate verification is enabled\ntogether with OCSP response checking for the whole chain, a NULL dereference\nwill happen if the verified chain does not have a self-signed trusted anchor,\ncrashing the process.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to a\nDenial of Service for an application.\n\nWhen performing OCSP response checking for certificates in the verification\nchain, the code always tries to access the next certificate as the issuer.\nThere is a check for a self-signed certificate. However with the partial\nchain verification enabled when the chain does not have a self-signed trusted\nanchor, the issuer will be NULL for the last certificate in the chain. A NULL\npointer dereference then happens.\n\nThis issue affects only applications which enable both OCSP verification\nof the certificate chain (X509_V_FLAG_OCSP_RESP_CHECK_ALL) and partial\nchain verification (X509_V_FLAG_PARTIAL_CHAIN) in the certificate\nverification. Both flags are disabled by default. For that reason, we have\nassigned Low severity to the issue.\n\nNo FIPS modules are affected by this issue as the affected code is outside\nthe OpenSSL FIPS module boundary.",
"id": "GHSA-vm8w-j6fw-jc7r",
"modified": "2026-06-10T09:31:56Z",
"published": "2026-06-09T18:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42765"
},
{
"type": "WEB",
"url": "https://github.com/openssl/openssl/commit/14340b7fa1d444615486bc137014b064e64ec334"
},
{
"type": "WEB",
"url": "https://github.com/openssl/openssl/commit/eb345da18ce2216b2f3ade9c2bc23e068487fa97"
},
{
"type": "WEB",
"url": "https://github.com/openssl/security/commit/14340b7fa1d444615486bc137014b064e64ec334"
},
{
"type": "WEB",
"url": "https://github.com/openssl/security/commit/eb345da18ce2216b2f3ade9c2bc23e068487fa97"
},
{
"type": "WEB",
"url": "https://openssl-library.org/news/secadv/20260609.txt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VM9P-H4V4-CFQ7
Vulnerability from github – Published: 2022-05-13 01:04 – Updated: 2022-05-13 01:04VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.4) contain a NULL pointer dereference vulnerability. This issue occurs when handling guest RPC requests. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.
{
"affected": [],
"aliases": [
"CVE-2017-4925"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-09-15T13:29:00Z",
"severity": "MODERATE"
},
"details": "VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.4) contain a NULL pointer dereference vulnerability. This issue occurs when handling guest RPC requests. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.",
"id": "GHSA-vm9p-h4v4-cfq7",
"modified": "2022-05-13T01:04:01Z",
"published": "2022-05-13T01:04:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-4925"
},
{
"type": "WEB",
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0015.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/100842"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039367"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039368"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.