Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-VWJ2-9G8C-X8HM

Vulnerability from github – Published: 2021-12-21 00:00 – Updated: 2021-12-22 00:01
VLAI
Details

Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-43750"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-20T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-vwj2-9g8c-x8hm",
  "modified": "2021-12-22T00:01:28Z",
  "published": "2021-12-21T00:00:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43750"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/premiere_rush/apsb21-101.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-VWM2-MQFJ-R5V5

Vulnerability from github – Published: 2025-03-12 12:30 – Updated: 2025-03-13 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

sockmap, vsock: For connectible sockets allow only connected

sockmap expects all vsocks to have a transport assigned, which is expressed in vsock_proto::psock_update_sk_prot(). However, there is an edge case where an unconnected (connectible) socket may lose its previously assigned transport. This is handled with a NULL check in the vsock/BPF recv path.

Another design detail is that listening vsocks are not supposed to have any transport assigned at all. Which implies they are not supported by the sockmap. But this is complicated by the fact that a socket, before switching to TCP_LISTEN, may have had some transport assigned during a failed connect() attempt. Hence, we may end up with a listening vsock in a sockmap, which blows up quickly:

KASAN: null-ptr-deref in range [0x0000000000000120-0x0000000000000127] CPU: 7 UID: 0 PID: 56 Comm: kworker/7:0 Not tainted 6.14.0-rc1+ Workqueue: vsock-loopback vsock_loopback_work RIP: 0010:vsock_read_skb+0x4b/0x90 Call Trace: sk_psock_verdict_data_ready+0xa4/0x2e0 virtio_transport_recv_pkt+0x1ca8/0x2acc vsock_loopback_work+0x27d/0x3f0 process_one_work+0x846/0x1420 worker_thread+0x5b3/0xf80 kthread+0x35a/0x700 ret_from_fork+0x2d/0x70 ret_from_fork_asm+0x1a/0x30

For connectible sockets, instead of relying solely on the state of vsk->transport, tell sockmap to only allow those representing established connections. This aligns with the behaviour for AF_INET and AF_UNIX.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21854"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-12T10:15:18Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsockmap, vsock: For connectible sockets allow only connected\n\nsockmap expects all vsocks to have a transport assigned, which is expressed\nin vsock_proto::psock_update_sk_prot(). However, there is an edge case\nwhere an unconnected (connectible) socket may lose its previously assigned\ntransport. This is handled with a NULL check in the vsock/BPF recv path.\n\nAnother design detail is that listening vsocks are not supposed to have any\ntransport assigned at all. Which implies they are not supported by the\nsockmap. But this is complicated by the fact that a socket, before\nswitching to TCP_LISTEN, may have had some transport assigned during a\nfailed connect() attempt. Hence, we may end up with a listening vsock in a\nsockmap, which blows up quickly:\n\nKASAN: null-ptr-deref in range [0x0000000000000120-0x0000000000000127]\nCPU: 7 UID: 0 PID: 56 Comm: kworker/7:0 Not tainted 6.14.0-rc1+\nWorkqueue: vsock-loopback vsock_loopback_work\nRIP: 0010:vsock_read_skb+0x4b/0x90\nCall Trace:\n sk_psock_verdict_data_ready+0xa4/0x2e0\n virtio_transport_recv_pkt+0x1ca8/0x2acc\n vsock_loopback_work+0x27d/0x3f0\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x35a/0x700\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n\nFor connectible sockets, instead of relying solely on the state of\nvsk-\u003etransport, tell sockmap to only allow those representing established\nconnections. This aligns with the behaviour for AF_INET and AF_UNIX.",
  "id": "GHSA-vwm2-mqfj-r5v5",
  "modified": "2025-03-13T21:31:18Z",
  "published": "2025-03-12T12:30:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21854"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/22b683217ad2112791a708693cb236507abd637a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8fb5bb169d17cdd12c2dcc2e96830ed487d77a0f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cc9a7832ede53ade1ba9991f0e27314caa4029d8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f7b473e35986835cc2813fef7b9d40336a09247e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VWW8-W2QW-QHFG

Vulnerability from github – Published: 2024-12-27 15:31 – Updated: 2025-01-08 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

mm/gup: handle NULL pages in unpin_user_pages()

The recent addition of "pofs" (pages or folios) handling to gup has a flaw: it assumes that unpin_user_pages() handles NULL pages in the pages** array. That's not the case, as I discovered when I ran on a new configuration on my test machine.

Fix this by skipping NULL pages in unpin_user_pages(), just like unpin_folios() already does.

Details: when booting on x86 with "numa=fake=2 movablecore=4G" on Linux 6.12, and running this:

tools/testing/selftests/mm/gup_longterm

...I get the following crash:

BUG: kernel NULL pointer dereference, address: 0000000000000008 RIP: 0010:sanity_check_pinned_pages+0x3a/0x2d0 ... Call Trace: ? __die_body+0x66/0xb0 ? page_fault_oops+0x30c/0x3b0 ? do_user_addr_fault+0x6c3/0x720 ? irqentry_enter+0x34/0x60 ? exc_page_fault+0x68/0x100 ? asm_exc_page_fault+0x22/0x30 ? sanity_check_pinned_pages+0x3a/0x2d0 unpin_user_pages+0x24/0xe0 check_and_migrate_movable_pages_or_folios+0x455/0x4b0 __gup_longterm_locked+0x3bf/0x820 ? mmap_read_lock_killable+0x12/0x50 ? __pfx_mmap_read_lock_killable+0x10/0x10 pin_user_pages+0x66/0xa0 gup_test_ioctl+0x358/0xb20 __se_sys_ioctl+0x6b/0xc0 do_syscall_64+0x7b/0x150 entry_SYSCALL_64_after_hwframe+0x76/0x7e

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-56612"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-27T15:15:20Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/gup: handle NULL pages in unpin_user_pages()\n\nThe recent addition of \"pofs\" (pages or folios) handling to gup has a\nflaw: it assumes that unpin_user_pages() handles NULL pages in the pages**\narray.  That\u0027s not the case, as I discovered when I ran on a new\nconfiguration on my test machine.\n\nFix this by skipping NULL pages in unpin_user_pages(), just like\nunpin_folios() already does.\n\nDetails: when booting on x86 with \"numa=fake=2 movablecore=4G\" on Linux\n6.12, and running this:\n\n    tools/testing/selftests/mm/gup_longterm\n\n...I get the following crash:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000008\nRIP: 0010:sanity_check_pinned_pages+0x3a/0x2d0\n...\nCall Trace:\n \u003cTASK\u003e\n ? __die_body+0x66/0xb0\n ? page_fault_oops+0x30c/0x3b0\n ? do_user_addr_fault+0x6c3/0x720\n ? irqentry_enter+0x34/0x60\n ? exc_page_fault+0x68/0x100\n ? asm_exc_page_fault+0x22/0x30\n ? sanity_check_pinned_pages+0x3a/0x2d0\n unpin_user_pages+0x24/0xe0\n check_and_migrate_movable_pages_or_folios+0x455/0x4b0\n __gup_longterm_locked+0x3bf/0x820\n ? mmap_read_lock_killable+0x12/0x50\n ? __pfx_mmap_read_lock_killable+0x10/0x10\n pin_user_pages+0x66/0xa0\n gup_test_ioctl+0x358/0xb20\n __se_sys_ioctl+0x6b/0xc0\n do_syscall_64+0x7b/0x150\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
  "id": "GHSA-vww8-w2qw-qhfg",
  "modified": "2025-01-08T18:30:47Z",
  "published": "2024-12-27T15:31:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56612"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/69d319450d1c651f3b05cd820ff285fdd810c032"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a1268be280d8e484ab3606d7476edd0f14bb9961"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VWWQ-37X8-2QRX

Vulnerability from github – Published: 2025-09-25 18:30 – Updated: 2025-09-25 18:30
VLAI
Details

glib-networking's OpenSSL backend fails to properly check the return value of memory allocation routines. An out of memory condition could potentially result in writing to an invalid memory location.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-60019"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-25T16:15:36Z",
    "severity": "LOW"
  },
  "details": "glib-networking\u0027s OpenSSL backend fails to properly check the return value of memory allocation routines. An out of memory condition could potentially result in writing to an invalid memory location.",
  "id": "GHSA-vwwq-37x8-2qrx",
  "modified": "2025-09-25T18:30:34Z",
  "published": "2025-09-25T18:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60019"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2025-60019"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2398140"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.gnome.org/GNOME/glib-networking/-/issues/227"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VX2J-FJCJ-HV44

Vulnerability from github – Published: 2025-08-22 18:31 – Updated: 2025-11-26 00:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

Revert "drm/gem-dma: Use dma_buf from GEM object instance"

This reverts commit e8afa1557f4f963c9a511bd2c6074a941c308685.

The dma_buf field in struct drm_gem_object is not stable over the object instance's lifetime. The field becomes NULL when user space releases the final GEM handle on the buffer object. This resulted in a NULL-pointer deref.

Workarounds in commit 5307dce878d4 ("drm/gem: Acquire references on GEM handles for framebuffers") and commit f6bfc9afc751 ("drm/framebuffer: Acquire internal references on GEM handles") only solved the problem partially. They especially don't work for buffer objects without a DRM framebuffer associated.

Hence, this revert to going back to using .import_attach->dmabuf.

v3: - cc stable

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38672"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-22T16:15:42Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"drm/gem-dma: Use dma_buf from GEM object instance\"\n\nThis reverts commit e8afa1557f4f963c9a511bd2c6074a941c308685.\n\nThe dma_buf field in struct drm_gem_object is not stable over the\nobject instance\u0027s lifetime. The field becomes NULL when user space\nreleases the final GEM handle on the buffer object. This resulted\nin a NULL-pointer deref.\n\nWorkarounds in commit 5307dce878d4 (\"drm/gem: Acquire references on\nGEM handles for framebuffers\") and commit f6bfc9afc751 (\"drm/framebuffer:\nAcquire internal references on GEM handles\") only solved the problem\npartially. They especially don\u0027t work for buffer objects without a DRM\nframebuffer associated.\n\nHence, this revert to going back to using .import_attach-\u003edmabuf.\n\nv3:\n- cc stable",
  "id": "GHSA-vx2j-fjcj-hv44",
  "modified": "2025-11-26T00:30:15Z",
  "published": "2025-08-22T18:31:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38672"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1918e79be908b8a2c8757640289bc196c14d928a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e7bdb3104a2f71ec1439d37f8e6e2f201dbcd7cf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VX3C-WW5C-QPM8

Vulnerability from github – Published: 2025-10-03 21:30 – Updated: 2025-10-08 21:30
VLAI
Details

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.

We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-52859"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-03T19:15:47Z",
    "severity": "MODERATE"
  },
  "details": "A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.6.3195 build 20250715 and later\nQuTS hero h5.2.6.3195 build 20250715 and later",
  "id": "GHSA-vx3c-ww5c-qpm8",
  "modified": "2025-10-08T21:30:24Z",
  "published": "2025-10-03T21:30:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52859"
    },
    {
      "type": "WEB",
      "url": "https://www.qnap.com/en/security-advisory/qsa-25-36"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-VX56-8X3P-3HVP

Vulnerability from github – Published: 2024-08-17 09:30 – Updated: 2024-09-30 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ASoC: TAS2781: Fix tasdev_load_calibrated_data()

This function has a reversed if statement so it's either a no-op or it leads to a NULL dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-42278"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-17T09:15:08Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: TAS2781: Fix tasdev_load_calibrated_data()\n\nThis function has a reversed if statement so it\u0027s either a no-op or it\nleads to a NULL dereference.",
  "id": "GHSA-vx56-8x3p-3hvp",
  "modified": "2024-09-30T15:30:43Z",
  "published": "2024-08-17T09:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42278"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/51be301d29d674ff328dfcf23705851f326f35b3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6d98741dbd1309a6f2d7cffbb10a8f036ec3ca06"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/92c78222168e9035a9bfb8841c2e56ce23e51f73"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VX7W-47R6-WXW3

Vulnerability from github – Published: 2026-04-22 15:31 – Updated: 2026-04-28 12:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

tracing: Drain deferred trigger frees if kthread creation fails

Boot-time trigger registration can fail before the trigger-data cleanup kthread exists. Deferring those frees until late init is fine, but the post-boot fallback must still drain the deferred list if kthread creation never succeeds.

Otherwise, boot-deferred nodes can accumulate on trigger_data_free_list, later frees fall back to synchronously freeing only the current object, and the older queued entries are leaked forever.

To trigger this, add the following to the kernel command line:

trace_event=sched_switch trace_trigger=sched_switch.traceon,sched_switch.traceon

The second traceon trigger will fail and be freed. This triggers a NULL pointer dereference and crashes the kernel.

Keep the deferred boot-time behavior, but when kthread creation fails, drain the whole queued list synchronously. Do the same in the late-init drain path so queued entries are not stranded there either.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-31481"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-22T14:16:45Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Drain deferred trigger frees if kthread creation fails\n\nBoot-time trigger registration can fail before the trigger-data cleanup\nkthread exists. Deferring those frees until late init is fine, but the\npost-boot fallback must still drain the deferred list if kthread\ncreation never succeeds.\n\nOtherwise, boot-deferred nodes can accumulate on\ntrigger_data_free_list, later frees fall back to synchronously freeing\nonly the current object, and the older queued entries are leaked\nforever.\n\nTo trigger this, add the following to the kernel command line:\n\n  trace_event=sched_switch trace_trigger=sched_switch.traceon,sched_switch.traceon\n\nThe second traceon trigger will fail and be freed. This triggers a NULL\npointer dereference and crashes the kernel.\n\nKeep the deferred boot-time behavior, but when kthread creation fails,\ndrain the whole queued list synchronously. Do the same in the late-init\ndrain path so queued entries are not stranded there either.",
  "id": "GHSA-vx7w-47r6-wxw3",
  "modified": "2026-04-28T12:31:30Z",
  "published": "2026-04-22T15:31:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31481"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/250ab25391edeeab8462b68be42e4904506c409c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/771624b7884a83bb9f922ae64ee41a5f8b7576c9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VX8W-4739-F7JM

Vulnerability from github – Published: 2022-03-17 00:00 – Updated: 2022-03-17 00:00
VLAI
Details

Adobe Audition version 14.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-40742"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-16T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Adobe Audition version 14.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-vx8w-4739-f7jm",
  "modified": "2022-03-17T00:00:35Z",
  "published": "2022-03-17T00:00:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40742"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/audition/apsb21-92.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VXGQ-8374-WQ2X

Vulnerability from github – Published: 2023-12-05 03:30 – Updated: 2023-12-05 03:30
VLAI
Details

Memory corruption when processing cmd parameters while parsing vdev.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-33088"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-05T03:15:13Z",
    "severity": "HIGH"
  },
  "details": "Memory corruption when processing cmd parameters while parsing vdev.",
  "id": "GHSA-vxgq-8374-wq2x",
  "modified": "2023-12-05T03:30:22Z",
  "published": "2023-12-05T03:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33088"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.