Common Weakness Enumeration
CWE-690
DiscouragedUnchecked Return Value to NULL Pointer Dereference
Abstraction: Compound · Status: Draft
The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference.
53 vulnerabilities reference this CWE, most recent first.
CVE-2026-21496 (GCVE-0-2026-21496)
Vulnerability from cvelistv5 – Published: 2026-01-07 17:09 – Updated: 2026-01-07 18:19
VLAI
EPSS
VEX
Title
NULL Pointer Dereference in iccDEV Signature Parser
Summary
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the signature parser. This issue has been patched in version 2.3.1.2.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/InternationalColorConsortium/i… | x_refsource_CONFIRM |
| https://github.com/InternationalColorConsortium/i… | x_refsource_MISC |
| https://github.com/InternationalColorConsortium/i… | x_refsource_MISC |
| https://github.com/InternationalColorConsortium/i… | x_refsource_MISC |
| https://github.com/InternationalColorConsortium/i… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| InternationalColorConsortium | iccDEV |
Affected:
< 2.3.1.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21496",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-07T18:16:28.096423Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T18:19:41.872Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iccDEV",
"vendor": "InternationalColorConsortium",
"versions": [
{
"status": "affected",
"version": "\u003c 2.3.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the signature parser. This issue has been patched in version 2.3.1.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-252",
"description": "CWE-252: Unchecked Return Value",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-690",
"description": "CWE-690: Unchecked Return Value to NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T17:09:08.381Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-wj8m-6w77-r4rw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-wj8m-6w77-r4rw"
},
{
"name": "https://github.com/InternationalColorConsortium/iccDEV/issues/381",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/InternationalColorConsortium/iccDEV/issues/381"
},
{
"name": "https://github.com/InternationalColorConsortium/iccDEV/pull/405",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/InternationalColorConsortium/iccDEV/pull/405"
},
{
"name": "https://github.com/InternationalColorConsortium/iccDEV/commit/0e51ceb427925b7e22f0465547df7506d35cda1c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/InternationalColorConsortium/iccDEV/commit/0e51ceb427925b7e22f0465547df7506d35cda1c"
},
{
"name": "https://github.com/InternationalColorConsortium/iccDEV/commit/b5ad23aceece3789bdf1c47bae1ecf9d7bfcd26d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/InternationalColorConsortium/iccDEV/commit/b5ad23aceece3789bdf1c47bae1ecf9d7bfcd26d"
}
],
"source": {
"advisory": "GHSA-wj8m-6w77-r4rw",
"discovery": "UNKNOWN"
},
"title": "NULL Pointer Dereference in iccDEV Signature Parser"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-21496",
"datePublished": "2026-01-07T17:09:08.381Z",
"dateReserved": "2025-12-29T14:34:16.006Z",
"dateUpdated": "2026-01-07T18:19:41.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-33192 (GCVE-0-2025-33192)
Vulnerability from cvelistv5 – Published: 2025-11-25 17:58 – Updated: 2025-11-25 20:28
VLAI
EPSS
VEX
Summary
NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an arbitrary memory read. A successful exploit of this vulnerability might lead to denial of service.
Severity
5.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-690 - Unchecked Return Value to NULL Pointer Dereference
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33192",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-25T20:27:42.162010Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T20:28:19.265Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"NVIDIA DGX OS"
],
"product": "DGX Spark",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to OTA0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an arbitrary memory read. A successful exploit of this vulnerability might lead to denial of service."
}
],
"value": "NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an arbitrary memory read. A successful exploit of this vulnerability might lead to denial of service."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Code Execution, Denial of Service, Information Disclosure"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-690",
"description": "CWE-690 Unchecked Return Value to NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T17:58:53.693Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33192"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33192"
},
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5720"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "NVIDIA PSIRT"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2025-33192",
"datePublished": "2025-11-25T17:58:53.693Z",
"dateReserved": "2025-04-15T18:51:03.729Z",
"dateUpdated": "2025-11-25T20:28:19.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-42329 (GCVE-0-2024-42329)
Vulnerability from cvelistv5 – Published: 2024-11-27 12:05 – Updated: 2024-11-27 14:55
VLAI
EPSS
VEX
Title
JS - Crash on unexpected HTTP server response
Summary
The webdriver for the Browser object expects an error object to be initialized when the webdriver_session_query function fails. But this function can fail for various reasons without an error description and then the wd->error will be NULL and trying to read from it will result in a crash.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Date Public
2024-10-30 11:36
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42329",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T14:55:49.394112Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T14:55:58.417Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Server"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "7.0.4rc1",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.3rc1",
"status": "affected",
"version": "7.0.0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zabbix wants to thank zhutyra for submitting this report on the HackerOne bug bounty platform."
}
],
"datePublic": "2024-10-30T11:36:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The webdriver for the Browser object expects an error object to be initialized when the webdriver_session_query function fails. But this function can fail for various reasons without an error description and then the wd-\u0026gt;error will be NULL and trying to read from it will result in a crash."
}
],
"value": "The webdriver for the Browser object expects an error object to be initialized when the webdriver_session_query function fails. But this function can fail for various reasons without an error description and then the wd-\u003eerror will be NULL and trying to read from it will result in a crash."
}
],
"impacts": [
{
"capecId": "CAPEC-215",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-215 Fuzzing for application mapping"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-690",
"description": "CWE-690 Unchecked Return Value to NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T12:05:21.915Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-25625"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "JS - Crash on unexpected HTTP server response",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2024-42329",
"datePublished": "2024-11-27T12:05:21.915Z",
"dateReserved": "2024-07-30T08:27:36.132Z",
"dateUpdated": "2024-11-27T14:55:58.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42328 (GCVE-0-2024-42328)
Vulnerability from cvelistv5 – Published: 2024-11-27 12:04 – Updated: 2024-11-27 14:56
VLAI
EPSS
VEX
Title
JS - Crash on empty HTTP server response
Summary
When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curl_write_cb when receiving data. If the server's response is an empty document, then wd->data in the code below will remain NULL and an attempt to read from it will result in a crash.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Date Public
2024-10-30 11:49
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42328",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T14:56:07.120650Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T14:56:15.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Server"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "7.0.3rc1",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.2",
"status": "affected",
"version": "7.0.0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zabbix wants to thank zhutyra for submitting this report on the HackerOne bug bounty platform"
}
],
"datePublic": "2024-10-30T11:49:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curl_write_cb when receiving data. If the server\u0027s response is an empty document, then wd-\u0026gt;data in the code below will remain NULL and an attempt to read from it will result in a crash."
}
],
"value": "When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curl_write_cb when receiving data. If the server\u0027s response is an empty document, then wd-\u003edata in the code below will remain NULL and an attempt to read from it will result in a crash."
}
],
"impacts": [
{
"capecId": "CAPEC-215",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-215 Fuzzing for application mapping"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-690",
"description": "CWE-690 Unchecked Return Value to NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T12:04:53.864Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-25624"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "JS - Crash on empty HTTP server response",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2024-42328",
"datePublished": "2024-11-27T12:04:53.864Z",
"dateReserved": "2024-07-30T08:27:36.132Z",
"dateUpdated": "2024-11-27T14:56:15.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31196 (GCVE-0-2024-31196)
Vulnerability from cvelistv5 – Published: 2024-09-18 13:59 – Updated: 2024-09-18 15:28
VLAI
EPSS
VEX
Title
NULL Pointer Dereference in libfluid_msg library
Summary
Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::ActionList::unpack10.
This issue affects libfluid: 0.1.0.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-690 - Unchecked Return Value to NULL Pointer Dereference
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Open Networking Foundation (ONF) | libfluid |
Affected:
0.1.0
|
|
| open_networking_foundation | libfluid |
Affected:
0.1.0
cpe:2.3:a:open_networking_foundation:libfluid:0.1.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:open_networking_foundation:libfluid:0.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "libfluid",
"vendor": "open_networking_foundation",
"versions": [
{
"status": "affected",
"version": "0.1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31196",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T15:27:37.117346Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T15:28:32.418Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://opennetworkingfoundation.github.io/libfluid/",
"defaultStatus": "unaffected",
"modules": [
"libfluid_msg"
],
"product": "libfluid",
"programRoutines": [
{
"name": "fluid_msg::ActionList::unpack10"
}
],
"vendor": "Open Networking Foundation (ONF)",
"versions": [
{
"status": "affected",
"version": "0.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).\u003cp\u003e This vulnerability is associated with program routine\u0026nbsp;\u003ctt\u003efluid_msg::ActionList::unpack10\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects libfluid: 0.1.0.\u003c/p\u003e"
}
],
"value": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::ActionList::unpack10.\n\nThis issue affects libfluid: 0.1.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-690",
"description": "CWE-690 Unchecked Return Value to NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T13:59:05.532Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31196"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "NULL Pointer Dereference in libfluid_msg library",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUntil a software patch which fixes this issue is not released, it is highly recommended to not exposed the vulnerable component inside an untrusted network.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Until a software patch which fixes this issue is not released, it is highly recommended to not exposed the vulnerable component inside an untrusted network."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2024-31196",
"datePublished": "2024-09-18T13:59:05.532Z",
"dateReserved": "2024-03-29T08:24:16.652Z",
"dateUpdated": "2024-09-18T15:28:32.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31185 (GCVE-0-2024-31185)
Vulnerability from cvelistv5 – Published: 2024-09-18 13:57 – Updated: 2024-09-18 17:12
VLAI
EPSS
VEX
Title
NULL Pointer Dereference in libfluid_msg library
Summary
Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::MeterBandList::unpack.
This issue affects libfluid: 0.1.0.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-690 - Unchecked Return Value to NULL Pointer Dereference
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Open Networking Foundation (ONF) | libfluid |
Affected:
0.1.0
|
|
| open_networking_foundation | libfluid |
Affected:
0.1.0
cpe:2.3:a:open_networking_foundation:libfluid:0.1.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:open_networking_foundation:libfluid:0.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "libfluid",
"vendor": "open_networking_foundation",
"versions": [
{
"status": "affected",
"version": "0.1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31185",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T17:11:32.772148Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T17:12:09.394Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://opennetworkingfoundation.github.io/libfluid/",
"defaultStatus": "unaffected",
"modules": [
"libfluid_msg"
],
"product": "libfluid",
"programRoutines": [
{
"name": "fluid_msg::QueuePropertyList::unpack10"
}
],
"vendor": "Open Networking Foundation (ONF)",
"versions": [
{
"status": "affected",
"version": "0.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).\u003cp\u003e This vulnerability is associated with program routine\u0026nbsp;fluid_msg::of13::MeterBandList::unpack.\u003c/p\u003e\u003cp\u003eThis issue affects libfluid: 0.1.0.\u003c/p\u003e"
}
],
"value": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of13::MeterBandList::unpack.\n\nThis issue affects libfluid: 0.1.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-690",
"description": "CWE-690 Unchecked Return Value to NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T13:57:43.147Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31185"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "NULL Pointer Dereference in libfluid_msg library",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUntil a software patch which fixes this issue is not released, it is highly recommended to not exposed the vulnerable component inside an untrusted network.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Until a software patch which fixes this issue is not released, it is highly recommended to not exposed the vulnerable component inside an untrusted network."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2024-31185",
"datePublished": "2024-09-18T13:57:43.147Z",
"dateReserved": "2024-03-29T08:24:14.800Z",
"dateUpdated": "2024-09-18T17:12:09.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31182 (GCVE-0-2024-31182)
Vulnerability from cvelistv5 – Published: 2024-09-18 13:57 – Updated: 2024-09-18 15:22
VLAI
EPSS
VEX
Title
NULL Pointer Dereference in libfluid_msg library
Summary
Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::QueuePropertyList::unpack10.
This issue affects libfluid: 0.1.0.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-690 - Unchecked Return Value to NULL Pointer Dereference
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Open Networking Foundation (ONF) | libfluid |
Affected:
0.1.0
|
|
| open_networking_foundation | libfluid |
Affected:
0.1.0
cpe:2.3:a:open_networking_foundation:libfluid:0.1.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:open_networking_foundation:libfluid:0.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "libfluid",
"vendor": "open_networking_foundation",
"versions": [
{
"status": "affected",
"version": "0.1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31182",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T15:21:28.671567Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T15:22:59.108Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://opennetworkingfoundation.github.io/libfluid/",
"defaultStatus": "unaffected",
"modules": [
"libfluid_msg"
],
"product": "libfluid",
"programRoutines": [
{
"name": "fluid_msg::QueuePropertyList::unpack10"
}
],
"vendor": "Open Networking Foundation (ONF)",
"versions": [
{
"status": "affected",
"version": "0.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).\u003cp\u003e This vulnerability is associated with program routine\u0026nbsp;\u003ctt\u003efluid_msg::QueuePropertyList::unpack10\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects libfluid: 0.1.0.\u003c/p\u003e"
}
],
"value": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::QueuePropertyList::unpack10.\n\nThis issue affects libfluid: 0.1.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-690",
"description": "CWE-690 Unchecked Return Value to NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T13:57:21.605Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31182"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "NULL Pointer Dereference in libfluid_msg library",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUntil a software patch which fixes this issue is not released, it is highly recommended to not exposed the vulnerable component inside an untrusted network.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Until a software patch which fixes this issue is not released, it is highly recommended to not exposed the vulnerable component inside an untrusted network."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2024-31182",
"datePublished": "2024-09-18T13:57:21.605Z",
"dateReserved": "2024-03-29T08:24:13.203Z",
"dateUpdated": "2024-09-18T15:22:59.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31175 (GCVE-0-2024-31175)
Vulnerability from cvelistv5 – Published: 2024-09-18 13:56 – Updated: 2024-09-18 15:24
VLAI
EPSS
VEX
Title
NULL Pointer Dereference in libfluid_msg library
Summary
Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::TablePropertiesList::unpack.
This issue affects libfluid: 0.1.0.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-690 - Unchecked Return Value to NULL Pointer Dereference
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Open Networking Foundation (ONF) | libfluid |
Affected:
0.1.0
|
|
| open_networking_foundation | libfluid |
Affected:
0.1.0
cpe:2.3:a:open_networking_foundation:libfluid:0.1.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:open_networking_foundation:libfluid:0.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "libfluid",
"vendor": "open_networking_foundation",
"versions": [
{
"status": "affected",
"version": "0.1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31175",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T15:23:30.997830Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T15:24:02.640Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://opennetworkingfoundation.github.io/libfluid/",
"defaultStatus": "unaffected",
"modules": [
"libfluid_msg"
],
"product": "libfluid",
"programRoutines": [
{
"name": "fluid_msg::of13::TablePropertiesList::unpack"
}
],
"vendor": "Open Networking Foundation (ONF)",
"versions": [
{
"status": "affected",
"version": "0.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).\u003cp\u003e This vulnerability is associated with program routine\u0026nbsp;\u003ctt\u003efluid_msg::of13::TablePropertiesList::unpack\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects libfluid: 0.1.0.\u003c/p\u003e"
}
],
"value": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of13::TablePropertiesList::unpack.\n\nThis issue affects libfluid: 0.1.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-690",
"description": "CWE-690 Unchecked Return Value to NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T13:56:26.450Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31175"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "NULL Pointer Dereference in libfluid_msg library",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUntil a software patch which fixes this issue is not released, it is highly recommended to not exposed the vulnerable component inside an untrusted network.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Until a software patch which fixes this issue is not released, it is highly recommended to not exposed the vulnerable component inside an untrusted network."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2024-31175",
"datePublished": "2024-09-18T13:56:26.450Z",
"dateReserved": "2024-03-29T08:24:13.202Z",
"dateUpdated": "2024-09-18T15:24:02.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31167 (GCVE-0-2024-31167)
Vulnerability from cvelistv5 – Published: 2024-09-18 13:55 – Updated: 2024-09-18 17:22
VLAI
EPSS
VEX
Title
NULL Pointer Dereference in libfluid_msg library
Summary
Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::QueuePropertyList::unpack13.
This issue affects libfluid: 0.1.0.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-690 - Unchecked Return Value to NULL Pointer Dereference
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Open Networking Foundation (ONF) | libfluid |
Affected:
0.1.0
|
|
| open_networking_foundation | libfluid |
Affected:
0.1.0
cpe:2.3:a:open_networking_foundation:libfluid:0.1.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:open_networking_foundation:libfluid:0.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "libfluid",
"vendor": "open_networking_foundation",
"versions": [
{
"status": "affected",
"version": "0.1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31167",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T17:21:41.124790Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T17:22:00.402Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://opennetworkingfoundation.github.io/libfluid/",
"defaultStatus": "unaffected",
"modules": [
"libfluid_msg"
],
"product": "libfluid",
"programRoutines": [
{
"name": "fluid_msg::QueuePropertyList::unpack13"
}
],
"vendor": "Open Networking Foundation (ONF)",
"versions": [
{
"status": "affected",
"version": "0.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).\u003cp\u003e This vulnerability is associated with program routine\u0026nbsp;\u003ctt\u003efluid_msg::QueuePropertyList::unpack13\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects libfluid: 0.1.0.\u003c/p\u003e"
}
],
"value": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::QueuePropertyList::unpack13.\n\nThis issue affects libfluid: 0.1.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-690",
"description": "CWE-690 Unchecked Return Value to NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T13:55:08.993Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31167"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "NULL Pointer Dereference in libfluid_msg library",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUntil a software patch which fixes this issue is not released, it is highly recommended to not exposed the vulnerable component inside an untrusted network.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Until a software patch which fixes this issue is not released, it is highly recommended to not exposed the vulnerable component inside an untrusted network."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2024-31167",
"datePublished": "2024-09-18T13:55:08.993Z",
"dateReserved": "2024-03-29T08:24:11.091Z",
"dateUpdated": "2024-09-18T17:22:00.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31165 (GCVE-0-2024-31165)
Vulnerability from cvelistv5 – Published: 2024-09-18 13:54 – Updated: 2024-09-18 15:24
VLAI
EPSS
VEX
Title
NULL Pointer Dereference in libfluid_msg library
Summary
Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::SetFieldAction::unpack.
This issue affects libfluid: 0.1.0.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-690 - Unchecked Return Value to NULL Pointer Dereference
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Open Networking Foundation (ONF) | libfluid |
Affected:
0.1.0
|
|
| open_networking_foundation | libfluid |
Affected:
0.1.0
cpe:2.3:a:open_networking_foundation:libfluid:0.1.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:open_networking_foundation:libfluid:0.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "libfluid",
"vendor": "open_networking_foundation",
"versions": [
{
"status": "affected",
"version": "0.1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31165",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T15:24:29.568489Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T15:24:52.864Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://opennetworkingfoundation.github.io/libfluid/",
"defaultStatus": "unaffected",
"modules": [
"libfluid_msg"
],
"product": "libfluid",
"programRoutines": [
{
"name": "fluid_msg::of13::SetFieldAction::unpack"
}
],
"vendor": "Open Networking Foundation (ONF)",
"versions": [
{
"status": "affected",
"version": "0.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module).\u003cp\u003e This vulnerability is associated with program routine\u0026nbsp;\u003ctt\u003efluid_msg::of13::SetFieldAction::unpack\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects libfluid: 0.1.0.\u003c/p\u003e"
}
],
"value": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of13::SetFieldAction::unpack.\n\nThis issue affects libfluid: 0.1.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-690",
"description": "CWE-690 Unchecked Return Value to NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T13:54:49.938Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31165"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "NULL Pointer Dereference in libfluid_msg library",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUntil a software patch which fixes this issue is not released, it is highly recommended to not exposed the vulnerable component inside an untrusted network.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Until a software patch which fixes this issue is not released, it is highly recommended to not exposed the vulnerable component inside an untrusted network."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2024-31165",
"datePublished": "2024-09-18T13:54:49.938Z",
"dateReserved": "2024-03-29T08:24:11.091Z",
"dateUpdated": "2024-09-18T15:24:52.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.