Common Weakness Enumeration

CWE-690

Discouraged

Unchecked Return Value to NULL Pointer Dereference

Abstraction: Compound · Status: Draft

The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference.

53 vulnerabilities reference this CWE, most recent first.

CVE-2020-6095 (GCVE-0-2020-6095)

Vulnerability from cvelistv5 – Published: 2020-03-27 19:20 – Updated: 2024-08-04 08:47
VLAI
Summary
An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.
CWE
  • CWE-690 - Unchecked Return Value to NULL Pointer Dereference
Assigner
References
Impacted products
Vendor Product Version
n/a GStreamer Affected: GStreamer gst-rtsp-server 1.14.5
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:47:41.006Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2020:0535",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00029.html"
          },
          {
            "name": "GLSA-202009-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202009-05"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1018"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.freedesktop.org/gstreamer/gst-rtsp-server/-/commit/44ccca3086dd81081d72ca0b21d0ecdde962fb1a"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "GStreamer",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "GStreamer gst-rtsp-server 1.14.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-690",
              "description": "CWE-690: Unchecked Return Value to NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T15:15:56.000Z",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "name": "openSUSE-SU-2020:0535",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00029.html"
        },
        {
          "name": "GLSA-202009-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202009-05"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1018"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.freedesktop.org/gstreamer/gst-rtsp-server/-/commit/44ccca3086dd81081d72ca0b21d0ecdde962fb1a"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2020-6095",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "GStreamer",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "GStreamer gst-rtsp-server 1.14.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 7.5,
            "baseSeverity": "High",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-690: Unchecked Return Value to NULL Pointer Dereference"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2020:0535",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00029.html"
            },
            {
              "name": "GLSA-202009-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202009-05"
            },
            {
              "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1018",
              "refsource": "MISC",
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1018"
            },
            {
              "name": "https://gitlab.freedesktop.org/gstreamer/gst-rtsp-server/-/commit/44ccca3086dd81081d72ca0b21d0ecdde962fb1a",
              "refsource": "MISC",
              "url": "https://gitlab.freedesktop.org/gstreamer/gst-rtsp-server/-/commit/44ccca3086dd81081d72ca0b21d0ecdde962fb1a"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2020-6095",
    "datePublished": "2020-03-27T19:20:26.000Z",
    "dateReserved": "2020-01-07T00:00:00.000Z",
    "dateUpdated": "2024-08-04T08:47:41.006Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-1648 (GCVE-0-2020-1648)

Vulnerability from cvelistv5 – Published: 2020-07-17 18:40 – Updated: 2024-09-16 19:40
VLAI
Title
Junos OS and Junos OS Evolved: RPD crash when processing a specific BGP packet
Summary
On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific BGP packet can lead to a routing process daemon (RPD) crash and restart. This issue can occur even before the BGP session with the peer is established. Repeated receipt of this specific BGP packet can result in an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 18.2X75 versions starting from 18.2X75-D50.8, 18.2X75-D60 and later versions, prior to 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60.2, 18.2X75-D65.1, 18.2X75-D70; 19.4 versions 19.4R1 and 19.4R1-S1; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved: 19.4-EVO versions prior to 19.4R2-S2-EVO; 20.1-EVO versions prior to 20.1R2-EVO. This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO.
CWE
  • CWE-159 - Failure to Sanitize Special Element
  • CWE-690 - Unchecked Return Value to NULL Pointer Dereference
Assigner
References
URL Tags
https://kb.juniper.net/JSA11035 x_refsource_CONFIRM
Impacted products
Vendor Product Version
Juniper Networks Junos OS Affected: 18.2X75-D50.8 18.2X75-D60 , < 18.2X75* (custom)
Unaffected: 19.4 , < 19.4R1 (custom)
Affected: 20.1 , < 20.1R1-S2, 20.1R2 (custom)
Create a notification for this product.
Juniper Networks Junos OS Evolved Unaffected: 19.4-EVO , < 19.4R1-EVO (custom)
Affected: 20.1-EVO , < 20.1R2-EVO (custom)
Create a notification for this product.
Date Public
2020-07-08 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:46:29.657Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA11035"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60.2, 18.2X75-D65.1, 18.2X75-D70",
                  "status": "unaffected"
                }
              ],
              "lessThan": "18.2X75*",
              "status": "affected",
              "version": "18.2X75-D50.8 18.2X75-D60",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "19.4R1",
                  "status": "affected"
                },
                {
                  "at": "19.4R1-S2, 19.4R2",
                  "status": "unaffected"
                }
              ],
              "lessThan": "19.4R1",
              "status": "unaffected",
              "version": "19.4",
              "versionType": "custom"
            },
            {
              "lessThan": "20.1R1-S2, 20.1R2",
              "status": "affected",
              "version": "20.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Junos OS Evolved",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "19.4R2-S2-EVO",
                  "status": "unaffected"
                }
              ],
              "lessThan": "19.4R1-EVO",
              "status": "unaffected",
              "version": "19.4-EVO",
              "versionType": "custom"
            },
            {
              "lessThan": "20.1R2-EVO",
              "status": "affected",
              "version": "20.1-EVO",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2020-07-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific BGP packet can lead to a routing process daemon (RPD) crash and restart. This issue can occur even before the BGP session with the peer is established. Repeated receipt of this specific BGP packet can result in an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 18.2X75 versions starting from 18.2X75-D50.8, 18.2X75-D60 and later versions, prior to 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60.2, 18.2X75-D65.1, 18.2X75-D70; 19.4 versions 19.4R1 and 19.4R1-S1; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved: 19.4-EVO versions prior to 19.4R2-S2-EVO; 20.1-EVO versions prior to 20.1R2-EVO. This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-159",
              "description": "CWE-159 Failure to Sanitize Special Element",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-690",
              "description": "CWE-690 Unchecked Return Value to NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-17T18:40:42.000Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA11035"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60.2, 18.2X75-D65.1, 18.2X75-D70, 19.4R1-S2, 19.4R2, 20.1R1-S2, 20.1R2, 20.2R1, and all subsequent releases.\n\nJunos OS Evolved: 19.4R2-S2-EVO, 20.1R2-EVO, 20.2R1-EVO and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA11035",
        "defect": [
          "1502327"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS and Junos OS Evolved: RPD crash when processing a specific BGP packet",
      "workarounds": [
        {
          "lang": "en",
          "value": "There are no viable workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "DATE_PUBLIC": "2020-07-08T07:00:00.000Z",
          "ID": "CVE-2020-1648",
          "STATE": "PUBLIC",
          "TITLE": "Junos OS and Junos OS Evolved: RPD crash when processing a specific BGP packet"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos OS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_name": "18.2X75",
                            "version_value": "18.2X75-D50.8 18.2X75-D60"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "18.2X75",
                            "version_value": "18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60.2, 18.2X75-D65.1, 18.2X75-D70"
                          },
                          {
                            "version_affected": "!\u003c",
                            "version_name": "19.4",
                            "version_value": "19.4R1"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_name": "19.4",
                            "version_value": "19.4R1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "19.4",
                            "version_value": "19.4R1-S2, 19.4R2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "20.1",
                            "version_value": "20.1R1-S2, 20.1R2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Junos OS Evolved",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "!\u003c",
                            "version_name": "19.4-EVO",
                            "version_value": "19.4R1-EVO"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "19.4-EVO",
                            "version_value": "19.4R2-S2-EVO"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "20.1-EVO",
                            "version_value": "20.1R2-EVO"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific BGP packet can lead to a routing process daemon (RPD) crash and restart. This issue can occur even before the BGP session with the peer is established. Repeated receipt of this specific BGP packet can result in an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 18.2X75 versions starting from 18.2X75-D50.8, 18.2X75-D60 and later versions, prior to 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60.2, 18.2X75-D65.1, 18.2X75-D70; 19.4 versions 19.4R1 and 19.4R1-S1; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved: 19.4-EVO versions prior to 19.4R2-S2-EVO; 20.1-EVO versions prior to 20.1R2-EVO. This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-159 Failure to Sanitize Special Element"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-690 Unchecked Return Value to NULL Pointer Dereference"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA11035",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA11035"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60.2, 18.2X75-D65.1, 18.2X75-D70, 19.4R1-S2, 19.4R2, 20.1R1-S2, 20.1R2, 20.2R1, and all subsequent releases.\n\nJunos OS Evolved: 19.4R2-S2-EVO, 20.1R2-EVO, 20.2R1-EVO and all subsequent releases."
          }
        ],
        "source": {
          "advisory": "JSA11035",
          "defect": [
            "1502327"
          ],
          "discovery": "USER"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "There are no viable workarounds for this issue."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2020-1648",
    "datePublished": "2020-07-17T18:40:42.272Z",
    "dateReserved": "2019-11-04T00:00:00.000Z",
    "dateUpdated": "2024-09-16T19:40:10.805Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-29Q4-GXJQ-RX5C

Vulnerability from github – Published: 2021-02-10 02:31 – Updated: 2021-02-10 01:48
VLAI
Summary
Remote Code Execution in SCIMono
Details

Impact

It is possible for attacker to inject and execute java expression and compromising the availability and integrity of the system.

Patches

The issue was fixed on 0.0.19 version

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.sap.scimono:scimono-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.19"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-21479"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59",
      "CWE-62",
      "CWE-690",
      "CWE-74",
      "CWE-77",
      "CWE-917"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-02-10T01:48:45Z",
    "nvd_published_at": "2021-02-09T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nIt is possible for attacker to inject and execute java expression and compromising the availability and integrity of the system.\n\n### Patches\nThe issue was fixed on  [0.0.19 version](https://mvnrepository.com/artifact/com.sap.scimono/scimono-server/0.0.19)",
  "id": "GHSA-29q4-gxjq-rx5c",
  "modified": "2021-02-10T01:48:45Z",
  "published": "2021-02-10T02:31:53Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/SAP/scimono/security/advisories/GHSA-29q4-gxjq-rx5c"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21479"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SAP/scimono/commit/413b5d75fa94e77876af0e47be76475a23745b80"
    },
    {
      "type": "WEB",
      "url": "https://mvnrepository.com/artifact/com.sap.scimono/scimono-server/0.0.19"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Remote Code Execution in SCIMono"
}

GHSA-2MM8-PF66-MCH4

Vulnerability from github – Published: 2023-01-07 21:30 – Updated: 2023-01-12 21:30
VLAI
Details

A vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38. This affects the function Ztring::Date_From_Seconds_1970_Local of the file Source/ZenLib/Ztring.cpp. The manipulation of the argument Value leads to unchecked return value to null pointer dereference. Upgrading to version 0.4.39 is able to address this issue. The name of the patch is 6475fcccd37c9cf17e0cfe263b5fe0e2e47a8408. It is recommended to upgrade the affected component. The identifier VDB-217629 was assigned to this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-36646"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476",
      "CWE-690"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-07T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38. This affects the function Ztring::Date_From_Seconds_1970_Local of the file Source/ZenLib/Ztring.cpp. The manipulation of the argument Value leads to unchecked return value to null pointer dereference. Upgrading to version 0.4.39 is able to address this issue. The name of the patch is 6475fcccd37c9cf17e0cfe263b5fe0e2e47a8408. It is recommended to upgrade the affected component. The identifier VDB-217629 was assigned to this vulnerability.",
  "id": "GHSA-2mm8-pf66-mch4",
  "modified": "2023-01-12T21:30:28Z",
  "published": "2023-01-07T21:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36646"
    },
    {
      "type": "WEB",
      "url": "https://github.com/MediaArea/ZenLib/pull/119"
    },
    {
      "type": "WEB",
      "url": "https://github.com/MediaArea/ZenLib/commit/6475fcccd37c9cf17e0cfe263b5fe0e2e47a8408"
    },
    {
      "type": "WEB",
      "url": "https://github.com/MediaArea/ZenLib/releases/tag/v0.4.39"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.217629"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.217629"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2R7V-CMCH-5X26

Vulnerability from github – Published: 2022-12-05 17:37 – Updated: 2022-12-05 17:37
VLAI
Summary
muhammara and hummus vulnerable to Unchecked Return Value to NULL Pointer Dereference
Details

Impact

The package muhammara before 2.6.2, from 3.0.0 and before 3.3.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed.

Patches

It has been patched in 3.4.0 and has been backported to 2.6.2 There is no patch for hummus, currently

Workarounds

Do not process files from untrusted sources or update. Replace hummus with muhammara

References

https://github.com/julianhille/MuhammaraJS/pull/235 https://github.com/julianhille/MuhammaraJS/pull/238

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c 2.6.2"
      },
      "package": {
        "ecosystem": "npm",
        "name": "hummus"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "muhammara"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.4.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "muhammara"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.6.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-41957"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-690"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-05T17:37:22Z",
    "nvd_published_at": "2022-11-28T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nThe package muhammara before 2.6.2, from 3.0.0 and before 3.3.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed.\n\n### Patches\nIt has been patched in 3.4.0 and has been backported to 2.6.2\nThere is no patch for hummus, currently\n\n### Workarounds\nDo not process files from untrusted sources or update.\nReplace hummus with muhammara\n\n### References\nhttps://github.com/julianhille/MuhammaraJS/pull/235\nhttps://github.com/julianhille/MuhammaraJS/pull/238",
  "id": "GHSA-2r7v-cmch-5x26",
  "modified": "2022-12-05T17:37:22Z",
  "published": "2022-12-05T17:37:22Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/julianhille/MuhammaraJS/security/advisories/GHSA-2r7v-cmch-5x26"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41957"
    },
    {
      "type": "WEB",
      "url": "https://github.com/julianhille/MuhammaraJS/pull/235"
    },
    {
      "type": "WEB",
      "url": "https://github.com/julianhille/MuhammaraJS/pull/238"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/julianhille/MuhammaraJS"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "muhammara and hummus vulnerable to Unchecked Return Value to NULL Pointer Dereference"
}

GHSA-2WMG-Q3RM-P93R

Vulnerability from github – Published: 2026-05-20 06:31 – Updated: 2026-05-20 06:31
VLAI
Details

NVIDIA TRT-LLM for any platform contains a vulnerability where an attacker could cause an unchecked return value to a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-24160"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-690"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-20T04:16:45Z",
    "severity": "MODERATE"
  },
  "details": "NVIDIA TRT-LLM for any platform contains a vulnerability where an attacker could cause an  unchecked return value to a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service.",
  "id": "GHSA-2wmg-q3rm-p93r",
  "modified": "2026-05-20T06:31:52Z",
  "published": "2026-05-20T06:31:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24160"
    },
    {
      "type": "WEB",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5805"
    },
    {
      "type": "WEB",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24160"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4PWX-M3XW-8XJ9

Vulnerability from github – Published: 2024-09-18 15:30 – Updated: 2024-09-20 21:31
VLAI
Details

Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::TablePropertiesList::unpack.

This issue affects libfluid: 0.1.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-31175"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476",
      "CWE-690"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-18T14:15:14Z",
    "severity": "MODERATE"
  },
  "details": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of13::TablePropertiesList::unpack.\n\nThis issue affects libfluid: 0.1.0.",
  "id": "GHSA-4pwx-m3xw-8xj9",
  "modified": "2024-09-20T21:31:38Z",
  "published": "2024-09-18T15:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31175"
    },
    {
      "type": "WEB",
      "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31175"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4QRV-8QQ4-M334

Vulnerability from github – Published: 2024-09-18 15:30 – Updated: 2024-09-20 21:31
VLAI
Details

Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::MeterBandList::unpack.

This issue affects libfluid: 0.1.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-31185"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476",
      "CWE-690"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-18T14:15:16Z",
    "severity": "MODERATE"
  },
  "details": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of13::MeterBandList::unpack.\n\nThis issue affects libfluid: 0.1.0.",
  "id": "GHSA-4qrv-8qq4-m334",
  "modified": "2024-09-20T21:31:39Z",
  "published": "2024-09-18T15:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31185"
    },
    {
      "type": "WEB",
      "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31185"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-876P-P3C7-GGC7

Vulnerability from github – Published: 2024-04-08 21:31 – Updated: 2024-08-01 15:31
VLAI
Details

Apfloat v1.10.1 was discovered to contain a NullPointerException via the component org.apfloat.internal.DoubleScramble::scramble(double[], int, int[]).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-23085"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476",
      "CWE-690"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-08T20:15:08Z",
    "severity": "HIGH"
  },
  "details": "Apfloat v1.10.1 was discovered to contain a NullPointerException via the component org.apfloat.internal.DoubleScramble::scramble(double[], int, int[]).",
  "id": "GHSA-876p-p3c7-ggc7",
  "modified": "2024-08-01T15:31:37Z",
  "published": "2024-04-08T21:31:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23085"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/LLM4IG/a4a54fc4abe044976a66af9fffedfc94"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mtommila/apfloat"
    },
    {
      "type": "WEB",
      "url": "http://apfloat.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9CV5-4WQV-9W94

Vulnerability from github – Published: 2022-11-01 12:00 – Updated: 2022-11-02 16:01
VLAI
Summary
muhammara and hummus vulnerable to denial of service by NULL pointer dereference
Details

Impact

The package muhammara before 2.6.1, from 3.0.0 and before 3.1.1; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed.

Patches

It has been patched in 3.1.1 and has been backported to 2.6.1 Hummus has a patch in 1.0.111.

Workarounds

Do not process files from untrusted sources or update.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-25892 https://github.com/galkahana/HummusJS/issues/463 https://github.com/julianhille/MuhammaraJS/issues/214 https://github.com/julianhille/MuhammaraJS/commit/1890fb555eaf171db79b73fdc3ea543bbd63c002 https://github.com/julianhille/MuhammaraJS/commit/90b278d09f16062d93a4160ef0a54d449d739c51 https://security.snyk.io/vuln/SNYK-JS-HUMMUS-3091138 https://security.snyk.io/vuln/SNYK-JS-MUHAMMARA-3060320

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "muhammara"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.6.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "muhammara"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "hummus"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.111"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-25892"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-690"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-01T21:54:15Z",
    "nvd_published_at": "2022-11-01T05:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nThe package muhammara before 2.6.1, from 3.0.0 and before 3.1.1; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed.\n\n### Patches\nIt has been patched in 3.1.1 and has been backported to 2.6.1\nHummus has a patch in 1.0.111.\n\n### Workarounds\nDo not process files from untrusted sources or update.\n\n### References\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-25892\nhttps://github.com/galkahana/HummusJS/issues/463\nhttps://github.com/julianhille/MuhammaraJS/issues/214\nhttps://github.com/julianhille/MuhammaraJS/commit/1890fb555eaf171db79b73fdc3ea543bbd63c002\nhttps://github.com/julianhille/MuhammaraJS/commit/90b278d09f16062d93a4160ef0a54d449d739c51\nhttps://security.snyk.io/vuln/SNYK-JS-HUMMUS-3091138\nhttps://security.snyk.io/vuln/SNYK-JS-MUHAMMARA-3060320\n",
  "id": "GHSA-9cv5-4wqv-9w94",
  "modified": "2022-11-02T16:01:26Z",
  "published": "2022-11-01T12:00:30Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/julianhille/MuhammaraJS/security/advisories/GHSA-f64j-4x74-p42m"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25892"
    },
    {
      "type": "WEB",
      "url": "https://github.com/galkahana/HummusJS/issues/463"
    },
    {
      "type": "WEB",
      "url": "https://github.com/julianhille/MuhammaraJS/issues/214"
    },
    {
      "type": "WEB",
      "url": "https://github.com/galkahana/HummusJS/commit/a9bf2520ab5abb69f9328906e406fbebfb36159a"
    },
    {
      "type": "WEB",
      "url": "https://github.com/julianhille/MuhammaraJS/commit/1890fb555eaf171db79b73fdc3ea543bbd63c002"
    },
    {
      "type": "WEB",
      "url": "https://github.com/julianhille/MuhammaraJS/commit/90b278d09f16062d93a4160ef0a54d449d739c51"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/julianhille/MuhammaraJS"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-JS-HUMMUS-3091138"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-JS-MUHAMMARA-3060320"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "muhammara and hummus vulnerable to denial of service by NULL pointer dereference"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.