CWE-690
DiscouragedUnchecked Return Value to NULL Pointer Dereference
Abstraction: Compound · Status: Draft
The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference.
53 vulnerabilities reference this CWE, most recent first.
CVE-2020-6095 (GCVE-0-2020-6095)
Vulnerability from cvelistv5 – Published: 2020-03-27 19:20 – Updated: 2024-08-04 08:47- CWE-690 - Unchecked Return Value to NULL Pointer Dereference
| URL | Tags |
|---|---|
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://security.gentoo.org/glsa/202009-05 | vendor-advisoryx_refsource_GENTOO |
| https://www.talosintelligence.com/vulnerability_r… | x_refsource_MISC |
| https://gitlab.freedesktop.org/gstreamer/gst-rtsp… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:47:41.006Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2020:0535",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00029.html"
},
{
"name": "GLSA-202009-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202009-05"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1018"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gst-rtsp-server/-/commit/44ccca3086dd81081d72ca0b21d0ecdde962fb1a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GStreamer",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "GStreamer gst-rtsp-server 1.14.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-690",
"description": "CWE-690: Unchecked Return Value to NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T15:15:56.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "openSUSE-SU-2020:0535",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00029.html"
},
{
"name": "GLSA-202009-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202009-05"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1018"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gst-rtsp-server/-/commit/44ccca3086dd81081d72ca0b21d0ecdde962fb1a"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2020-6095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GStreamer",
"version": {
"version_data": [
{
"version_value": "GStreamer gst-rtsp-server 1.14.5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-690: Unchecked Return Value to NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2020:0535",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00029.html"
},
{
"name": "GLSA-202009-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202009-05"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1018",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1018"
},
{
"name": "https://gitlab.freedesktop.org/gstreamer/gst-rtsp-server/-/commit/44ccca3086dd81081d72ca0b21d0ecdde962fb1a",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/gstreamer/gst-rtsp-server/-/commit/44ccca3086dd81081d72ca0b21d0ecdde962fb1a"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2020-6095",
"datePublished": "2020-03-27T19:20:26.000Z",
"dateReserved": "2020-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:47:41.006Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1648 (GCVE-0-2020-1648)
Vulnerability from cvelistv5 – Published: 2020-07-17 18:40 – Updated: 2024-09-16 19:40| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA11035 | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
18.2X75-D50.8 18.2X75-D60 , < 18.2X75*
(custom)
Unaffected: 19.4 , < 19.4R1 (custom) Affected: 20.1 , < 20.1R1-S2, 20.1R2 (custom) |
|
| Juniper Networks | Junos OS Evolved |
Unaffected:
19.4-EVO , < 19.4R1-EVO
(custom)
Affected: 20.1-EVO , < 20.1R2-EVO (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:29.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11035"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"changes": [
{
"at": "18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60.2, 18.2X75-D65.1, 18.2X75-D70",
"status": "unaffected"
}
],
"lessThan": "18.2X75*",
"status": "affected",
"version": "18.2X75-D50.8 18.2X75-D60",
"versionType": "custom"
},
{
"changes": [
{
"at": "19.4R1",
"status": "affected"
},
{
"at": "19.4R1-S2, 19.4R2",
"status": "unaffected"
}
],
"lessThan": "19.4R1",
"status": "unaffected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R1-S2, 20.1R2",
"status": "affected",
"version": "20.1",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"changes": [
{
"at": "19.4R2-S2-EVO",
"status": "unaffected"
}
],
"lessThan": "19.4R1-EVO",
"status": "unaffected",
"version": "19.4-EVO",
"versionType": "custom"
},
{
"lessThan": "20.1R2-EVO",
"status": "affected",
"version": "20.1-EVO",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-07-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific BGP packet can lead to a routing process daemon (RPD) crash and restart. This issue can occur even before the BGP session with the peer is established. Repeated receipt of this specific BGP packet can result in an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 18.2X75 versions starting from 18.2X75-D50.8, 18.2X75-D60 and later versions, prior to 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60.2, 18.2X75-D65.1, 18.2X75-D70; 19.4 versions 19.4R1 and 19.4R1-S1; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved: 19.4-EVO versions prior to 19.4R2-S2-EVO; 20.1-EVO versions prior to 20.1R2-EVO. This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-159",
"description": "CWE-159 Failure to Sanitize Special Element",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-690",
"description": "CWE-690 Unchecked Return Value to NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-17T18:40:42.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11035"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60.2, 18.2X75-D65.1, 18.2X75-D70, 19.4R1-S2, 19.4R2, 20.1R1-S2, 20.1R2, 20.2R1, and all subsequent releases.\n\nJunos OS Evolved: 19.4R2-S2-EVO, 20.1R2-EVO, 20.2R1-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA11035",
"defect": [
"1502327"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: RPD crash when processing a specific BGP packet",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-07-08T07:00:00.000Z",
"ID": "CVE-2020-1648",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: RPD crash when processing a specific BGP packet"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "18.2X75",
"version_value": "18.2X75-D50.8 18.2X75-D60"
},
{
"version_affected": "\u003c",
"version_name": "18.2X75",
"version_value": "18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60.2, 18.2X75-D65.1, 18.2X75-D70"
},
{
"version_affected": "!\u003c",
"version_name": "19.4",
"version_value": "19.4R1"
},
{
"version_affected": "\u003e=",
"version_name": "19.4",
"version_value": "19.4R1"
},
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R1-S2, 19.4R2"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R1-S2, 20.1R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "!\u003c",
"version_name": "19.4-EVO",
"version_value": "19.4R1-EVO"
},
{
"version_affected": "\u003c",
"version_name": "19.4-EVO",
"version_value": "19.4R2-S2-EVO"
},
{
"version_affected": "\u003c",
"version_name": "20.1-EVO",
"version_value": "20.1R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific BGP packet can lead to a routing process daemon (RPD) crash and restart. This issue can occur even before the BGP session with the peer is established. Repeated receipt of this specific BGP packet can result in an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 18.2X75 versions starting from 18.2X75-D50.8, 18.2X75-D60 and later versions, prior to 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60.2, 18.2X75-D65.1, 18.2X75-D70; 19.4 versions 19.4R1 and 19.4R1-S1; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved: 19.4-EVO versions prior to 19.4R2-S2-EVO; 20.1-EVO versions prior to 20.1R2-EVO. This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-159 Failure to Sanitize Special Element"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-690 Unchecked Return Value to NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11035",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11035"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60.2, 18.2X75-D65.1, 18.2X75-D70, 19.4R1-S2, 19.4R2, 20.1R1-S2, 20.1R2, 20.2R1, and all subsequent releases.\n\nJunos OS Evolved: 19.4R2-S2-EVO, 20.1R2-EVO, 20.2R1-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA11035",
"defect": [
"1502327"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1648",
"datePublished": "2020-07-17T18:40:42.272Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:40:10.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-29Q4-GXJQ-RX5C
Vulnerability from github – Published: 2021-02-10 02:31 – Updated: 2021-02-10 01:48Impact
It is possible for attacker to inject and execute java expression and compromising the availability and integrity of the system.
Patches
The issue was fixed on 0.0.19 version
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.sap.scimono:scimono-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.19"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-21479"
],
"database_specific": {
"cwe_ids": [
"CWE-59",
"CWE-62",
"CWE-690",
"CWE-74",
"CWE-77",
"CWE-917"
],
"github_reviewed": true,
"github_reviewed_at": "2021-02-10T01:48:45Z",
"nvd_published_at": "2021-02-09T21:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\nIt is possible for attacker to inject and execute java expression and compromising the availability and integrity of the system.\n\n### Patches\nThe issue was fixed on [0.0.19 version](https://mvnrepository.com/artifact/com.sap.scimono/scimono-server/0.0.19)",
"id": "GHSA-29q4-gxjq-rx5c",
"modified": "2021-02-10T01:48:45Z",
"published": "2021-02-10T02:31:53Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/SAP/scimono/security/advisories/GHSA-29q4-gxjq-rx5c"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21479"
},
{
"type": "WEB",
"url": "https://github.com/SAP/scimono/commit/413b5d75fa94e77876af0e47be76475a23745b80"
},
{
"type": "WEB",
"url": "https://mvnrepository.com/artifact/com.sap.scimono/scimono-server/0.0.19"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Remote Code Execution in SCIMono"
}
GHSA-2MM8-PF66-MCH4
Vulnerability from github – Published: 2023-01-07 21:30 – Updated: 2023-01-12 21:30A vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38. This affects the function Ztring::Date_From_Seconds_1970_Local of the file Source/ZenLib/Ztring.cpp. The manipulation of the argument Value leads to unchecked return value to null pointer dereference. Upgrading to version 0.4.39 is able to address this issue. The name of the patch is 6475fcccd37c9cf17e0cfe263b5fe0e2e47a8408. It is recommended to upgrade the affected component. The identifier VDB-217629 was assigned to this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2020-36646"
],
"database_specific": {
"cwe_ids": [
"CWE-476",
"CWE-690"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-07T20:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38. This affects the function Ztring::Date_From_Seconds_1970_Local of the file Source/ZenLib/Ztring.cpp. The manipulation of the argument Value leads to unchecked return value to null pointer dereference. Upgrading to version 0.4.39 is able to address this issue. The name of the patch is 6475fcccd37c9cf17e0cfe263b5fe0e2e47a8408. It is recommended to upgrade the affected component. The identifier VDB-217629 was assigned to this vulnerability.",
"id": "GHSA-2mm8-pf66-mch4",
"modified": "2023-01-12T21:30:28Z",
"published": "2023-01-07T21:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36646"
},
{
"type": "WEB",
"url": "https://github.com/MediaArea/ZenLib/pull/119"
},
{
"type": "WEB",
"url": "https://github.com/MediaArea/ZenLib/commit/6475fcccd37c9cf17e0cfe263b5fe0e2e47a8408"
},
{
"type": "WEB",
"url": "https://github.com/MediaArea/ZenLib/releases/tag/v0.4.39"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.217629"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.217629"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2R7V-CMCH-5X26
Vulnerability from github – Published: 2022-12-05 17:37 – Updated: 2022-12-05 17:37Impact
The package muhammara before 2.6.2, from 3.0.0 and before 3.3.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed.
Patches
It has been patched in 3.4.0 and has been backported to 2.6.2 There is no patch for hummus, currently
Workarounds
Do not process files from untrusted sources or update. Replace hummus with muhammara
References
https://github.com/julianhille/MuhammaraJS/pull/235 https://github.com/julianhille/MuhammaraJS/pull/238
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c 2.6.2"
},
"package": {
"ecosystem": "npm",
"name": "hummus"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "muhammara"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.4.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "muhammara"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.6.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-41957"
],
"database_specific": {
"cwe_ids": [
"CWE-690"
],
"github_reviewed": true,
"github_reviewed_at": "2022-12-05T17:37:22Z",
"nvd_published_at": "2022-11-28T15:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\nThe package muhammara before 2.6.2, from 3.0.0 and before 3.3.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed.\n\n### Patches\nIt has been patched in 3.4.0 and has been backported to 2.6.2\nThere is no patch for hummus, currently\n\n### Workarounds\nDo not process files from untrusted sources or update.\nReplace hummus with muhammara\n\n### References\nhttps://github.com/julianhille/MuhammaraJS/pull/235\nhttps://github.com/julianhille/MuhammaraJS/pull/238",
"id": "GHSA-2r7v-cmch-5x26",
"modified": "2022-12-05T17:37:22Z",
"published": "2022-12-05T17:37:22Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/julianhille/MuhammaraJS/security/advisories/GHSA-2r7v-cmch-5x26"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41957"
},
{
"type": "WEB",
"url": "https://github.com/julianhille/MuhammaraJS/pull/235"
},
{
"type": "WEB",
"url": "https://github.com/julianhille/MuhammaraJS/pull/238"
},
{
"type": "PACKAGE",
"url": "https://github.com/julianhille/MuhammaraJS"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "muhammara and hummus vulnerable to Unchecked Return Value to NULL Pointer Dereference"
}
GHSA-2WMG-Q3RM-P93R
Vulnerability from github – Published: 2026-05-20 06:31 – Updated: 2026-05-20 06:31NVIDIA TRT-LLM for any platform contains a vulnerability where an attacker could cause an unchecked return value to a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service.
{
"affected": [],
"aliases": [
"CVE-2026-24160"
],
"database_specific": {
"cwe_ids": [
"CWE-690"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-20T04:16:45Z",
"severity": "MODERATE"
},
"details": "NVIDIA TRT-LLM for any platform contains a vulnerability where an attacker could cause an unchecked return value to a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service.",
"id": "GHSA-2wmg-q3rm-p93r",
"modified": "2026-05-20T06:31:52Z",
"published": "2026-05-20T06:31:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24160"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5805"
},
{
"type": "WEB",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24160"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4PWX-M3XW-8XJ9
Vulnerability from github – Published: 2024-09-18 15:30 – Updated: 2024-09-20 21:31Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::TablePropertiesList::unpack.
This issue affects libfluid: 0.1.0.
{
"affected": [],
"aliases": [
"CVE-2024-31175"
],
"database_specific": {
"cwe_ids": [
"CWE-476",
"CWE-690"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-18T14:15:14Z",
"severity": "MODERATE"
},
"details": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of13::TablePropertiesList::unpack.\n\nThis issue affects libfluid: 0.1.0.",
"id": "GHSA-4pwx-m3xw-8xj9",
"modified": "2024-09-20T21:31:38Z",
"published": "2024-09-18T15:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31175"
},
{
"type": "WEB",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31175"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-4QRV-8QQ4-M334
Vulnerability from github – Published: 2024-09-18 15:30 – Updated: 2024-09-20 21:31Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::MeterBandList::unpack.
This issue affects libfluid: 0.1.0.
{
"affected": [],
"aliases": [
"CVE-2024-31185"
],
"database_specific": {
"cwe_ids": [
"CWE-476",
"CWE-690"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-18T14:15:16Z",
"severity": "MODERATE"
},
"details": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of13::MeterBandList::unpack.\n\nThis issue affects libfluid: 0.1.0.",
"id": "GHSA-4qrv-8qq4-m334",
"modified": "2024-09-20T21:31:39Z",
"published": "2024-09-18T15:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31185"
},
{
"type": "WEB",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31185"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-876P-P3C7-GGC7
Vulnerability from github – Published: 2024-04-08 21:31 – Updated: 2024-08-01 15:31Apfloat v1.10.1 was discovered to contain a NullPointerException via the component org.apfloat.internal.DoubleScramble::scramble(double[], int, int[]).
{
"affected": [],
"aliases": [
"CVE-2024-23085"
],
"database_specific": {
"cwe_ids": [
"CWE-476",
"CWE-690"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-08T20:15:08Z",
"severity": "HIGH"
},
"details": "Apfloat v1.10.1 was discovered to contain a NullPointerException via the component org.apfloat.internal.DoubleScramble::scramble(double[], int, int[]).",
"id": "GHSA-876p-p3c7-ggc7",
"modified": "2024-08-01T15:31:37Z",
"published": "2024-04-08T21:31:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23085"
},
{
"type": "WEB",
"url": "https://gist.github.com/LLM4IG/a4a54fc4abe044976a66af9fffedfc94"
},
{
"type": "WEB",
"url": "https://github.com/mtommila/apfloat"
},
{
"type": "WEB",
"url": "http://apfloat.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9CV5-4WQV-9W94
Vulnerability from github – Published: 2022-11-01 12:00 – Updated: 2022-11-02 16:01Impact
The package muhammara before 2.6.1, from 3.0.0 and before 3.1.1; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed.
Patches
It has been patched in 3.1.1 and has been backported to 2.6.1 Hummus has a patch in 1.0.111.
Workarounds
Do not process files from untrusted sources or update.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-25892 https://github.com/galkahana/HummusJS/issues/463 https://github.com/julianhille/MuhammaraJS/issues/214 https://github.com/julianhille/MuhammaraJS/commit/1890fb555eaf171db79b73fdc3ea543bbd63c002 https://github.com/julianhille/MuhammaraJS/commit/90b278d09f16062d93a4160ef0a54d449d739c51 https://security.snyk.io/vuln/SNYK-JS-HUMMUS-3091138 https://security.snyk.io/vuln/SNYK-JS-MUHAMMARA-3060320
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "muhammara"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "muhammara"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.1.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "hummus"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.111"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-25892"
],
"database_specific": {
"cwe_ids": [
"CWE-690"
],
"github_reviewed": true,
"github_reviewed_at": "2022-11-01T21:54:15Z",
"nvd_published_at": "2022-11-01T05:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\nThe package muhammara before 2.6.1, from 3.0.0 and before 3.1.1; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed.\n\n### Patches\nIt has been patched in 3.1.1 and has been backported to 2.6.1\nHummus has a patch in 1.0.111.\n\n### Workarounds\nDo not process files from untrusted sources or update.\n\n### References\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-25892\nhttps://github.com/galkahana/HummusJS/issues/463\nhttps://github.com/julianhille/MuhammaraJS/issues/214\nhttps://github.com/julianhille/MuhammaraJS/commit/1890fb555eaf171db79b73fdc3ea543bbd63c002\nhttps://github.com/julianhille/MuhammaraJS/commit/90b278d09f16062d93a4160ef0a54d449d739c51\nhttps://security.snyk.io/vuln/SNYK-JS-HUMMUS-3091138\nhttps://security.snyk.io/vuln/SNYK-JS-MUHAMMARA-3060320\n",
"id": "GHSA-9cv5-4wqv-9w94",
"modified": "2022-11-02T16:01:26Z",
"published": "2022-11-01T12:00:30Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/julianhille/MuhammaraJS/security/advisories/GHSA-f64j-4x74-p42m"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25892"
},
{
"type": "WEB",
"url": "https://github.com/galkahana/HummusJS/issues/463"
},
{
"type": "WEB",
"url": "https://github.com/julianhille/MuhammaraJS/issues/214"
},
{
"type": "WEB",
"url": "https://github.com/galkahana/HummusJS/commit/a9bf2520ab5abb69f9328906e406fbebfb36159a"
},
{
"type": "WEB",
"url": "https://github.com/julianhille/MuhammaraJS/commit/1890fb555eaf171db79b73fdc3ea543bbd63c002"
},
{
"type": "WEB",
"url": "https://github.com/julianhille/MuhammaraJS/commit/90b278d09f16062d93a4160ef0a54d449d739c51"
},
{
"type": "PACKAGE",
"url": "https://github.com/julianhille/MuhammaraJS"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-JS-HUMMUS-3091138"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-JS-MUHAMMARA-3060320"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "muhammara and hummus vulnerable to denial of service by NULL pointer dereference"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.