CWE-690
DiscouragedUnchecked Return Value to NULL Pointer Dereference
Abstraction: Compound · Status: Draft
The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference.
53 vulnerabilities reference this CWE, most recent first.
GHSA-CXVJ-JX5H-9XF2
Vulnerability from github – Published: 2022-10-18 12:00 – Updated: 2022-10-18 12:00An Unchecked Return Value to NULL Pointer Dereference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On SRX Series if Unified Threat Management (UTM) Enhanced Content Filtering (CF) and AntiVirus (AV) are enabled together and the system processes specific valid transit traffic the Packet Forwarding Engine (PFE) will crash and restart. This issue affects Juniper Networks Junos OS 21.4 versions prior to 21.4R1-S2, 21.4R2 on SRX Series. This issue does not affect Juniper Networks Junos OS versions prior to 21.4R1.
{
"affected": [],
"aliases": [
"CVE-2022-22231"
],
"database_specific": {
"cwe_ids": [
"CWE-252",
"CWE-476",
"CWE-690"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-18T03:15:00Z",
"severity": "HIGH"
},
"details": "An Unchecked Return Value to NULL Pointer Dereference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On SRX Series if Unified Threat Management (UTM) Enhanced Content Filtering (CF) and AntiVirus (AV) are enabled together and the system processes specific valid transit traffic the Packet Forwarding Engine (PFE) will crash and restart. This issue affects Juniper Networks Junos OS 21.4 versions prior to 21.4R1-S2, 21.4R2 on SRX Series. This issue does not affect Juniper Networks Junos OS versions prior to 21.4R1.",
"id": "GHSA-cxvj-jx5h-9xf2",
"modified": "2022-10-18T12:00:30Z",
"published": "2022-10-18T12:00:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22231"
},
{
"type": "WEB",
"url": "https://kb.juniper.net/JSA69885"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F329-HQH6-8QMX
Vulnerability from github – Published: 2022-10-18 12:00 – Updated: 2022-10-21 19:01An Unchecked Return Value to NULL Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). In Segment Routing (SR) to Label Distribution Protocol (LDP) interworking scenario, configured with Segment Routing Mapping Server (SRMS) at any node, when an Area Border Router (ABR) leaks the SRMS entries having "S" flag set from IS-IS Level 2 to Level 1, an rpd core might be observed when a specific low privileged CLI command is issued. This issue affects: Juniper Networks Junos OS 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved 21.4-EVO versions prior to 21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO; 22.1-EVO versions prior to 22.1R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.4R1. Juniper Networks Junos OS Evolved versions prior to 21.4R1-EVO.
{
"affected": [],
"aliases": [
"CVE-2022-22233"
],
"database_specific": {
"cwe_ids": [
"CWE-252",
"CWE-476",
"CWE-690"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-18T03:15:00Z",
"severity": "MODERATE"
},
"details": "An Unchecked Return Value to NULL Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). In Segment Routing (SR) to Label Distribution Protocol (LDP) interworking scenario, configured with Segment Routing Mapping Server (SRMS) at any node, when an Area Border Router (ABR) leaks the SRMS entries having \"S\" flag set from IS-IS Level 2 to Level 1, an rpd core might be observed when a specific low privileged CLI command is issued. This issue affects: Juniper Networks Junos OS 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved 21.4-EVO versions prior to 21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO; 22.1-EVO versions prior to 22.1R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.4R1. Juniper Networks Junos OS Evolved versions prior to 21.4R1-EVO.",
"id": "GHSA-f329-hqh6-8qmx",
"modified": "2022-10-21T19:01:13Z",
"published": "2022-10-18T12:00:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22233"
},
{
"type": "WEB",
"url": "https://kb.juniper.net/JSA69887"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FQVQ-M9FF-5V4W
Vulnerability from github – Published: 2024-09-18 15:30 – Updated: 2024-09-18 15:30Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routines fluid_msg::of13::InstructionSet::unpack.
This issue affects libfluid: 0.1.0.
{
"affected": [],
"aliases": [
"CVE-2024-23915"
],
"database_specific": {
"cwe_ids": [
"CWE-476",
"CWE-690"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-18T14:15:12Z",
"severity": "MODERATE"
},
"details": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routines fluid_msg::of13::InstructionSet::unpack.\n\nThis issue affects libfluid: 0.1.0.",
"id": "GHSA-fqvq-m9ff-5v4w",
"modified": "2024-09-18T15:30:49Z",
"published": "2024-09-18T15:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23915"
},
{
"type": "WEB",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-23915"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-FRP9-2V6R-GJ97
Vulnerability from github – Published: 2022-11-01 12:00 – Updated: 2022-11-02 16:06The package muhammara before 2.6.0 and the package hummus before 1.0.111 are vulnerable to Denial of Service (DoS) when PDFStreamForResponse() is used with invalid data.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.0.110"
},
"package": {
"ecosystem": "npm",
"name": "hummus"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.0"
},
{
"fixed": "1.0.111"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "muhammara"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.6.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-25885"
],
"database_specific": {
"cwe_ids": [
"CWE-690"
],
"github_reviewed": true,
"github_reviewed_at": "2022-11-01T21:55:25Z",
"nvd_published_at": "2022-11-01T05:15:00Z",
"severity": "HIGH"
},
"details": "The package muhammara before 2.6.0 and the package hummus before 1.0.111 are vulnerable to Denial of Service (DoS) when PDFStreamForResponse() is used with invalid data.",
"id": "GHSA-frp9-2v6r-gj97",
"modified": "2022-11-02T16:06:48Z",
"published": "2022-11-01T12:00:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25885"
},
{
"type": "WEB",
"url": "https://github.com/galkahana/HummusJS/issues/439"
},
{
"type": "WEB",
"url": "https://github.com/julianhille/MuhammaraJS/issues/188"
},
{
"type": "WEB",
"url": "https://github.com/galkahana/HummusJS/commit/a9bf2520ab5abb69f9328906e406fbebfb36159a"
},
{
"type": "WEB",
"url": "https://github.com/julianhille/MuhammaraJS/commit/0a6427eec82ef2978995e453de2dc0d6224dd46c"
},
{
"type": "PACKAGE",
"url": "https://github.com/julianhille/MuhammaraJS"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-JS-HUMMUS-3091139"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-JS-MUHAMMARA-3091137"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "muhammara and hummus vulnerable to null pointer dereference on bad response object"
}
GHSA-HG6R-RCQM-2M8J
Vulnerability from github – Published: 2025-11-25 18:32 – Updated: 2025-11-25 18:32NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an arbitrary memory read. A successful exploit of this vulnerability might lead to denial of service.
{
"affected": [],
"aliases": [
"CVE-2025-33192"
],
"database_specific": {
"cwe_ids": [
"CWE-690"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-25T18:15:50Z",
"severity": "MODERATE"
},
"details": "NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an arbitrary memory read. A successful exploit of this vulnerability might lead to denial of service.",
"id": "GHSA-hg6r-rcqm-2m8j",
"modified": "2025-11-25T18:32:22Z",
"published": "2025-11-25T18:32:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33192"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5720"
},
{
"type": "WEB",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33192"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-J298-GGFF-CVM8
Vulnerability from github – Published: 2024-09-18 15:30 – Updated: 2024-09-18 15:30Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routines fluid_msg::ActionSet::unpack.
This issue affects libfluid: 0.1.0.
{
"affected": [],
"aliases": [
"CVE-2024-23916"
],
"database_specific": {
"cwe_ids": [
"CWE-476",
"CWE-690"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-18T14:15:12Z",
"severity": "MODERATE"
},
"details": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routines fluid_msg::ActionSet::unpack.\n\nThis issue affects libfluid: 0.1.0.",
"id": "GHSA-j298-ggff-cvm8",
"modified": "2024-09-18T15:30:49Z",
"published": "2024-09-18T15:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23916"
},
{
"type": "WEB",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-23916"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-M9W6-R7MG-6GQQ
Vulnerability from github – Published: 2024-09-18 15:30 – Updated: 2024-09-20 21:31Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::QueuePropertyList::unpack13.
This issue affects libfluid: 0.1.0.
{
"affected": [],
"aliases": [
"CVE-2024-31167"
],
"database_specific": {
"cwe_ids": [
"CWE-476",
"CWE-690"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-18T14:15:13Z",
"severity": "MODERATE"
},
"details": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::QueuePropertyList::unpack13.\n\nThis issue affects libfluid: 0.1.0.",
"id": "GHSA-m9w6-r7mg-6gqq",
"modified": "2024-09-20T21:31:38Z",
"published": "2024-09-18T15:30:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31167"
},
{
"type": "WEB",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31167"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-P22P-4GP5-HQW7
Vulnerability from github – Published: 2024-09-18 15:30 – Updated: 2024-09-18 15:30Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routines fluid_msg::ActionList::unpack13.
This issue affects libfluid: 0.1.0.
{
"affected": [],
"aliases": [
"CVE-2024-31164"
],
"database_specific": {
"cwe_ids": [
"CWE-476",
"CWE-690"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-18T14:15:12Z",
"severity": "MODERATE"
},
"details": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routines fluid_msg::ActionList::unpack13.\n\nThis issue affects libfluid: 0.1.0.",
"id": "GHSA-p22p-4gp5-hqw7",
"modified": "2024-09-18T15:30:49Z",
"published": "2024-09-18T15:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31164"
},
{
"type": "WEB",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31164"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-PCW9-JCMV-XQQQ
Vulnerability from github – Published: 2024-09-18 15:30 – Updated: 2024-09-20 21:31Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::QueuePropertyList::unpack10.
This issue affects libfluid: 0.1.0.
{
"affected": [],
"aliases": [
"CVE-2024-31182"
],
"database_specific": {
"cwe_ids": [
"CWE-476",
"CWE-690"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-18T14:15:16Z",
"severity": "MODERATE"
},
"details": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::QueuePropertyList::unpack10.\n\nThis issue affects libfluid: 0.1.0.",
"id": "GHSA-pcw9-jcmv-xqqq",
"modified": "2024-09-20T21:31:39Z",
"published": "2024-09-18T15:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31182"
},
{
"type": "WEB",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31182"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-RCRX-FPJP-MFRW
Vulnerability from github – Published: 2022-11-02 18:10 – Updated: 2022-11-02 18:10Impact
The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be appended to another.
Patches
It has been patched in 2.6.0 for muhammara and not at all for hummus
Workarounds
Do not process files from untrusted sources
References
PR: https://github.com/julianhille/MuhammaraJS/pull/194 Issue: https://github.com/julianhille/MuhammaraJS/issues/191 Issue in hummus: https://github.com/galkahana/HummusJS/issues/293
Outline differences to https://nvd.nist.gov/vuln/detail/CVE-2022-25892
The difference is one is in src/deps/PDFWriter/PDFParser.cpp and the other is PDFDocumentHandler.cpp both is a null pointer but for different cases These are totally diffent issues, one is in reading a pdf the other is in appendending a maliciously crafted one. The function calls are different the versions in which they are solved are diffent.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "muhammara"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.6.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "hummus"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.111"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-39381"
],
"database_specific": {
"cwe_ids": [
"CWE-476",
"CWE-690"
],
"github_reviewed": true,
"github_reviewed_at": "2022-11-02T18:10:47Z",
"nvd_published_at": "2022-11-02T15:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\nThe package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be appended to another.\n\n### Patches\nIt has been patched in 2.6.0 for muhammara and not at all for hummus\n\n### Workarounds\nDo not process files from untrusted sources\n\n### References\nPR: https://github.com/julianhille/MuhammaraJS/pull/194\nIssue: https://github.com/julianhille/MuhammaraJS/issues/191\nIssue in hummus: https://github.com/galkahana/HummusJS/issues/293\n\n### Outline differences to https://nvd.nist.gov/vuln/detail/CVE-2022-25892\n\nThe difference is one is in [src/deps/PDFWriter/PDFParser.cpp](https://github.com/julianhille/MuhammaraJS/commit/1890fb555eaf171db79b73fdc3ea543bbd63c002#diff-09ac2c64aeab42b14b2ae7b11a5648314286986f8c8444a5b3739ba7203b1e9b) and the other is [PDFDocumentHandler.cpp](https://github.com/julianhille/MuhammaraJS/pull/194/files#diff-38d338ea4c047fd7dd9a05b5ffe7c964f0fa7e79aff4c307ccee7596457b1ef2) both is a null pointer but for different cases\nThese are totally diffent issues, one is in reading a pdf the other is in appendending a maliciously crafted one. The function calls are different the versions in which they are solved are diffent. ",
"id": "GHSA-rcrx-fpjp-mfrw",
"modified": "2022-11-02T18:10:47Z",
"published": "2022-11-02T18:10:47Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/julianhille/MuhammaraJS/security/advisories/GHSA-rcrx-fpjp-mfrw"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39381"
},
{
"type": "WEB",
"url": "https://github.com/galkahana/HummusJS/issues/293"
},
{
"type": "WEB",
"url": "https://github.com/julianhille/MuhammaraJS/issues/191"
},
{
"type": "WEB",
"url": "https://github.com/julianhille/MuhammaraJS/pull/194"
},
{
"type": "WEB",
"url": "https://github.com/galkahana/HummusJS/commit/a9bf2520ab5abb69f9328906e406fbebfb36159a"
},
{
"type": "PACKAGE",
"url": "https://github.com/julianhille/MuhammaraJS"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Unchecked Return Value to NULL Pointer Dereference in PDFDocumentHandler.cpp"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.