Common Weakness Enumeration

CWE-822

Allowed

Untrusted Pointer Dereference

Abstraction: Base · Status: Incomplete

The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.

380 vulnerabilities reference this CWE, most recent first.

GHSA-J65Q-5X75-RJWV

Vulnerability from github – Published: 2026-06-09 18:30 – Updated: 2026-06-09 18:30
VLAI
Details

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-45471"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-822"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-09T17:17:21Z",
    "severity": "HIGH"
  },
  "details": "Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.",
  "id": "GHSA-j65q-5x75-rjwv",
  "modified": "2026-06-09T18:30:50Z",
  "published": "2026-06-09T18:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45471"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45471"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J75R-7P56-J76J

Vulnerability from github – Published: 2024-07-09 18:30 – Updated: 2024-07-09 18:30
VLAI
Details

Windows Fax Service Remote Code Execution Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-38104"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-822"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-09T17:15:47Z",
    "severity": "HIGH"
  },
  "details": "Windows Fax Service Remote Code Execution Vulnerability",
  "id": "GHSA-j75r-7p56-j76j",
  "modified": "2024-07-09T18:30:52Z",
  "published": "2024-07-09T18:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38104"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38104"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J76C-QGQ3-WXC9

Vulnerability from github – Published: 2023-08-08 12:30 – Updated: 2024-04-04 06:38
VLAI
Details

Memory corruption due to untrusted pointer dereference in automotive during system call.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-21643"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787",
      "CWE-822"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-08T10:15:13Z",
    "severity": "HIGH"
  },
  "details": "Memory corruption due to untrusted pointer dereference in automotive during system call.",
  "id": "GHSA-j76c-qgq3-wxc9",
  "modified": "2024-04-04T06:38:09Z",
  "published": "2023-08-08T12:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21643"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JF4Q-23F7-4MP3

Vulnerability from github – Published: 2024-01-09 18:30 – Updated: 2024-01-09 18:30
VLAI
Details

Windows Message Queuing Client (MSMQC) Information Disclosure

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-20663"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-822"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-09T18:15:49Z",
    "severity": "MODERATE"
  },
  "details": "Windows Message Queuing Client (MSMQC) Information Disclosure",
  "id": "GHSA-jf4q-23f7-4mp3",
  "modified": "2024-01-09T18:30:28Z",
  "published": "2024-01-09T18:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20663"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20663"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JFX8-97FX-6VFQ

Vulnerability from github – Published: 2025-03-11 18:32 – Updated: 2025-03-11 18:32
VLAI
Details

Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-24084"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-822"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-11T17:16:33Z",
    "severity": "HIGH"
  },
  "details": "Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally.",
  "id": "GHSA-jfx8-97fx-6vfq",
  "modified": "2025-03-11T18:32:18Z",
  "published": "2025-03-11T18:32:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24084"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24084"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JH2H-9MJQ-3GVM

Vulnerability from github – Published: 2024-01-09 18:30 – Updated: 2024-01-09 18:30
VLAI
Details

Microsoft Message Queuing Information Disclosure Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-20664"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-822"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-09T18:15:49Z",
    "severity": "MODERATE"
  },
  "details": "Microsoft Message Queuing Information Disclosure Vulnerability",
  "id": "GHSA-jh2h-9mjq-3gvm",
  "modified": "2024-01-09T18:30:28Z",
  "published": "2024-01-09T18:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20664"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20664"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JQRQ-GQWG-R8R5

Vulnerability from github – Published: 2024-02-13 18:38 – Updated: 2025-10-22 00:32
VLAI
Details

Windows Kernel Elevation of Privilege Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-21338"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-822"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-13T18:15:49Z",
    "severity": "HIGH"
  },
  "details": "Windows Kernel Elevation of Privilege Vulnerability",
  "id": "GHSA-jqrq-gqwg-r8r5",
  "modified": "2025-10-22T00:32:59Z",
  "published": "2024-02-13T18:38:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21338"
    },
    {
      "type": "WEB",
      "url": "https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21338"
    },
    {
      "type": "WEB",
      "url": "https://packetstorm.news/files/id/190586"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-21338"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/52275"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JR5X-W373-QC62

Vulnerability from github – Published: 2024-12-12 03:33 – Updated: 2024-12-12 03:33
VLAI
Details

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49090"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-822"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-12T02:04:34Z",
    "severity": "HIGH"
  },
  "details": "Windows Common Log File System Driver Elevation of Privilege Vulnerability",
  "id": "GHSA-jr5x-w373-qc62",
  "modified": "2024-12-12T03:33:05Z",
  "published": "2024-12-12T03:33:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49090"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49090"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JRVW-38HM-3W72

Vulnerability from github – Published: 2026-01-13 18:31 – Updated: 2026-01-13 18:31
VLAI
Details

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-20955"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-822"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-13T18:16:23Z",
    "severity": "HIGH"
  },
  "details": "Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.",
  "id": "GHSA-jrvw-38hm-3w72",
  "modified": "2026-01-13T18:31:11Z",
  "published": "2026-01-13T18:31:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20955"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20955"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JWQC-67J9-28CM

Vulnerability from github – Published: 2025-09-09 18:31 – Updated: 2025-09-09 18:31
VLAI
Details

Untrusted pointer dereference in Windows DWM allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-53801"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-822"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-09T17:15:50Z",
    "severity": "HIGH"
  },
  "details": "Untrusted pointer dereference in Windows DWM allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-jwqc-67j9-28cm",
  "modified": "2025-09-09T18:31:19Z",
  "published": "2025-09-09T18:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53801"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53801"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

CAPEC-129: Pointer Manipulation

This attack pattern involves an adversary manipulating a pointer within a target application resulting in the application accessing an unintended memory location. This can result in the crashing of the application or, for certain pointer values, access to data that would not normally be possible or the execution of arbitrary code. Since pointers are simply integer variables, Integer Attacks may often be used in Pointer Attacks.