CWE-822
AllowedUntrusted Pointer Dereference
Abstraction: Base · Status: Incomplete
The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.
380 vulnerabilities reference this CWE, most recent first.
GHSA-QV79-48VX-52FW
Vulnerability from github – Published: 2023-08-03 00:30 – Updated: 2024-02-01 03:30All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent client could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute commands and overwrite files.
{
"affected": [],
"aliases": [
"CVE-2023-1437"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-822"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-02T23:15:10Z",
"severity": "CRITICAL"
},
"details": "All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent client could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute commands and overwrite files.",
"id": "GHSA-qv79-48vx-52fw",
"modified": "2024-02-01T03:30:22Z",
"published": "2023-08-03T00:30:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1437"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QVP3-5PCH-7M77
Vulnerability from github – Published: 2024-01-10 00:30 – Updated: 2024-01-12 21:30AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause an untrusted pointer to dereference via a local network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.
{
"affected": [],
"aliases": [
"CVE-2023-34333"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-822"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-09T23:15:08Z",
"severity": "HIGH"
},
"details": "\n\n\n\n\n\n\n\n\n\n\nAMI\u2019s SPx contains\na vulnerability in the BMC where an Attacker may cause an\nuntrusted pointer to dereference via a local network. A successful exploitation\nof this vulnerability may lead to a loss of confidentiality, integrity, and/or\navailability.\n\n\n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n",
"id": "GHSA-qvp3-5pch-7m77",
"modified": "2024-01-12T21:30:19Z",
"published": "2024-01-10T00:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34333"
},
{
"type": "WEB",
"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QW3H-RF78-F4G7
Vulnerability from github – Published: 2023-04-22 03:30 – Updated: 2024-04-04 03:38NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler which may lead to denial of service, escalation of privileges, information disclosure, and data tampering.
{
"affected": [],
"aliases": [
"CVE-2023-0184"
],
"database_specific": {
"cwe_ids": [
"CWE-822"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-22T03:15:08Z",
"severity": "HIGH"
},
"details": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler which may lead to denial of service, escalation of privileges, information disclosure, and data tampering.",
"id": "GHSA-qw3h-rf78-f4g7",
"modified": "2024-04-04T03:38:20Z",
"published": "2023-04-22T03:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0184"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5452"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202310-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QWRX-FP3H-W29G
Vulnerability from github – Published: 2025-12-09 18:30 – Updated: 2025-12-24 15:30Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
{
"affected": [],
"aliases": [
"CVE-2025-62549"
],
"database_specific": {
"cwe_ids": [
"CWE-822"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-09T18:15:59Z",
"severity": "HIGH"
},
"details": "Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.",
"id": "GHSA-qwrx-fp3h-w29g",
"modified": "2025-12-24T15:30:28Z",
"published": "2025-12-09T18:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62549"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62549"
},
{
"type": "WEB",
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-62549-detection-script-rce-vulnerability-in-windows-routing-and-remote-access-service"
},
{
"type": "WEB",
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-62549-mitigation-script-rce-vulnerability-in-windows-routing-and-remote-access-service"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QXF2-GF78-5HGP
Vulnerability from github – Published: 2024-11-12 18:30 – Updated: 2024-11-12 18:30Win32k Elevation of Privilege Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-43636"
],
"database_specific": {
"cwe_ids": [
"CWE-822"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-12T18:15:32Z",
"severity": "HIGH"
},
"details": "Win32k Elevation of Privilege Vulnerability",
"id": "GHSA-qxf2-gf78-5hgp",
"modified": "2024-11-12T18:30:58Z",
"published": "2024-11-12T18:30:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43636"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43636"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R3PX-VHHX-QHQR
Vulnerability from github – Published: 2024-10-08 18:33 – Updated: 2024-10-08 18:33Windows Kernel Elevation of Privilege Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-37979"
],
"database_specific": {
"cwe_ids": [
"CWE-822"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-08T18:15:06Z",
"severity": "MODERATE"
},
"details": "Windows Kernel Elevation of Privilege Vulnerability",
"id": "GHSA-r3px-vhhx-qhqr",
"modified": "2024-10-08T18:33:14Z",
"published": "2024-10-08T18:33:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37979"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37979"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R534-8MPF-F4RR
Vulnerability from github – Published: 2025-10-09 06:30 – Updated: 2025-10-09 06:30Memory corruption while performing SCM call with malformed inputs.
{
"affected": [],
"aliases": [
"CVE-2025-27060"
],
"database_specific": {
"cwe_ids": [
"CWE-822"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-09T04:16:45Z",
"severity": "HIGH"
},
"details": "Memory corruption while performing SCM call with malformed inputs.",
"id": "GHSA-r534-8mpf-f4rr",
"modified": "2025-10-09T06:30:24Z",
"published": "2025-10-09T06:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27060"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R5HC-G9J9-F2MF
Vulnerability from github – Published: 2025-04-08 15:31 – Updated: 2025-04-08 15:31An untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an attacker with local access to write arbitrary data into memory causing a denial-of-service condition.
{
"affected": [],
"aliases": [
"CVE-2025-22464"
],
"database_specific": {
"cwe_ids": [
"CWE-822"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-08T15:15:49Z",
"severity": "MODERATE"
},
"details": "An untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an attacker with local access to write arbitrary data into memory causing a denial-of-service condition.",
"id": "GHSA-r5hc-g9j9-f2mf",
"modified": "2025-04-08T15:31:06Z",
"published": "2025-04-08T15:31:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22464"
},
{
"type": "WEB",
"url": "https://forums.ivanti.com/s/article/Security-Advisory-EPM-April-2025-for-EPM-2024-and-EPM-2022-SU6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R929-9699-QX4Q
Vulnerability from github – Published: 2026-01-15 21:31 – Updated: 2026-01-15 21:31An Untrusted Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial-of-Service (DoS).
When the command 'show route < ( receive-protocol | advertising-protocol ) bgp > detail' is executed, and at least one of the routes in the intended output has specific attributes, this will cause an rpd crash and restart. 'show route ... extensive' is not affected.
This issue affects:
Junos OS:
- all versions before 22.4R3-S8,
- 23.2 versions before 23.2R2-S5,
- 23.4 versions before 23.4R2-S5,
- 24.2 versions before 24.2R2-S2,
- 24.4 versions before 24.4R2;
Junos OS Evolved:
- all versions before 22.4R3-S8-EVO,
- 23.2 versions before 23.2R2-S5-EVO,
- 23.4 versions before 23.4R2-S6-EVO,
- 24.2 versions before 24.2R2-S2-EVO,
- 24.4 versions before 24.4R2-EVO.
{
"affected": [],
"aliases": [
"CVE-2025-59959"
],
"database_specific": {
"cwe_ids": [
"CWE-822"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-15T21:16:03Z",
"severity": "MODERATE"
},
"details": "An Untrusted Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial-of-Service (DoS).\n\nWhen the command \u0027show route \u003c ( receive-protocol | advertising-protocol ) bgp \u003e detail\u0027 is executed, and at least one of the routes in the intended output has specific attributes, this will cause an rpd crash and restart.\n\u0027show route ... extensive\u0027 is not affected.\n\n\n\n\nThis issue affects:\n\nJunos OS:\u00a0\n\n\n\n * all versions before 22.4R3-S8,\n * 23.2 versions before 23.2R2-S5,\n * 23.4 versions before 23.4R2-S5,\n * 24.2 versions before 24.2R2-S2,\n * 24.4 versions before 24.4R2;\n\n\n\n\nJunos OS Evolved:\n\n\n\n * all versions before 22.4R3-S8-EVO,\u00a0\n * 23.2 versions before 23.2R2-S5-EVO,\n * 23.4 versions before 23.4R2-S6-EVO,\n * 24.2 versions before 24.2R2-S2-EVO,\n * 24.4 versions before 24.4R2-EVO.",
"id": "GHSA-r929-9699-qx4q",
"modified": "2026-01-15T21:31:47Z",
"published": "2026-01-15T21:31:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59959"
},
{
"type": "WEB",
"url": "https://kb.juniper.net/JSA103148"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-RCR5-PJRV-HXH5
Vulnerability from github – Published: 2026-01-13 18:31 – Updated: 2026-01-13 18:31Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2026-20811"
],
"database_specific": {
"cwe_ids": [
"CWE-822"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-13T18:16:07Z",
"severity": "HIGH"
},
"details": "Access of resource using incompatible type (\u0027type confusion\u0027) in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-rcr5-pjrv-hxh5",
"modified": "2026-01-13T18:31:08Z",
"published": "2026-01-13T18:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20811"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20811"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-129: Pointer Manipulation
This attack pattern involves an adversary manipulating a pointer within a target application resulting in the application accessing an unintended memory location. This can result in the crashing of the application or, for certain pointer values, access to data that would not normally be possible or the execution of arbitrary code. Since pointers are simply integer variables, Integer Attacks may often be used in Pointer Attacks.