CWE-824
AllowedAccess of Uninitialized Pointer
Abstraction: Base · Status: Incomplete
The product accesses or uses a pointer that has not been initialized.
451 vulnerabilities reference this CWE, most recent first.
GHSA-5XWC-MRHX-5G3M
Vulnerability from github – Published: 2021-08-25 14:42 – Updated: 2024-11-13 20:52Impact
An attacker can cause undefined behavior via binding a reference to null pointer in all operations of type tf.raw_ops.MatrixDiagV*:
import tensorflow as tf
tf.raw_ops.MatrixDiagV3(
diagonal=[1,0],
k=[],
num_rows=[1,2,3],
num_cols=[4,5],
padding_value=[],
align='RIGHT_RIGHT')
The implementation has incomplete validation that the value of k is a valid tensor. We have check that this value is either a scalar or a vector, but there is no check for the number of elements. If this is an empty tensor, then code that accesses the first element of the tensor is wrong:
auto& diag_index = context->input(1);
...
lower_diag_index = diag_index.flat<int32>()(0);
Patches
We have patched the issue in GitHub commit f2a673bd34f0d64b8e40a551ac78989d16daad09.
The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by members of the Aivul Team from Qihoo 360.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.5.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.5.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.5.0"
]
}
],
"aliases": [
"CVE-2021-37657"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-24T13:10:06Z",
"nvd_published_at": "2021-08-12T21:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nAn attacker can cause undefined behavior via binding a reference to null pointer in all operations of type `tf.raw_ops.MatrixDiagV*`:\n\n```python\nimport tensorflow as tf\n\ntf.raw_ops.MatrixDiagV3(\n diagonal=[1,0],\n k=[],\n num_rows=[1,2,3],\n num_cols=[4,5],\n padding_value=[],\n align=\u0027RIGHT_RIGHT\u0027)\n``` \n\nThe [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/linalg/matrix_diag_op.cc) has incomplete validation that the value of `k` is a valid tensor. We have check that this value is either a scalar or a vector, but there is no check for the number of elements. If this is an empty tensor, then code that accesses the first element of the tensor is wrong:\n\n```cc\n auto\u0026 diag_index = context-\u003einput(1);\n ...\n lower_diag_index = diag_index.flat\u003cint32\u003e()(0);\n```\n\n### Patches\nWe have patched the issue in GitHub commit [f2a673bd34f0d64b8e40a551ac78989d16daad09](https://github.com/tensorflow/tensorflow/commit/f2a673bd34f0d64b8e40a551ac78989d16daad09).\n\nThe fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by members of the Aivul Team from Qihoo 360.",
"id": "GHSA-5xwc-mrhx-5g3m",
"modified": "2024-11-13T20:52:27Z",
"published": "2021-08-25T14:42:52Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5xwc-mrhx-5g3m"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37657"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/f2a673bd34f0d64b8e40a551ac78989d16daad09"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-570.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-768.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-279.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Reference binding to nullptr in `MatrixDiagV*` ops"
}
GHSA-62XF-GV4M-H3VC
Vulnerability from github – Published: 2026-02-24 15:30 – Updated: 2026-02-25 21:31Invalid pointer in the DOM: Core & HTML component. This vulnerability affects Firefox < 148.
{
"affected": [],
"aliases": [
"CVE-2026-2805"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-24T14:16:29Z",
"severity": "CRITICAL"
},
"details": "Invalid pointer in the DOM: Core \u0026 HTML component. This vulnerability affects Firefox \u003c 148.",
"id": "GHSA-62xf-gv4m-h3vc",
"modified": "2026-02-25T21:31:18Z",
"published": "2026-02-24T15:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2805"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014549"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-13"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-16"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-63XG-2GGR-XJ5W
Vulnerability from github – Published: 2022-05-14 02:28 – Updated: 2025-10-22 00:31Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Uninitialized Memory Use Vulnerability."
{
"affected": [],
"aliases": [
"CVE-2015-1770"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-06-10T01:59:00Z",
"severity": "HIGH"
},
"details": "Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Uninitialized Memory Use Vulnerability.\"",
"id": "GHSA-63xg-2ggr-xj5w",
"modified": "2025-10-22T00:31:09Z",
"published": "2022-05-14T02:28:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1770"
},
{
"type": "WEB",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-059"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1770"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/75016"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032523"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-64V8-FWW3-5MM3
Vulnerability from github – Published: 2022-06-14 00:00 – Updated: 2022-06-19 00:00AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vulnerability may affect system availability.
{
"affected": [],
"aliases": [
"CVE-2022-31759"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-13T15:15:00Z",
"severity": "MODERATE"
},
"details": "AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vulnerability may affect system availability.",
"id": "GHSA-64v8-fww3-5mm3",
"modified": "2022-06-19T00:00:23Z",
"published": "2022-06-14T00:00:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31759"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2022/6"
},
{
"type": "WEB",
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202206-0000001270350482"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-668C-H8P6-9PP3
Vulnerability from github – Published: 2025-07-09 00:30 – Updated: 2025-07-09 00:30Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2025-49529"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-08T22:15:26Z",
"severity": "HIGH"
},
"details": "Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-668c-h8p6-9pp3",
"modified": "2025-07-09T00:30:32Z",
"published": "2025-07-09T00:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49529"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/illustrator/apsb25-65.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-69HG-2XQ4-4M8V
Vulnerability from github – Published: 2024-11-15 18:30 – Updated: 2024-11-26 21:32An uninitialized pointer dereference in the NasPdu::NasPdu component of OpenAirInterface CN5G AMF up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted InitialUEMessage message sent to the AMF.
{
"affected": [],
"aliases": [
"CVE-2024-24449"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-15T18:15:27Z",
"severity": "MODERATE"
},
"details": "An uninitialized pointer dereference in the NasPdu::NasPdu component of OpenAirInterface CN5G AMF up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted InitialUEMessage message sent to the AMF.",
"id": "GHSA-69hg-2xq4-4m8v",
"modified": "2024-11-26T21:32:23Z",
"published": "2024-11-15T18:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24449"
},
{
"type": "WEB",
"url": "https://cellularsecurity.org/ransacked"
},
{
"type": "WEB",
"url": "https://openairinterface.org"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6F7G-WJ5X-F3VQ
Vulnerability from github – Published: 2026-04-30 09:30 – Updated: 2026-04-30 09:30MySQL protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
{
"affected": [],
"aliases": [
"CVE-2026-6524"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-30T07:16:39Z",
"severity": "MODERATE"
},
"details": "MySQL protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service",
"id": "GHSA-6f7g-wj5x-f3vq",
"modified": "2026-04-30T09:30:24Z",
"published": "2026-04-30T09:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6524"
},
{
"type": "WEB",
"url": "https://gitlab.com/wireshark/wireshark/-/work_items/21172"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2026-37.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6FP2-JJV9-Q3W2
Vulnerability from github – Published: 2025-03-11 18:32 – Updated: 2025-03-12 15:32Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2025-27158"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-11T18:15:33Z",
"severity": "HIGH"
},
"details": "Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-6fp2-jjv9-q3w2",
"modified": "2025-03-12T15:32:00Z",
"published": "2025-03-11T18:32:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27158"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb25-14.html"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2135"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6FQW-RH3V-4VPH
Vulnerability from github – Published: 2025-11-21 06:30 – Updated: 2025-11-21 06:30Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service
{
"affected": [],
"aliases": [
"CVE-2025-13499"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-21T06:15:48Z",
"severity": "HIGH"
},
"details": "Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service",
"id": "GHSA-6fqw-rh3v-4vph",
"modified": "2025-11-21T06:30:50Z",
"published": "2025-11-21T06:30:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13499"
},
{
"type": "WEB",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20823"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2025-06.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6G7C-JV9Q-8PH3
Vulnerability from github – Published: 2023-08-10 15:30 – Updated: 2024-04-04 06:47Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Access of Uninitialized Pointer that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2023-38223"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-10T14:15:12Z",
"severity": "HIGH"
},
"details": "Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Access of Uninitialized Pointer that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-6g7c-jv9q-8ph3",
"modified": "2024-04-04T06:47:37Z",
"published": "2023-08-10T15:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38223"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb23-30.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.