CWE-824
AllowedAccess of Uninitialized Pointer
Abstraction: Base · Status: Incomplete
The product accesses or uses a pointer that has not been initialized.
451 vulnerabilities reference this CWE, most recent first.
GHSA-GP8Q-5M2C-VPRM
Vulnerability from github – Published: 2022-05-24 17:39 – Updated: 2022-05-24 17:39In Juniper Networks Junos OS Evolved an attacker sending certain valid BGP update packets may cause Junos OS Evolved to access an uninitialized pointer causing RPD to core leading to a Denial of Service (DoS). Continued receipt of these types of valid BGP update packets will cause an extended Denial of Service condition. RPD will require a restart to recover. An indicator of compromise is to see if the file rpd.re exists by issuing the command: show system core-dumps This issue affects: Juniper Networks Junos OS Evolved 19.4 versions prior to 19.4R2-S2-EVO; 20.1 versions prior to 20.1R1-S2-EVO, 20.1R2-S1-EVO. This issue does not affect Junos OS.
{
"affected": [],
"aliases": [
"CVE-2021-0209"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-15T18:15:00Z",
"severity": "MODERATE"
},
"details": "In Juniper Networks Junos OS Evolved an attacker sending certain valid BGP update packets may cause Junos OS Evolved to access an uninitialized pointer causing RPD to core leading to a Denial of Service (DoS). Continued receipt of these types of valid BGP update packets will cause an extended Denial of Service condition. RPD will require a restart to recover. An indicator of compromise is to see if the file rpd.re exists by issuing the command: show system core-dumps This issue affects: Juniper Networks Junos OS Evolved 19.4 versions prior to 19.4R2-S2-EVO; 20.1 versions prior to 20.1R1-S2-EVO, 20.1R2-S1-EVO. This issue does not affect Junos OS.",
"id": "GHSA-gp8q-5m2c-vprm",
"modified": "2022-05-24T17:39:20Z",
"published": "2022-05-24T17:39:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0209"
},
{
"type": "WEB",
"url": "https://kb.juniper.net/JSA11099"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-GPCG-G8XF-6PR7
Vulnerability from github – Published: 2022-05-13 01:26 – Updated: 2022-05-13 01:26Google Chrome before 12.0.742.91 attempts to read data from an uninitialized pointer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
{
"affected": [],
"aliases": [
"CVE-2011-1814"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-06-09T19:55:00Z",
"severity": "MODERATE"
},
"details": "Google Chrome before 12.0.742.91 attempts to read data from an uninitialized pointer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.",
"id": "GHSA-gpcg-g8xf-6pr7",
"modified": "2022-05-13T01:26:20Z",
"published": "2022-05-13T01:26:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1814"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67897"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14565"
},
{
"type": "WEB",
"url": "http://code.google.com/p/chromium/issues/detail?id=79362"
},
{
"type": "WEB",
"url": "http://googlechromereleases.blogspot.com/2011/06/chrome-stable-release.html"
},
{
"type": "WEB",
"url": "http://osvdb.org/72784"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/44829"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/48129"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-GR6M-Q82V-J96H
Vulnerability from github – Published: 2024-09-10 12:30 – Updated: 2025-11-04 00:31SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 allows denial of service via packet injection or crafted capture file
{
"affected": [],
"aliases": [
"CVE-2024-8645"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-10T10:15:14Z",
"severity": "MODERATE"
},
"details": "SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 allows denial of service via packet injection or crafted capture file",
"id": "GHSA-gr6m-q82v-j96h",
"modified": "2025-11-04T00:31:23Z",
"published": "2024-09-10T12:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8645"
},
{
"type": "WEB",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19559"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00049.html"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2024-10.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GWWJ-P94X-V67C
Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2022-05-13 01:01An exploitable uninitialized pointer vulnerability exists in the rich text format parser of Atlantis Word Processor, version 3.2.7.2. A specially crafted document can cause certain RTF tokens to dereference a pointer that has been uninitialized and then write to it. An attacker must convince a victim to open a specially crafted document in order to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2018-4040"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-01T20:29:00Z",
"severity": "HIGH"
},
"details": "An exploitable uninitialized pointer vulnerability exists in the rich text format parser of Atlantis Word Processor, version 3.2.7.2. A specially crafted document can cause certain RTF tokens to dereference a pointer that has been uninitialized and then write to it. An attacker must convince a victim to open a specially crafted document in order to trigger this vulnerability.",
"id": "GHSA-gwwj-p94x-v67c",
"modified": "2022-05-13T01:01:44Z",
"published": "2022-05-13T01:01:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4040"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0713"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GX64-JM35-RWVR
Vulnerability from github – Published: 2022-12-22 21:30 – Updated: 2025-04-15 18:31Within the lg_init() function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated. This vulnerability affects Firefox < 102.
{
"affected": [],
"aliases": [
"CVE-2022-34480"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-22T20:15:00Z",
"severity": "HIGH"
},
"details": "Within the \u003ccode\u003elg_init()\u003c/code\u003e function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated. This vulnerability affects Firefox \u003c 102.",
"id": "GHSA-gx64-jm35-rwvr",
"modified": "2025-04-15T18:31:30Z",
"published": "2022-12-22T21:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34480"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1454072"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2022-24"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H2X9-6RH9-J45R
Vulnerability from github – Published: 2021-12-21 00:00 – Updated: 2021-12-21 00:00Adobe Premiere Rush versions 1.5.16 (and earlier) allows access to an uninitialized pointer vulnerability that allows remote attackers to disclose sensitive information on affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of MP4 files. The issue results from the lack of proper initialization of memory prior to accessing it.
{
"affected": [],
"aliases": [
"CVE-2021-43030"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-20T21:15:00Z",
"severity": "LOW"
},
"details": "Adobe Premiere Rush versions 1.5.16 (and earlier) allows access to an uninitialized pointer vulnerability that allows remote attackers to disclose sensitive information on affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of MP4 files. The issue results from the lack of proper initialization of memory prior to accessing it.",
"id": "GHSA-h2x9-6rh9-j45r",
"modified": "2021-12-21T00:00:26Z",
"published": "2021-12-21T00:00:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43030"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/premiere_rush/apsb21-101.html"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1587"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-H323-GV8M-F26X
Vulnerability from github – Published: 2022-05-01 17:51 – Updated: 2022-05-01 17:51The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer.
{
"affected": [],
"aliases": [
"CVE-2007-1213"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2007-04-04T16:19:00Z",
"severity": "HIGH"
},
"details": "The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer.",
"id": "GHSA-h323-gv8m-f26x",
"modified": "2022-05-01T17:51:22Z",
"published": "2022-05-01T17:51:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1213"
},
{
"type": "WEB",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1797"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/466186/100/200/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/23276"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1017845"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2007/1215"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-H498-WHQR-Q683
Vulnerability from github – Published: 2022-05-17 00:48 – Updated: 2022-05-17 00:48The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the _Marshaled_pUnk attribute, which triggers unmarshalling of an untrusted pointer.
{
"affected": [],
"aliases": [
"CVE-2010-1818"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-08-31T20:00:00Z",
"severity": "HIGH"
},
"details": "The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the _Marshaled_pUnk attribute, which triggers unmarshalling of an untrusted pointer.",
"id": "GHSA-h498-whqr-q683",
"modified": "2022-05-17T00:48:03Z",
"published": "2022-05-17T00:48:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1818"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7523"
},
{
"type": "WEB",
"url": "https://www.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2010/Sep/msg00003.html"
},
{
"type": "WEB",
"url": "http://reversemode.com/index.php?option=com_content\u0026task=view\u0026id=69\u0026Itemid=1"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/ht4339"
},
{
"type": "WEB",
"url": "http://threatpost.com/en_us/blogs/new-remote-flaw-apple-quicktime-bypasses-aslr-and-dep-083010"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-H4C5-5F4Q-647W
Vulnerability from github – Published: 2022-05-17 00:14 – Updated: 2022-05-17 00:14An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is due to a computation that accesses a pointer that has not been initialized in the main DLL. In this case, a computation defines a read from an unexpected memory location. Therefore, an attacker might be able to read sensitive portions of memory.
{
"affected": [],
"aliases": [
"CVE-2017-16377"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-12-09T06:29:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is due to a computation that accesses a pointer that has not been initialized in the main DLL. In this case, a computation defines a read from an unexpected memory location. Therefore, an attacker might be able to read sensitive portions of memory.",
"id": "GHSA-h4c5-5f4q-647w",
"modified": "2022-05-17T00:14:45Z",
"published": "2022-05-17T00:14:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16377"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/101821"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039791"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H632-QVV7-2623
Vulnerability from github – Published: 2023-07-21 21:30 – Updated: 2026-07-01 17:45Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-mw5r-wq2m-397c. This link is maintained to preserve external references.
Original Description
A use of uninitialized pointer vulnerability exists in the GRO format res functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "openbabel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-01T17:45:28Z",
"nvd_published_at": "2023-07-21T21:15:10Z",
"severity": "CRITICAL"
},
"details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-mw5r-wq2m-397c. This link is maintained to preserve external references.\n\n## Original Description\nA use of uninitialized pointer vulnerability exists in the GRO format res functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.",
"id": "GHSA-h632-qvv7-2623",
"modified": "2026-07-01T17:45:28Z",
"published": "2023-07-21T21:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42885"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1668"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1668"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Duplicate Advisory: Open Babel has uninitialized pointer dereference in GRO residue parser",
"withdrawn": "2026-07-01T17:45:28Z"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.