CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
CVE-2022-3104 (GCVE-0-2022-3104)
Vulnerability from cvelistv5 – Published: 2022-12-14 00:00 – Updated: 2025-04-22 15:59{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:09.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2\u0026id=4a9800c81d2f34afb66b4b42e0330ae8298019a2"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153062"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-3104",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T15:58:48.158231Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T15:59:16.005Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Linux 5.16-rc6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Linux kernel through 5.16-rc6. lkdtm_ARRAY_BOUNDS in drivers/misc/lkdtm/bugs.c lacks check of the return value of kmalloc() and will cause the null pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-14T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2\u0026id=4a9800c81d2f34afb66b4b42e0330ae8298019a2"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153062"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-3104",
"datePublished": "2022-12-14T00:00:00.000Z",
"dateReserved": "2022-09-02T00:00:00.000Z",
"dateUpdated": "2025-04-22T15:59:16.005Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3078 (GCVE-0-2022-3078)
Vulnerability from cvelistv5 – Published: 2022-09-01 20:52 – Updated: 2024-08-03 01:00| URL | Tags |
|---|---|
| https://git.kernel.org/pub/scm/linux/kernel/git/t… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2\u0026id=e6a21a14106d9718aa4f8e115b1e474888eeba44"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Linux kernel 5.16-rc6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Linux kernel through 5.16-rc6. There is a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-01T20:52:56.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2\u0026id=e6a21a14106d9718aa4f8e115b1e474888eeba44"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2022-3078",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kernel",
"version": {
"version_data": [
{
"version_value": "Linux kernel 5.16-rc6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Linux kernel through 5.16-rc6. There is a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2\u0026id=e6a21a14106d9718aa4f8e115b1e474888eeba44",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2\u0026id=e6a21a14106d9718aa4f8e115b1e474888eeba44"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-3078",
"datePublished": "2022-09-01T20:52:56.000Z",
"dateReserved": "2022-09-01T00:00:00.000Z",
"dateUpdated": "2024-08-03T01:00:10.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2980 (GCVE-0-2022-2980)
Vulnerability from cvelistv5 – Published: 2022-08-25 00:00 – Updated: 2024-08-03 00:53- CWE-476 - NULL Pointer Dereference
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:53:00.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/80525751c5ce9ed82c41d83faf9ef38667bf61b1"
},
{
"name": "FEDORA-2022-b9edf60581",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0259",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea"
},
{
"url": "https://github.com/vim/vim/commit/80525751c5ce9ed82c41d83faf9ef38667bf61b1"
},
{
"name": "FEDORA-2022-b9edf60581",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "6e7b12a5-242c-453d-b39e-9625d563b0ea",
"discovery": "EXTERNAL"
},
"title": "NULL Pointer Dereference in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2980",
"datePublished": "2022-08-25T00:00:00.000Z",
"dateReserved": "2022-08-24T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:53:00.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2973 (GCVE-0-2022-2973)
Vulnerability from cvelistv5 – Published: 2022-09-23 15:28 – Updated: 2025-04-16 16:09- CWE-476 - NULL Pointer Dereference
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| MZ Automation | libIEC61850 |
Affected:
All , ≤ 1.4
(custom)
Affected: Version 1.5 , < Commit: a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:53:00.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-251-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:54:16.892261Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:09:39.243Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libIEC61850",
"vendor": "MZ Automation",
"versions": [
{
"lessThanOrEqual": "1.4",
"status": "affected",
"version": "All",
"versionType": "custom"
},
{
"lessThan": "Commit: a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e",
"status": "affected",
"version": "Version 1.5",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-09-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MZ Automation\u0027s libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) uses a NULL pointer in certain situations. which could allow an attacker to crash the server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-23T15:28:44.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-251-01"
}
],
"source": {
"advisory": "ICSA-22-251-01",
"discovery": "UNKNOWN"
},
"title": "MZ Automation libIEC61850 NULL Pointer Dereference",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-09-08T17:00:00.000Z",
"ID": "CVE-2022-2973",
"STATE": "PUBLIC",
"TITLE": "MZ Automation libIEC61850 NULL Pointer Dereference"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libIEC61850",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "1.4"
},
{
"version_affected": "\u003c",
"version_name": "Version 1.5",
"version_value": "Commit: a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e"
}
]
}
}
]
},
"vendor_name": "MZ Automation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MZ Automation\u0027s libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) uses a NULL pointer in certain situations. which could allow an attacker to crash the server."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-251-01",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-251-01"
}
]
},
"source": {
"advisory": "ICSA-22-251-01",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2973",
"datePublished": "2022-09-23T15:28:44.503Z",
"dateReserved": "2022-08-23T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:09:39.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2923 (GCVE-0-2022-2923)
Vulnerability from cvelistv5 – Published: 2022-08-22 00:00 – Updated: 2024-08-03 00:53- CWE-476 - NULL Pointer Dereference
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:53:00.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/6669de1b235843968e88844ca6d3c8dec4b01a9e"
},
{
"name": "FEDORA-2022-3b33d04743",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0240",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2"
},
{
"url": "https://github.com/vim/vim/commit/6669de1b235843968e88844ca6d3c8dec4b01a9e"
},
{
"name": "FEDORA-2022-3b33d04743",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "fd3a3ab8-ab0f-452f-afea-8c613e283fd2",
"discovery": "EXTERNAL"
},
"title": "NULL Pointer Dereference in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2923",
"datePublished": "2022-08-22T00:00:00.000Z",
"dateReserved": "2022-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:53:00.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2874 (GCVE-0-2022-2874)
Vulnerability from cvelistv5 – Published: 2022-08-18 00:00 – Updated: 2024-08-03 00:52- CWE-476 - NULL Pointer Dereference
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/95f97dfe-247d-475d-9740-b7adc71f4c79"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/4875d6ab068f09df88d24d81de40dcd8d56e243d"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0224",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/95f97dfe-247d-475d-9740-b7adc71f4c79"
},
{
"url": "https://github.com/vim/vim/commit/4875d6ab068f09df88d24d81de40dcd8d56e243d"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "95f97dfe-247d-475d-9740-b7adc71f4c79",
"discovery": "EXTERNAL"
},
"title": "NULL Pointer Dereference in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2874",
"datePublished": "2022-08-18T00:00:00.000Z",
"dateReserved": "2022-08-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:52:59.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2549 (GCVE-0-2022-2549)
Vulnerability from cvelistv5 – Published: 2022-07-27 14:51 – Updated: 2024-08-03 00:39- CWE-476 - NULL Pointer Dereference
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/c93083dc-177c-4ba0-ba8… | x_refsource_CONFIRM |
| https://github.com/gpac/gpac/commit/0102c5d4db7fd… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:08.111Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/c93083dc-177c-4ba0-ba83-9d7fb29a5537"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gpac/gpac/commit/0102c5d4db7fdbf08b5b591b2a6264de33867a07"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gpac/gpac",
"vendor": "gpac",
"versions": [
{
"lessThan": "v2.1.0-DEV",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL Pointer Dereference in GitHub repository gpac/gpac prior to v2.1.0-DEV."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-27T14:51:57.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/c93083dc-177c-4ba0-ba83-9d7fb29a5537"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gpac/gpac/commit/0102c5d4db7fdbf08b5b591b2a6264de33867a07"
}
],
"source": {
"advisory": "c93083dc-177c-4ba0-ba83-9d7fb29a5537",
"discovery": "EXTERNAL"
},
"title": "NULL Pointer Dereference in gpac/gpac",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2549",
"STATE": "PUBLIC",
"TITLE": "NULL Pointer Dereference in gpac/gpac"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gpac/gpac",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.1.0-DEV"
}
]
}
}
]
},
"vendor_name": "gpac"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NULL Pointer Dereference in GitHub repository gpac/gpac prior to v2.1.0-DEV."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/c93083dc-177c-4ba0-ba83-9d7fb29a5537",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/c93083dc-177c-4ba0-ba83-9d7fb29a5537"
},
{
"name": "https://github.com/gpac/gpac/commit/0102c5d4db7fdbf08b5b591b2a6264de33867a07",
"refsource": "MISC",
"url": "https://github.com/gpac/gpac/commit/0102c5d4db7fdbf08b5b591b2a6264de33867a07"
}
]
},
"source": {
"advisory": "c93083dc-177c-4ba0-ba83-9d7fb29a5537",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2549",
"datePublished": "2022-07-27T14:51:57.000Z",
"dateReserved": "2022-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:39:08.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2547 (GCVE-0-2022-2547)
Vulnerability from cvelistv5 – Published: 2022-08-17 20:06 – Updated: 2025-04-16 16:13- CWE-476 - NULL Pointer Dereference
| URL | Tags |
|---|---|
| https://industrial.softing.com/fileadmin/psirt/do… | x_refsource_CONFIRM |
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Softing | Secure Integration Server |
Affected:
V1.22
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:08.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2547",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:54:57.861751Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:13:29.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Secure Integration Server",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "V1.22"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Pedro Ribeiro and Radek Domanski, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to Softing and CISA."
}
],
"descriptions": [
{
"lang": "en",
"value": "A crafted HTTP packet without a content-type header can create a denial-of-service condition in Softing Secure Integration Server V1.22."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T20:06:38.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
}
],
"solutions": [
{
"lang": "en",
"value": "Softing released new versions to address these vulnerabilities and notified known users of the releases. Users are advised to update to the new versions:\nSofting Secure Integration Server V1.30 \n\nThe latest software packages can be downloaded from the Softing website. \n\nSofting recommends the following mitigations and workarounds: \nChange the admin password or create a new user with administrative rights and delete the default admin user. \nConfigure the Windows firewall to block network requests to IP port 9000. \nDisable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server. \nFor more details on these vulnerabilities and mitigations, users should see SYT-2022-4 on the Softing security website."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Softing Secure Integration Server NULL Pointer Dereference",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2022-2547",
"STATE": "PUBLIC",
"TITLE": "Softing Secure Integration Server NULL Pointer Dereference"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Secure Integration Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V1.22"
}
]
}
}
]
},
"vendor_name": "Softing"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Pedro Ribeiro and Radek Domanski, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to Softing and CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A crafted HTTP packet without a content-type header can create a denial-of-service condition in Softing Secure Integration Server V1.22."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476: NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html",
"refsource": "CONFIRM",
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html"
},
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
}
]
},
"solution": [
{
"lang": "en",
"value": "Softing released new versions to address these vulnerabilities and notified known users of the releases. Users are advised to update to the new versions:\nSofting Secure Integration Server V1.30 \n\nThe latest software packages can be downloaded from the Softing website. \n\nSofting recommends the following mitigations and workarounds: \nChange the admin password or create a new user with administrative rights and delete the default admin user. \nConfigure the Windows firewall to block network requests to IP port 9000. \nDisable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server. \nFor more details on these vulnerabilities and mitigations, users should see SYT-2022-4 on the Softing security website."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2547",
"datePublished": "2022-08-17T20:06:38.000Z",
"dateReserved": "2022-07-26T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:13:29.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2476 (GCVE-0-2022-2476)
Vulnerability from cvelistv5 – Published: 2022-07-19 00:00 – Updated: 2024-08-03 00:39| URL | Tags |
|---|---|
| https://github.com/dbry/WavPack/issues/121 | |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:07.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/dbry/WavPack/issues/121"
},
{
"name": "FEDORA-2022-ca2f721916",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CK45CC7MQ54SHEIJ63PW3HP4BCPTX6QP/"
},
{
"name": "FEDORA-2022-c9c086b06f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMIXZWB3OURGBAEU3T5HQY56BN2ZVLYF/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wavpack",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A null pointer dereference bug was found in wavpack-5.4.0 The results from the ASAN log: AddressSanitizer:DEADLYSIGNAL ===================================================================84257==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x561b47a970c6 bp 0x7fff13952fb0 sp 0x7fff1394fca0 T0) ==84257==The signal is caused by a WRITE memory access. ==84257==Hint: address points to the zero page. #0 0x561b47a970c5 in main cli/wvunpack.c:834 #1 0x7efc4f5c0082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) #2 0x561b47a945ed in _start (/usr/local/bin/wvunpack+0xa5ed) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV cli/wvunpack.c:834 in main ==84257==ABORTING"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-24T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://github.com/dbry/WavPack/issues/121"
},
{
"name": "FEDORA-2022-ca2f721916",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CK45CC7MQ54SHEIJ63PW3HP4BCPTX6QP/"
},
{
"name": "FEDORA-2022-c9c086b06f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMIXZWB3OURGBAEU3T5HQY56BN2ZVLYF/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-2476",
"datePublished": "2022-07-19T00:00:00.000Z",
"dateReserved": "2022-07-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:39:07.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2337 (GCVE-0-2022-2337)
Vulnerability from cvelistv5 – Published: 2022-08-17 20:18 – Updated: 2025-04-16 16:12- CWE-476 - NULL Pointer Dereference
| URL | Tags |
|---|---|
| https://industrial.softing.com/fileadmin/psirt/do… | x_refsource_CONFIRM |
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Softing | Secure Integration Server |
Affected:
V1.22
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2337",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:54:42.760334Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:12:45.794Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Secure Integration Server",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "V1.22"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Pedro Ribeiro and Radek Domanski, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to Softing and CISA."
}
],
"descriptions": [
{
"lang": "en",
"value": "A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server V1.22."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T20:18:49.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
}
],
"solutions": [
{
"lang": "en",
"value": "Softing released new versions to address these vulnerabilities and notified known users of the releases. Users are advised to update to the new versions:\nSofting Secure Integration Server V1.30 \n\nThe latest software packages can be downloaded from the Softing website. \n\nSofting recommends the following mitigations and workarounds: \nChange the admin password or create a new user with administrative rights and delete the default admin user. \nConfigure the Windows firewall to block network requests to IP port 9000. \nDisable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server. \nFor more details on these vulnerabilities and mitigations, users should see SYT-2022-4 on the Softing security website."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Softing Secure Integration Server NULL Pointer Dereference",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2022-2337",
"STATE": "PUBLIC",
"TITLE": "Softing Secure Integration Server NULL Pointer Dereference"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Secure Integration Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V1.22"
}
]
}
}
]
},
"vendor_name": "Softing"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Pedro Ribeiro and Radek Domanski, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to Softing and CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server V1.22."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476: NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html",
"refsource": "CONFIRM",
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html"
},
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
}
]
},
"solution": [
{
"lang": "en",
"value": "Softing released new versions to address these vulnerabilities and notified known users of the releases. Users are advised to update to the new versions:\nSofting Secure Integration Server V1.30 \n\nThe latest software packages can be downloaded from the Softing website. \n\nSofting recommends the following mitigations and workarounds: \nChange the admin password or create a new user with administrative rights and delete the default admin user. \nConfigure the Windows firewall to block network requests to IP port 9000. \nDisable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server. \nFor more details on these vulnerabilities and mitigations, users should see SYT-2022-4 on the Softing security website."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2337",
"datePublished": "2022-08-17T20:18:49.000Z",
"dateReserved": "2022-07-06T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:12:45.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.