Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

CVE-2020-24421 (GCVE-0-2020-24421)

Vulnerability from cvelistv5 – Published: 2020-10-21 21:28 – Updated: 2024-09-16 20:07
VLAI
Title
Adobe InDesign 15.1.2 NULL Pointer Dereference Bug
Summary
Adobe InDesign version 15.1.2 (and earlier) is affected by a NULL pointer dereference bug that occurs when handling a malformed .indd file. The impact is limited to causing a denial-of-service of the client application. User interaction is required to exploit this issue.
CWE
  • CWE-476 - NULL Pointer Dereference (CWE-476)
Assigner
References
Impacted products
Vendor Product Version
Adobe InDesign Affected: unspecified , ≤ 15.1.2 (custom)
Affected: unspecified , ≤ None (custom)
Create a notification for this product.
Date Public
2020-10-20 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:12:08.957Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/indesign/apsb20-66.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "InDesign",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "15.1.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "None",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2020-10-20T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe InDesign version 15.1.2 (and earlier) is affected by a NULL pointer dereference bug that occurs when handling a malformed .indd file. The impact is limited to causing a denial-of-service of the client application. User interaction is required to exploit this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "NULL Pointer Dereference (CWE-476)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-28T12:41:39.000Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://helpx.adobe.com/security/products/indesign/apsb20-66.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe InDesign 15.1.2 NULL Pointer Dereference Bug",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "DATE_PUBLIC": "2020-10-20T23:00:00.000Z",
          "ID": "CVE-2020-24421",
          "STATE": "PUBLIC",
          "TITLE": "Adobe InDesign 15.1.2 NULL Pointer Dereference Bug"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "InDesign",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "15.1.2"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "None"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "None"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "None"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Adobe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Adobe InDesign version 15.1.2 (and earlier) is affected by a NULL pointer dereference bug that occurs when handling a malformed .indd file. The impact is limited to causing a denial-of-service of the client application. User interaction is required to exploit this issue."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "availabilityImpact": "High",
            "baseScore": 5.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "userInteraction": "Required",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "NULL Pointer Dereference (CWE-476)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/indesign/apsb20-66.html",
              "refsource": "MISC",
              "url": "https://helpx.adobe.com/security/products/indesign/apsb20-66.html"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2020-24421",
    "datePublished": "2020-10-21T21:28:07.197Z",
    "dateReserved": "2020-08-19T00:00:00.000Z",
    "dateUpdated": "2024-09-16T20:07:07.527Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-17525 (GCVE-0-2020-17525)

Vulnerability from cvelistv5 – Published: 2021-03-17 09:20 – Updated: 2025-02-13 16:27
VLAI
Title
Remote unauthenticated denial-of-service in Subversion mod_authz_svn
Summary
Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7
Severity
No CVSS data available.
CWE
  • CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
Vendor Product Version
Apache Software Foundation Apache Subversion Unaffected: mod_authz_svn 1.10.7
Affected: mod_authz_svn , < 1.14.1 (custom)
Create a notification for this product.
Credits
Thomas Åkesson (simonsoft.se)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T14:00:48.595Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://subversion.apache.org/security/CVE-2020-17525-advisory.txt"
          },
          {
            "name": "[debian-lts-announce] 20210504 [SECURITY] [DLA 2646-1] subversion security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00000.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Subversion",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "unaffected",
              "version": "mod_authz_svn 1.10.7"
            },
            {
              "lessThan": "1.14.1",
              "status": "affected",
              "version": "mod_authz_svn",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Thomas \u00c5kesson (simonsoft.se)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Subversion\u0027s mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-04T14:01:40.000Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://subversion.apache.org/security/CVE-2020-17525-advisory.txt"
        },
        {
          "name": "[debian-lts-announce] 20210504 [SECURITY] [DLA 2646-1] subversion security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00000.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Remote unauthenticated denial-of-service in Subversion mod_authz_svn",
      "workarounds": [
        {
          "lang": "en",
          "value": "As a workaround, the use of in-repository authz rules files with the AuthzSVNReposRelativeAccessFile can be avoided by switching to an alternative configuration which fetches an authz rules file from the server\u0027s filesystem, rather than from an SVN repository."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2020-17525",
          "STATE": "PUBLIC",
          "TITLE": "Remote unauthenticated denial-of-service in Subversion mod_authz_svn"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Subversion",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "mod_authz_svn",
                            "version_value": "1.14.1"
                          },
                          {
                            "version_affected": "!",
                            "version_name": "mod_authz_svn",
                            "version_value": "1.10.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Thomas \u00c5kesson (simonsoft.se)"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Subversion\u0027s mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7"
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-476 NULL Pointer Dereference"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://subversion.apache.org/security/CVE-2020-17525-advisory.txt",
              "refsource": "MISC",
              "url": "https://subversion.apache.org/security/CVE-2020-17525-advisory.txt"
            },
            {
              "name": "[debian-lts-announce] 20210504 [SECURITY] [DLA 2646-1] subversion security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00000.html"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "As a workaround, the use of in-repository authz rules files with the AuthzSVNReposRelativeAccessFile can be avoided by switching to an alternative configuration which fetches an authz rules file from the server\u0027s filesystem, rather than from an SVN repository."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2020-17525",
    "datePublished": "2021-03-17T09:20:14.000Z",
    "dateReserved": "2020-08-12T00:00:00.000Z",
    "dateUpdated": "2025-02-13T16:27:35.247Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-15209 (GCVE-0-2020-15209)

Vulnerability from cvelistv5 – Published: 2020-09-25 18:45 – Updated: 2024-08-04 13:08
VLAI
Title
Null pointer dereference in tensorflow-lite
Summary
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one. The runtime assumes that these buffers are written to before a possible read, hence they are initialized with `nullptr`. However, by changing the buffer index for a tensor and implicitly converting that tensor to be a read-write one, as there is nothing in the model that writes to it, we get a null pointer dereference. The issue is patched in commit 0b5662bc, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
CWE
  • CWE-476 - {"CWE-476":"NULL Pointer Dereference"}
Assigner
Impacted products
Vendor Product Version
tensorflow tensorflow Affected: < 1.15.4
Affected: >= 2.0.0, < 2.0.3
Affected: >= 2.1.0, < 2.1.2
Affected: >= 2.2.0, < 2.2.1
Affected: >= 2.3.0, < 2.3.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:08:22.925Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qh32-6jjc-qprm"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/commit/0b5662bc2be13a8c8f044d925d87fb6e56247cd8"
          },
          {
            "name": "openSUSE-SU-2020:1766",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "tensorflow",
          "vendor": "tensorflow",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.15.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.0.0, \u003c 2.0.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.1.0, \u003c 2.1.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.2.0, \u003c 2.2.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.3.0, \u003c 2.3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one. The runtime assumes that these buffers are written to before a possible read, hence they are initialized with `nullptr`. However, by changing the buffer index for a tensor and implicitly converting that tensor to be a read-write one, as there is nothing in the model that writes to it, we get a null pointer dereference. The issue is patched in commit 0b5662bc, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "{\"CWE-476\":\"NULL Pointer Dereference\"}",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-29T15:06:17.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qh32-6jjc-qprm"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tensorflow/tensorflow/commit/0b5662bc2be13a8c8f044d925d87fb6e56247cd8"
        },
        {
          "name": "openSUSE-SU-2020:1766",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"
        }
      ],
      "source": {
        "advisory": "GHSA-qh32-6jjc-qprm",
        "discovery": "UNKNOWN"
      },
      "title": "Null pointer dereference in tensorflow-lite",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-15209",
          "STATE": "PUBLIC",
          "TITLE": "Null pointer dereference in tensorflow-lite"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "tensorflow",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 1.15.4"
                          },
                          {
                            "version_value": "\u003e= 2.0.0, \u003c 2.0.3"
                          },
                          {
                            "version_value": "\u003e= 2.1.0, \u003c 2.1.2"
                          },
                          {
                            "version_value": "\u003e= 2.2.0, \u003c 2.2.1"
                          },
                          {
                            "version_value": "\u003e= 2.3.0, \u003c 2.3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "tensorflow"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one. The runtime assumes that these buffers are written to before a possible read, hence they are initialized with `nullptr`. However, by changing the buffer index for a tensor and implicitly converting that tensor to be a read-write one, as there is nothing in the model that writes to it, we get a null pointer dereference. The issue is patched in commit 0b5662bc, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "{\"CWE-476\":\"NULL Pointer Dereference\"}"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
              "refsource": "MISC",
              "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qh32-6jjc-qprm",
              "refsource": "CONFIRM",
              "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qh32-6jjc-qprm"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/commit/0b5662bc2be13a8c8f044d925d87fb6e56247cd8",
              "refsource": "MISC",
              "url": "https://github.com/tensorflow/tensorflow/commit/0b5662bc2be13a8c8f044d925d87fb6e56247cd8"
            },
            {
              "name": "openSUSE-SU-2020:1766",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-qh32-6jjc-qprm",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-15209",
    "datePublished": "2020-09-25T18:45:35.000Z",
    "dateReserved": "2020-06-25T00:00:00.000Z",
    "dateUpdated": "2024-08-04T13:08:22.925Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-15204 (GCVE-0-2020-15204)

Vulnerability from cvelistv5 – Published: 2020-09-25 18:46 – Updated: 2024-08-04 13:08
VLAI
Title
Segfault in Tensorflow
Summary
In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling `tf.raw_ops.GetSessionHandle` or `tf.raw_ops.GetSessionHandleV2` results in a null pointer dereference In linked snippet, in eager mode, `ctx->session_state()` returns `nullptr`. Since code immediately dereferences this, we get a segmentation fault. The issue is patched in commit 9a133d73ae4b4664d22bd1aa6d654fec13c52ee1, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
CWE
  • CWE-476 - {"CWE-476":"NULL Pointer Dereference"}
Assigner
Impacted products
Vendor Product Version
tensorflow tensorflow Affected: < 1.15.4
Affected: >= 2.0.0, < 2.0.3
Affected: >= 2.1.0, < 2.1.2
Affected: >= 2.2.0, < 2.2.1
Affected: >= 2.3.0, < 2.3.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:08:22.924Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q8gv-q7wr-9jf8"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/commit/9a133d73ae4b4664d22bd1aa6d654fec13c52ee1"
          },
          {
            "name": "openSUSE-SU-2020:1766",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "tensorflow",
          "vendor": "tensorflow",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.15.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.0.0, \u003c 2.0.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.1.0, \u003c 2.1.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.2.0, \u003c 2.2.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.3.0, \u003c 2.3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling `tf.raw_ops.GetSessionHandle` or `tf.raw_ops.GetSessionHandleV2` results in a null pointer dereference In linked snippet, in eager mode, `ctx-\u003esession_state()` returns `nullptr`. Since code immediately dereferences this, we get a segmentation fault. The issue is patched in commit 9a133d73ae4b4664d22bd1aa6d654fec13c52ee1, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "{\"CWE-476\":\"NULL Pointer Dereference\"}",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-29T15:06:13.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q8gv-q7wr-9jf8"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tensorflow/tensorflow/commit/9a133d73ae4b4664d22bd1aa6d654fec13c52ee1"
        },
        {
          "name": "openSUSE-SU-2020:1766",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"
        }
      ],
      "source": {
        "advisory": "GHSA-q8gv-q7wr-9jf8",
        "discovery": "UNKNOWN"
      },
      "title": "Segfault in Tensorflow",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-15204",
          "STATE": "PUBLIC",
          "TITLE": "Segfault in Tensorflow"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "tensorflow",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 1.15.4"
                          },
                          {
                            "version_value": "\u003e= 2.0.0, \u003c 2.0.3"
                          },
                          {
                            "version_value": "\u003e= 2.1.0, \u003c 2.1.2"
                          },
                          {
                            "version_value": "\u003e= 2.2.0, \u003c 2.2.1"
                          },
                          {
                            "version_value": "\u003e= 2.3.0, \u003c 2.3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "tensorflow"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling `tf.raw_ops.GetSessionHandle` or `tf.raw_ops.GetSessionHandleV2` results in a null pointer dereference In linked snippet, in eager mode, `ctx-\u003esession_state()` returns `nullptr`. Since code immediately dereferences this, we get a segmentation fault. The issue is patched in commit 9a133d73ae4b4664d22bd1aa6d654fec13c52ee1, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "{\"CWE-476\":\"NULL Pointer Dereference\"}"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
              "refsource": "MISC",
              "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q8gv-q7wr-9jf8",
              "refsource": "CONFIRM",
              "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q8gv-q7wr-9jf8"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/commit/9a133d73ae4b4664d22bd1aa6d654fec13c52ee1",
              "refsource": "MISC",
              "url": "https://github.com/tensorflow/tensorflow/commit/9a133d73ae4b4664d22bd1aa6d654fec13c52ee1"
            },
            {
              "name": "openSUSE-SU-2020:1766",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-q8gv-q7wr-9jf8",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-15204",
    "datePublished": "2020-09-25T18:46:02.000Z",
    "dateReserved": "2020-06-25T00:00:00.000Z",
    "dateUpdated": "2024-08-04T13:08:22.924Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-15191 (GCVE-0-2020-15191)

Vulnerability from cvelistv5 – Published: 2020-09-25 18:41 – Updated: 2024-08-04 13:08
VLAI
Title
Undefined behavior in Tensorflow
Summary
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` variable to the error condition. However, this `status` argument is not properly checked. Hence, code following these methods will bind references to null pointers. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.
CWE
  • CWE-20 - {"CWE-20":"Improper Input Validation"}
  • CWE-476 - {"CWE-476":"NULL Pointer Dereference"}
Assigner
Impacted products
Vendor Product Version
tensorflow tensorflow Affected: = 2.2.0
Affected: = 2.3.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:08:22.683Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/commit/22e07fb204386768e5bcbea563641ea11f96ceb8"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q8qj-fc9q-cphr"
          },
          {
            "name": "openSUSE-SU-2020:1766",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "tensorflow",
          "vendor": "tensorflow",
          "versions": [
            {
              "status": "affected",
              "version": "= 2.2.0"
            },
            {
              "status": "affected",
              "version": "= 2.3.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` variable to the error condition. However, this `status` argument is not properly checked. Hence, code following these methods will bind references to null pointers. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "{\"CWE-20\":\"Improper Input Validation\"}",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "{\"CWE-476\":\"NULL Pointer Dereference\"}",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-29T15:06:14.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tensorflow/tensorflow/commit/22e07fb204386768e5bcbea563641ea11f96ceb8"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q8qj-fc9q-cphr"
        },
        {
          "name": "openSUSE-SU-2020:1766",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"
        }
      ],
      "source": {
        "advisory": "GHSA-q8qj-fc9q-cphr",
        "discovery": "UNKNOWN"
      },
      "title": "Undefined behavior in Tensorflow",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-15191",
          "STATE": "PUBLIC",
          "TITLE": "Undefined behavior in Tensorflow"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "tensorflow",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "= 2.2.0"
                          },
                          {
                            "version_value": "= 2.3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "tensorflow"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` variable to the error condition. However, this `status` argument is not properly checked. Hence, code following these methods will bind references to null pointers. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "{\"CWE-20\":\"Improper Input Validation\"}"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "{\"CWE-476\":\"NULL Pointer Dereference\"}"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
              "refsource": "MISC",
              "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/commit/22e07fb204386768e5bcbea563641ea11f96ceb8",
              "refsource": "MISC",
              "url": "https://github.com/tensorflow/tensorflow/commit/22e07fb204386768e5bcbea563641ea11f96ceb8"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q8qj-fc9q-cphr",
              "refsource": "CONFIRM",
              "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q8qj-fc9q-cphr"
            },
            {
              "name": "openSUSE-SU-2020:1766",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-q8qj-fc9q-cphr",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-15191",
    "datePublished": "2020-09-25T18:41:01.000Z",
    "dateReserved": "2020-06-25T00:00:00.000Z",
    "dateUpdated": "2024-08-04T13:08:22.683Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-15190 (GCVE-0-2020-15190)

Vulnerability from cvelistv5 – Published: 2020-09-25 18:35 – Updated: 2024-08-04 13:08
VLAI
Title
Segfault in Tensorflow
Summary
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. However, the eager runtime traverses all tensors in the output. Since only one of the tensors is defined, the other one is `nullptr`, hence we are binding a reference to `nullptr`. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. In this case, this results in a segmentation fault The issue is patched in commit da8558533d925694483d2c136a9220d6d49d843c, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
CWE
  • CWE-20 - {"CWE-20":"Improper Input Validation"}
  • CWE-476 - {"CWE-476":"NULL Pointer Dereference"}
Assigner
Impacted products
Vendor Product Version
tensorflow tensorflow Affected: < 1.15.4
Affected: >= 2.0.0, < 2.0.3
Affected: >= 2.1.0, < 2.1.2
Affected: >= 2.2.0, < 2.2.1
Affected: >= 2.3.0, < 2.3.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:08:22.683Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4g9f-63rx-5cw4"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/commit/da8558533d925694483d2c136a9220d6d49d843c"
          },
          {
            "name": "openSUSE-SU-2020:1766",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "tensorflow",
          "vendor": "tensorflow",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.15.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.0.0, \u003c 2.0.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.1.0, \u003c 2.1.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.2.0, \u003c 2.2.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.3.0, \u003c 2.3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. However, the eager runtime traverses all tensors in the output. Since only one of the tensors is defined, the other one is `nullptr`, hence we are binding a reference to `nullptr`. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. In this case, this results in a segmentation fault The issue is patched in commit da8558533d925694483d2c136a9220d6d49d843c, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "{\"CWE-20\":\"Improper Input Validation\"}",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "{\"CWE-476\":\"NULL Pointer Dereference\"}",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-29T15:06:15.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4g9f-63rx-5cw4"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tensorflow/tensorflow/commit/da8558533d925694483d2c136a9220d6d49d843c"
        },
        {
          "name": "openSUSE-SU-2020:1766",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"
        }
      ],
      "source": {
        "advisory": "GHSA-4g9f-63rx-5cw4",
        "discovery": "UNKNOWN"
      },
      "title": "Segfault in Tensorflow",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-15190",
          "STATE": "PUBLIC",
          "TITLE": "Segfault in Tensorflow"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "tensorflow",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 1.15.4"
                          },
                          {
                            "version_value": "\u003e= 2.0.0, \u003c 2.0.3"
                          },
                          {
                            "version_value": "\u003e= 2.1.0, \u003c 2.1.2"
                          },
                          {
                            "version_value": "\u003e= 2.2.0, \u003c 2.2.1"
                          },
                          {
                            "version_value": "\u003e= 2.3.0, \u003c 2.3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "tensorflow"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. However, the eager runtime traverses all tensors in the output. Since only one of the tensors is defined, the other one is `nullptr`, hence we are binding a reference to `nullptr`. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. In this case, this results in a segmentation fault The issue is patched in commit da8558533d925694483d2c136a9220d6d49d843c, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "{\"CWE-20\":\"Improper Input Validation\"}"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "{\"CWE-476\":\"NULL Pointer Dereference\"}"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4g9f-63rx-5cw4",
              "refsource": "CONFIRM",
              "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4g9f-63rx-5cw4"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
              "refsource": "MISC",
              "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/commit/da8558533d925694483d2c136a9220d6d49d843c",
              "refsource": "MISC",
              "url": "https://github.com/tensorflow/tensorflow/commit/da8558533d925694483d2c136a9220d6d49d843c"
            },
            {
              "name": "openSUSE-SU-2020:1766",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-4g9f-63rx-5cw4",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-15190",
    "datePublished": "2020-09-25T18:35:13.000Z",
    "dateReserved": "2020-06-25T00:00:00.000Z",
    "dateUpdated": "2024-08-04T13:08:22.683Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-13583 (GCVE-0-2020-13583)

Vulnerability from cvelistv5 – Published: 2021-02-10 21:39 – Updated: 2024-08-04 12:25
VLAI
Summary
A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
CWE
  • CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
Vendor Product Version
n/a Micrium Affected: Micrium uC-HTTP 3.01.00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:25:16.131Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1194"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Micrium",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Micrium uC-HTTP 3.01.00"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476: NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-10T21:39:22.000Z",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1194"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2020-13583",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Micrium",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Micrium uC-HTTP 3.01.00"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 8.6,
            "baseSeverity": "High",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-476: NULL Pointer Dereference"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1194",
              "refsource": "MISC",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1194"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2020-13583",
    "datePublished": "2021-02-10T21:39:22.000Z",
    "dateReserved": "2020-05-26T00:00:00.000Z",
    "dateUpdated": "2024-08-04T12:25:16.131Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-13578 (GCVE-0-2020-13578)

Vulnerability from cvelistv5 – Published: 2021-02-10 00:00 – Updated: 2024-11-19 15:27
VLAI
Summary
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-476 - NULL Pointer Dereference
Assigner
Impacted products
Vendor Product Version
n/a Genivia Affected: Genivia gSOAP 2.8.107
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:25:16.139Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1189"
          },
          {
            "name": "FEDORA-2021-faea36a9c3",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMTJ3SJJ22SFLBLPKFADV7NVBH7UFA23/"
          },
          {
            "name": "FEDORA-2021-1da151722e",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JINMAJB4WQASTKTNSPQL3V7YMSYPKIA2/"
          },
          {
            "name": "[debian-lts-announce] 20240229 [SECURITY] [DLA 3745-1] gsoap security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00015.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-13578",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-19T15:27:38.018418Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-19T15:27:47.416Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Genivia",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Genivia gSOAP 2.8.107"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476: NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-01T01:06:12.445Z",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1189"
        },
        {
          "name": "FEDORA-2021-faea36a9c3",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMTJ3SJJ22SFLBLPKFADV7NVBH7UFA23/"
        },
        {
          "name": "FEDORA-2021-1da151722e",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JINMAJB4WQASTKTNSPQL3V7YMSYPKIA2/"
        },
        {
          "name": "[debian-lts-announce] 20240229 [SECURITY] [DLA 3745-1] gsoap security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00015.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2020-13578",
    "datePublished": "2021-02-10T00:00:00.000Z",
    "dateReserved": "2020-05-26T00:00:00.000Z",
    "dateUpdated": "2024-11-19T15:27:47.416Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-13577 (GCVE-0-2020-13577)

Vulnerability from cvelistv5 – Published: 2021-02-10 00:00 – Updated: 2024-08-04 12:25
VLAI
Summary
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
CWE
  • CWE-476 - NULL Pointer Dereference
Assigner
Impacted products
Vendor Product Version
n/a Genivia Affected: Genivia gSOAP 2.8.107
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:25:15.779Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1188"
          },
          {
            "name": "FEDORA-2021-faea36a9c3",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMTJ3SJJ22SFLBLPKFADV7NVBH7UFA23/"
          },
          {
            "name": "FEDORA-2021-1da151722e",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JINMAJB4WQASTKTNSPQL3V7YMSYPKIA2/"
          },
          {
            "name": "[debian-lts-announce] 20240229 [SECURITY] [DLA 3745-1] gsoap security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00015.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Genivia",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Genivia gSOAP 2.8.107"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476: NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-01T01:06:18.029Z",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1188"
        },
        {
          "name": "FEDORA-2021-faea36a9c3",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMTJ3SJJ22SFLBLPKFADV7NVBH7UFA23/"
        },
        {
          "name": "FEDORA-2021-1da151722e",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JINMAJB4WQASTKTNSPQL3V7YMSYPKIA2/"
        },
        {
          "name": "[debian-lts-announce] 20240229 [SECURITY] [DLA 3745-1] gsoap security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00015.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2020-13577",
    "datePublished": "2021-02-10T00:00:00.000Z",
    "dateReserved": "2020-05-26T00:00:00.000Z",
    "dateUpdated": "2024-08-04T12:25:15.779Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-13575 (GCVE-0-2020-13575)

Vulnerability from cvelistv5 – Published: 2021-02-10 20:01 – Updated: 2025-02-13 16:27
VLAI
Summary
A denial-of-service vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-476 - NULL Pointer Dereference
Assigner
Impacted products
Vendor Product Version
Genivia gSOAP Affected: 2.8.107
Create a notification for this product.
Credits
Discovered by a member of Cisco Talos.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:25:16.113Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1186",
            "tags": [
              "x_transferred"
            ],
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1186"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00015.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-13575",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-19T15:28:47.758899Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-19T15:29:00.915Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "gSOAP",
          "vendor": "Genivia",
          "versions": [
            {
              "status": "affected",
              "version": "2.8.107"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Discovered by a member of Cisco Talos."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A denial-of-service vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476: NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-01T01:06:14.766Z",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1186",
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1186"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00015.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2020-13575",
    "datePublished": "2021-02-10T20:01:25.000Z",
    "dateReserved": "2020-05-26T00:00:00.000Z",
    "dateUpdated": "2025-02-13T16:27:27.601Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.