CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
CVE-2016-9572 (GCVE-0-2016-9572)
Vulnerability from cvelistv5 – Published: 2018-08-01 16:00 – Updated: 2024-08-06 02:50| URL | Tags |
|---|---|
| https://security.gentoo.org/glsa/201710-26 | vendor-advisoryx_refsource_GENTOO |
| https://github.com/szukw000/openjpeg/commit/7b28b… | x_refsource_CONFIRM |
| https://github.com/uclouvain/openjpeg/issues/863 | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://www.debian.org/security/2017/dsa-3768 | vendor-advisoryx_refsource_DEBIAN |
| https://www.oracle.com/technetwork/security-advis… | x_refsource_MISC |
| http://www.securityfocus.com/bid/109233 | vdb-entryx_refsource_BID |
| Vendor | Product | Version | |
|---|---|---|---|
| The OpenJPEG Project | openjpeg |
Affected:
2.1.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201710-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201710-26"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/uclouvain/openjpeg/issues/863"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572"
},
{
"name": "DSA-3768",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-3768"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "109233",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109233"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openjpeg",
"vendor": "The OpenJPEG Project",
"versions": [
{
"status": "affected",
"version": "2.1.2"
}
]
}
],
"datePublic": "2016-10-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-23T22:31:32.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-201710-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201710-26"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/uclouvain/openjpeg/issues/863"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572"
},
{
"name": "DSA-3768",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-3768"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "109233",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109233"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-9572",
"datePublished": "2018-08-01T16:00:00.000Z",
"dateReserved": "2016-11-23T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:50:38.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8626 (GCVE-0-2016-8626)
Vulnerability from cvelistv5 – Published: 2018-07-31 19:00 – Updated: 2024-08-06 02:27| URL | Tags |
|---|---|
| http://tracker.ceph.com/issues/17635 | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2016-2815.html | vendor-advisoryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/94488 | vdb-entryx_refsource_BID |
| http://rhn.redhat.com/errata/RHSA-2016-2816.html | vendor-advisoryx_refsource_REDHAT |
| http://rhn.redhat.com/errata/RHSA-2016-2847.html | vendor-advisoryx_refsource_REDHAT |
| http://rhn.redhat.com/errata/RHSA-2016-2848.html | vendor-advisoryx_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:41.046Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tracker.ceph.com/issues/17635"
},
{
"name": "RHSA-2016:2815",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2815.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8626"
},
{
"name": "94488",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94488"
},
{
"name": "RHSA-2016:2816",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2816.html"
},
{
"name": "RHSA-2016:2847",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2847.html"
},
{
"name": "RHSA-2016:2848",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2848.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ceph",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "0.94.9-8"
}
]
}
],
"datePublic": "2016-10-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-01T09:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tracker.ceph.com/issues/17635"
},
{
"name": "RHSA-2016:2815",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2815.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8626"
},
{
"name": "94488",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94488"
},
{
"name": "RHSA-2016:2816",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2816.html"
},
{
"name": "RHSA-2016:2847",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2847.html"
},
{
"name": "RHSA-2016:2848",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2848.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-8626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ceph",
"version": {
"version_data": [
{
"version_value": "0.94.9-8"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
[
{
"vectorString": "6.3/AV:N/AC:M/Au:S/C:N/I:N/A:C",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tracker.ceph.com/issues/17635",
"refsource": "CONFIRM",
"url": "http://tracker.ceph.com/issues/17635"
},
{
"name": "RHSA-2016:2815",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2815.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8626",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8626"
},
{
"name": "94488",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94488"
},
{
"name": "RHSA-2016:2816",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2816.html"
},
{
"name": "RHSA-2016:2847",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2847.html"
},
{
"name": "RHSA-2016:2848",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2848.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-8626",
"datePublished": "2018-07-31T19:00:00.000Z",
"dateReserved": "2016-10-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:27:41.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6561 (GCVE-0-2016-6561)
Vulnerability from cvelistv5 – Published: 2017-03-31 19:00 – Updated: 2024-08-06 01:36- CWE-476 - NULL Pointer Dereference
| URL | Tags |
|---|---|
| https://www.illumos.org/issues/7483 | x_refsource_CONFIRM |
| https://www.openindiana.org/2016/11/01/cve-2016-6… | x_refsource_CONFIRM |
| https://github.com/illumos/illumos-gate/commit/6d… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/98079 | vdb-entryx_refsource_BID |
| Vendor | Product | Version | |
|---|---|---|---|
| illumos | osnet-incorporation |
Affected:
proir to osnet-incorporation@0.5.11,5.11-2016.0.1.15933
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:28.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.illumos.org/issues/7483"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openindiana.org/2016/11/01/cve-2016-6560-cve-2016-6561-security-issues-in-illumos/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/illumos/illumos-gate/commit/6d1c73b5858fefc6161c7d686345f0dc887ea799"
},
{
"name": "98079",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98079"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "osnet-incorporation",
"vendor": "illumos",
"versions": [
{
"status": "affected",
"version": "proir to osnet-incorporation@0.5.11,5.11-2016.0.1.15933"
}
]
}
],
"datePublic": "2016-11-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "illumos smbsrv NULL pointer dereference allows system crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.illumos.org/issues/7483"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openindiana.org/2016/11/01/cve-2016-6560-cve-2016-6561-security-issues-in-illumos/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/illumos/illumos-gate/commit/6d1c73b5858fefc6161c7d686345f0dc887ea799"
},
{
"name": "98079",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98079"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-6561",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "osnet-incorporation",
"version": {
"version_data": [
{
"version_value": "proir to osnet-incorporation@0.5.11,5.11-2016.0.1.15933"
}
]
}
}
]
},
"vendor_name": "illumos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "illumos smbsrv NULL pointer dereference allows system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476: NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.illumos.org/issues/7483",
"refsource": "CONFIRM",
"url": "https://www.illumos.org/issues/7483"
},
{
"name": "https://www.openindiana.org/2016/11/01/cve-2016-6560-cve-2016-6561-security-issues-in-illumos/",
"refsource": "CONFIRM",
"url": "https://www.openindiana.org/2016/11/01/cve-2016-6560-cve-2016-6561-security-issues-in-illumos/"
},
{
"name": "https://github.com/illumos/illumos-gate/commit/6d1c73b5858fefc6161c7d686345f0dc887ea799",
"refsource": "CONFIRM",
"url": "https://github.com/illumos/illumos-gate/commit/6d1c73b5858fefc6161c7d686345f0dc887ea799"
},
{
"name": "98079",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98079"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-6561",
"datePublished": "2017-03-31T19:00:00.000Z",
"dateReserved": "2016-08-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:36:28.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0757 (GCVE-0-2014-0757)
Vulnerability from cvelistv5 – Published: 2014-01-31 02:00 – Updated: 2025-08-22 22:56| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | |
| http://secunia.com/advisories/56713 | third-party-advisoryx_refsource_SECUNIA |
| http://ics-cert.us-cert.gov/advisories/ICSA-14-030-01 | x_refsource_MISCx_transferred |
| Vendor | Product | Version | |
|---|---|---|---|
| Smart Software Solutions (3S) | CoDeSys Runtime Toolkit |
Affected:
0 , < V2.4.7.44
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-030-01"
},
{
"name": "56713",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56713"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CoDeSys Runtime Toolkit",
"vendor": "Smart Software Solutions (3S)",
"versions": [
{
"lessThan": "V2.4.7.44",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nicholas Miles"
}
],
"datePublic": "2014-01-30T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSmart Software Solutions (3S) CoDeSys Runtime Toolkit before 2.4.7.44 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.\u003c/p\u003e"
}
],
"value": "Smart Software Solutions (3S) CoDeSys Runtime Toolkit before 2.4.7.44 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T22:56:09.487Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-030-01"
},
{
"name": "56713",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56713"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e3S has produced an update that is available for download from the 3S CODESYS Download page:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.codesys.com/support-training/self-help/downloads-updates.html\"\u003ehttp://www.codesys.com/support-training/self-help/downloads-updates.html\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003ePlease contact CODESYS Support for any additional questions concerning the update.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "3S has produced an update that is available for download from the 3S CODESYS Download page:\u00a0 http://www.codesys.com/support-training/self-help/downloads-updates.html \n\n\nPlease contact CODESYS Support for any additional questions concerning the update."
}
],
"source": {
"advisory": "ICSA-14-030-01",
"discovery": "EXTERNAL"
},
"title": "Smart Software Solutions (3S) CoDeSys Runtime Toolkit NULL Pointer Dereference",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Smart Software Solutions (3S) CoDeSys Runtime Toolkit before 2.4.7.44 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-030-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-030-01"
},
{
"name": "56713",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56713"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-0757",
"datePublished": "2014-01-31T02:00:00.000Z",
"dateReserved": "2014-01-02T00:00:00.000Z",
"dateUpdated": "2025-08-22T22:56:09.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4816 (GCVE-0-2010-4816)
Vulnerability from cvelistv5 – Published: 2021-06-22 13:44 – Updated: 2024-08-07 04:02| URL | Tags |
|---|---|
| https://bugs.freebsd.org/bugzilla/show_bug.cgi?id… | x_refsource_MISC |
| https://seclists.org/fulldisclosure/2010/Mar/117 | x_refsource_MISC |
| https://seclists.org/oss-sec/2011/q3/284 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | FreeBSD and OpenBSD ftpd service |
Affected:
FreeBSD 8.0, 6.3 and 4.9, OpenBSD 4.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:29.038Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=144761"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2010/Mar/117"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/oss-sec/2011/q3/284"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD and OpenBSD ftpd service",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "FreeBSD 8.0, 6.3 and 4.9, OpenBSD 4.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denial of service of the ftpd service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-22T13:44:58.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=144761"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2010/Mar/117"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/oss-sec/2011/q3/284"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4816",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD and OpenBSD ftpd service",
"version": {
"version_data": [
{
"version_value": "FreeBSD 8.0, 6.3 and 4.9, OpenBSD 4.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denial of service of the ftpd service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=144761",
"refsource": "MISC",
"url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=144761"
},
{
"name": "https://seclists.org/fulldisclosure/2010/Mar/117",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2010/Mar/117"
},
{
"name": "https://seclists.org/oss-sec/2011/q3/284",
"refsource": "MISC",
"url": "https://seclists.org/oss-sec/2011/q3/284"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4816",
"datePublished": "2021-06-22T13:44:58.000Z",
"dateReserved": "2011-08-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:02:29.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-224G-5GVW-3M56
Vulnerability from github – Published: 2022-05-24 17:07 – Updated: 2022-12-07 21:30A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service via commands that attempt to launch a grid without previously providing a Compute Shader (CS).
{
"affected": [],
"aliases": [
"CVE-2020-8002"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-01-27T05:15:00Z",
"severity": "LOW"
},
"details": "A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service via commands that attempt to launch a grid without previously providing a Compute Shader (CS).",
"id": "GHSA-224g-5gvw-3m56",
"modified": "2022-12-07T21:30:29Z",
"published": "2022-05-24T17:07:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8002"
},
{
"type": "WEB",
"url": "https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340"
},
{
"type": "WEB",
"url": "https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340/diffs?commit_id=572a36879701598fa727f50313508be99865b58f"
},
{
"type": "WEB",
"url": "https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340/diffs?commit_id=725e12beba4a41934f0ab62d399b5d4de2d13190"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00017.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2259-5MCV-W35H
Vulnerability from github – Published: 2022-02-16 00:01 – Updated: 2025-11-03 18:31In SVGPP SVG++ library 1.3.0, the XMLDocument::getRoot function in the renderDocument function handled the XMLDocument object improperly, returning a null pointer in advance at the second if, resulting in a null pointer reference behind the renderDocument function.
{
"affected": [],
"aliases": [
"CVE-2021-44960"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-15T16:15:00Z",
"severity": "MODERATE"
},
"details": "In SVGPP SVG++ library 1.3.0, the XMLDocument::getRoot function in the renderDocument function handled the XMLDocument object improperly, returning a null pointer in advance at the second if, resulting in a null pointer reference behind the renderDocument function.",
"id": "GHSA-2259-5mcv-w35h",
"modified": "2025-11-03T18:31:10Z",
"published": "2022-02-16T00:01:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44960"
},
{
"type": "WEB",
"url": "https://github.com/svgpp/svgpp/issues/101"
},
{
"type": "WEB",
"url": "https://github.com/svgpp/svgpp/issues/101.aa"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00016.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-228R-WHM8-29MW
Vulnerability from github – Published: 2022-11-19 00:30 – Updated: 2022-11-29 18:30NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service.
{
"affected": [],
"aliases": [
"CVE-2022-31615"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-19T00:15:00Z",
"severity": "MODERATE"
},
"details": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service.",
"id": "GHSA-228r-whm8-29mw",
"modified": "2022-11-29T18:30:19Z",
"published": "2022-11-19T00:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31615"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202310-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-22G9-JC7J-7RGJ
Vulnerability from github – Published: 2024-07-30 09:31 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes
In nouveau_connector_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a possible NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd.
{
"affected": [],
"aliases": [
"CVE-2024-42101"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-30T08:15:02Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: fix null pointer dereference in nouveau_connector_get_modes\n\nIn nouveau_connector_get_modes(), the return value of drm_mode_duplicate()\nis assigned to mode, which will lead to a possible NULL pointer\ndereference on failure of drm_mode_duplicate(). Add a check to avoid npd.",
"id": "GHSA-22g9-jc7j-7rgj",
"modified": "2025-11-04T00:31:05Z",
"published": "2024-07-30T09:31:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42101"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1f32535238493008587a8c5cb17eb2ca097592ef"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/274cba8d2d1b48c72d8bd90e76c9e2dc1aa0a81d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/744b229f09134ccd091427a6f9ea6d97302cfdd9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7db5411c5d0bd9c29b8c2ad93c36b5c16ea46c9e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/80bec6825b19d95ccdfd3393cf8ec15ff2a749b4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9baf60323efa992b7c915094529f0a1882c34e7e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e36364f5f3785d054a94e57e971385284886d41a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f48dd3f19614022f2e1b794fbd169d2b4c398c07"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-22J6-V8CR-PVVX
Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-18 03:31In the Linux kernel, the following vulnerability has been resolved:
locking/csd_lock: Change csdlock_debug from early_param to __setup
The csdlock_debug kernel-boot parameter is parsed by the early_param() function csdlock_debug(). If set, csdlock_debug() invokes static_branch_enable() to enable csd_lock_wait feature, which triggers a panic on arm64 for kernels built with CONFIG_SPARSEMEM=y and CONFIG_SPARSEMEM_VMEMMAP=n.
With CONFIG_SPARSEMEM_VMEMMAP=n, __nr_to_section is called in static_key_enable() and returns NULL, resulting in a NULL dereference because mem_section is initialized only later in sparse_init().
This is also a problem for powerpc because early_param() functions are invoked earlier than jump_label_init(), also resulting in static_key_enable() failures. These failures cause the warning "static key 'xxx' used before call to jump_label_init()".
Thus, early_param is too early for csd_lock_wait to run static_branch_enable(), so changes it to __setup to fix these.
{
"affected": [],
"aliases": [
"CVE-2022-50091"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-18T11:15:38Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nlocking/csd_lock: Change csdlock_debug from early_param to __setup\n\nThe csdlock_debug kernel-boot parameter is parsed by the\nearly_param() function csdlock_debug(). If set, csdlock_debug()\ninvokes static_branch_enable() to enable csd_lock_wait feature, which\ntriggers a panic on arm64 for kernels built with CONFIG_SPARSEMEM=y and\nCONFIG_SPARSEMEM_VMEMMAP=n.\n\nWith CONFIG_SPARSEMEM_VMEMMAP=n, __nr_to_section is called in\nstatic_key_enable() and returns NULL, resulting in a NULL dereference\nbecause mem_section is initialized only later in sparse_init().\n\nThis is also a problem for powerpc because early_param() functions\nare invoked earlier than jump_label_init(), also resulting in\nstatic_key_enable() failures. These failures cause the warning \"static\nkey \u0027xxx\u0027 used before call to jump_label_init()\".\n\nThus, early_param is too early for csd_lock_wait to run\nstatic_branch_enable(), so changes it to __setup to fix these.",
"id": "GHSA-22j6-v8cr-pvvx",
"modified": "2025-11-18T03:31:13Z",
"published": "2025-06-18T12:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50091"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/05de9e2e33b1625c71aee69e353fe906dd2be88a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9c9b26b0df270d4f9246e483a44686fca951a29c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b480d1e9a8c11ecc1c99dc01814b28e3103bd0a0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d2cbdbe22b5f190055d2d0ae92e7454479343a30"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.