CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-2627-H6Q4-H8XQ
Vulnerability from github – Published: 2025-04-18 15:31 – Updated: 2025-11-06 18:32In the Linux kernel, the following vulnerability has been resolved:
drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr
The function mtk_dp_wait_hpd_asserted() may be called before the
mtk_dp->drm_dev pointer is assigned in mtk_dp_bridge_attach().
Specifically it can be called via this callpath:
- mtk_edp_wait_hpd_asserted
- [panel probe]
- dp_aux_ep_probe
Using "drm" level prints anywhere in this callpath causes a NULL pointer dereference. Change the error message directly in mtk_dp_wait_hpd_asserted() to dev_err() to avoid this. Also change the error messages in mtk_dp_parse_capabilities(), which is called by mtk_dp_wait_hpd_asserted().
While touching these prints, also add the error code to them to make future debugging easier.
{
"affected": [],
"aliases": [
"CVE-2025-38240"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-18T07:15:43Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: dp: drm_err =\u003e dev_err in HPD path to avoid NULL ptr\n\nThe function mtk_dp_wait_hpd_asserted() may be called before the\n`mtk_dp-\u003edrm_dev` pointer is assigned in mtk_dp_bridge_attach().\nSpecifically it can be called via this callpath:\n - mtk_edp_wait_hpd_asserted\n - [panel probe]\n - dp_aux_ep_probe\n\nUsing \"drm\" level prints anywhere in this callpath causes a NULL\npointer dereference. Change the error message directly in\nmtk_dp_wait_hpd_asserted() to dev_err() to avoid this. Also change the\nerror messages in mtk_dp_parse_capabilities(), which is called by\nmtk_dp_wait_hpd_asserted().\n\nWhile touching these prints, also add the error code to them to make\nfuture debugging easier.",
"id": "GHSA-2627-h6q4-h8xq",
"modified": "2025-11-06T18:32:43Z",
"published": "2025-04-18T15:31:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38240"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/106a6de46cf4887d535018185ec528ce822d6d84"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/13ec849fd2eab808ee8eba2625df7ebea3b85edf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/149a5c38436c229950cf1020992ce65c9549bc19"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2fda391ef7a701748abd7fa32232981b522c1e07"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/57a9fb47551b33cde7b76d17c0072c3b394f4620"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-263W-F6FG-V2X5
Vulnerability from github – Published: 2024-09-13 06:30 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()
This happens when called from SMB2_read() while using rdma and reaching the rdma_readwrite_threshold.
{
"affected": [],
"aliases": [
"CVE-2024-46686"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-13T06:15:13Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()\n\nThis happens when called from SMB2_read() while using rdma\nand reaching the rdma_readwrite_threshold.",
"id": "GHSA-263w-f6fg-v2x5",
"modified": "2025-11-04T00:31:24Z",
"published": "2024-09-13T06:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46686"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6df57c63c200cd05e085c3b695128260e21959b7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a01859dd6aebf826576513850a3b05992809e9d2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b902fb78ab21299e4dd1775e7e8d251d5c0735bc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c724b2ab6a46435b4e7d58ad2fbbdb7a318823cf"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2647-7H53-XFQ5
Vulnerability from github – Published: 2025-04-16 15:34 – Updated: 2025-11-03 21:33In the Linux kernel, the following vulnerability has been resolved:
sctp: add mutual exclusion in proc_sctp_do_udp_port()
We must serialize calls to sctp_udp_sock_stop() and sctp_udp_sock_start() or risk a crash as syzbot reported:
Oops: general protection fault, probably for non-canonical address 0xdffffc000000000d: 0000 [#1] SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f] CPU: 1 UID: 0 PID: 6551 Comm: syz.1.44 Not tainted 6.14.0-syzkaller-g7f2ff7b62617 #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 RIP: 0010:kernel_sock_shutdown+0x47/0x70 net/socket.c:3653 Call Trace: udp_tunnel_sock_release+0x68/0x80 net/ipv4/udp_tunnel_core.c:181 sctp_udp_sock_stop+0x71/0x160 net/sctp/protocol.c:930 proc_sctp_do_udp_port+0x264/0x450 net/sctp/sysctl.c:553 proc_sys_call_handler+0x3d0/0x5b0 fs/proc/proc_sysctl.c:601 iter_file_splice_write+0x91c/0x1150 fs/splice.c:738 do_splice_from fs/splice.c:935 [inline] direct_splice_actor+0x18f/0x6c0 fs/splice.c:1158 splice_direct_to_actor+0x342/0xa30 fs/splice.c:1102 do_splice_direct_actor fs/splice.c:1201 [inline] do_splice_direct+0x174/0x240 fs/splice.c:1227 do_sendfile+0xafd/0xe50 fs/read_write.c:1368 __do_sys_sendfile64 fs/read_write.c:1429 [inline] __se_sys_sendfile64 fs/read_write.c:1415 [inline] __x64_sys_sendfile64+0x1d8/0x220 fs/read_write.c:1415 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
{
"affected": [],
"aliases": [
"CVE-2025-22062"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-16T15:15:59Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: add mutual exclusion in proc_sctp_do_udp_port()\n\nWe must serialize calls to sctp_udp_sock_stop() and sctp_udp_sock_start()\nor risk a crash as syzbot reported:\n\nOops: general protection fault, probably for non-canonical address 0xdffffc000000000d: 0000 [#1] SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f]\nCPU: 1 UID: 0 PID: 6551 Comm: syz.1.44 Not tainted 6.14.0-syzkaller-g7f2ff7b62617 #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025\n RIP: 0010:kernel_sock_shutdown+0x47/0x70 net/socket.c:3653\nCall Trace:\n \u003cTASK\u003e\n udp_tunnel_sock_release+0x68/0x80 net/ipv4/udp_tunnel_core.c:181\n sctp_udp_sock_stop+0x71/0x160 net/sctp/protocol.c:930\n proc_sctp_do_udp_port+0x264/0x450 net/sctp/sysctl.c:553\n proc_sys_call_handler+0x3d0/0x5b0 fs/proc/proc_sysctl.c:601\n iter_file_splice_write+0x91c/0x1150 fs/splice.c:738\n do_splice_from fs/splice.c:935 [inline]\n direct_splice_actor+0x18f/0x6c0 fs/splice.c:1158\n splice_direct_to_actor+0x342/0xa30 fs/splice.c:1102\n do_splice_direct_actor fs/splice.c:1201 [inline]\n do_splice_direct+0x174/0x240 fs/splice.c:1227\n do_sendfile+0xafd/0xe50 fs/read_write.c:1368\n __do_sys_sendfile64 fs/read_write.c:1429 [inline]\n __se_sys_sendfile64 fs/read_write.c:1415 [inline]\n __x64_sys_sendfile64+0x1d8/0x220 fs/read_write.c:1415\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]",
"id": "GHSA-2647-7h53-xfq5",
"modified": "2025-11-03T21:33:36Z",
"published": "2025-04-16T15:34:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22062"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/10206302af856791fbcc27a33ed3c3eb09b2793d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/386507cb6fb7cdef598ddcb3f0fa37e6ca9e789d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/65ccb2793da7401772a3ffe85355c831b313c59f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b3598f53211ba1025485306de2733bdd241311a3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d3d7675d77622f6ca1aae14c51f80027b36283f8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e5178bfc55b3a78000f0f8298e7ade88783ce581"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/efb8cb487be8f4ba6aaef616011d702d6a083ed1"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-265F-V3VF-6M77
Vulnerability from github – Published: 2024-05-01 06:31 – Updated: 2026-05-12 12:31In the Linux kernel, the following vulnerability has been resolved:
wireguard: netlink: access device through ctx instead of peer
The previous commit fixed a bug that led to a NULL peer->device being dereferenced. It's actually easier and faster performance-wise to instead get the device from ctx->wg. This semantically makes more sense too, since ctx->wg->peer_allowedips.seq is compared with ctx->allowedips_seq, basing them both in ctx. This also acts as a defence in depth provision against freed peers.
{
"affected": [],
"aliases": [
"CVE-2024-26950"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-01T06:15:11Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwireguard: netlink: access device through ctx instead of peer\n\nThe previous commit fixed a bug that led to a NULL peer-\u003edevice being\ndereferenced. It\u0027s actually easier and faster performance-wise to\ninstead get the device from ctx-\u003ewg. This semantically makes more sense\ntoo, since ctx-\u003ewg-\u003epeer_allowedips.seq is compared with\nctx-\u003eallowedips_seq, basing them both in ctx. This also acts as a\ndefence in depth provision against freed peers.",
"id": "GHSA-265f-v3vf-6m77",
"modified": "2026-05-12T12:31:42Z",
"published": "2024-05-01T06:31:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26950"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/09c3fa70f65175861ca948cb2f0f791e666c90e5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/493aa6bdcffd90a4f82aa614fe4f4db0641b4068"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4be453271a882c8ebc28df3dbf9e4d95e6ac42f5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/71cbd32e3db82ea4a74e3ef9aeeaa6971969c86f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/93bcc1752c69bb309f4d8cfaf960ef1faeb34996"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c991567e6c638079304cc15dff28748e4a3c4a37"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d44bd323d8bb8031eef4bdc44547925998a11e47"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2675-7QGW-HJVX
Vulnerability from github – Published: 2022-05-24 16:56 – Updated: 2023-02-28 21:30AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. There is "cfg_new->AVCLevelIndication = cfg->AVCLevelIndication;" but cfg could be NULL.
{
"affected": [],
"aliases": [
"CVE-2018-21015"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-16T13:15:00Z",
"severity": "MODERATE"
},
"details": "AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. There is \"cfg_new-\u003eAVCLevelIndication = cfg-\u003eAVCLevelIndication;\" but cfg could be NULL.",
"id": "GHSA-2675-7qgw-hjvx",
"modified": "2023-02-28T21:30:18Z",
"published": "2022-05-24T16:56:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-21015"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/issues/1179"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00017.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-268R-8RWM-MQQ9
Vulnerability from github – Published: 2024-02-22 18:30 – Updated: 2024-11-04 15:31In the Linux kernel, the following vulnerability has been resolved:
mtd: Fix gluebi NULL pointer dereference caused by ftl notifier
If both ftl.ko and gluebi.ko are loaded, the notifier of ftl triggers NULL pointer dereference when trying to access ‘gluebi->desc’ in gluebi_read().
ubi_gluebi_init ubi_register_volume_notifier ubi_enumerate_volumes ubi_notify_all gluebi_notify nb->notifier_call() gluebi_create mtd_device_register mtd_device_parse_register add_mtd_device blktrans_notify_add not->add() ftl_add_mtd tr->add_mtd() scan_header mtd_read mtd_read_oob mtd_read_oob_std gluebi_read mtd->read() gluebi->desc - NULL
Detailed reproduction information available at the Link [1],
In the normal case, obtain gluebi->desc in the gluebi_get_device(), and access gluebi->desc in the gluebi_read(). However, gluebi_get_device() is not executed in advance in the ftl_add_mtd() process, which leads to NULL pointer dereference.
The solution for the gluebi module is to run jffs2 on the UBI volume without considering working with ftl or mtdblock [2]. Therefore, this problem can be avoided by preventing gluebi from creating the mtdblock device after creating mtd partition of the type MTD_UBIVOLUME.
{
"affected": [],
"aliases": [
"CVE-2023-52449"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-22T17:15:08Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: Fix gluebi NULL pointer dereference caused by ftl notifier\n\nIf both ftl.ko and gluebi.ko are loaded, the notifier of ftl\ntriggers NULL pointer dereference when trying to access\n\u2018gluebi-\u003edesc\u2019 in gluebi_read().\n\nubi_gluebi_init\n ubi_register_volume_notifier\n ubi_enumerate_volumes\n ubi_notify_all\n gluebi_notify nb-\u003enotifier_call()\n gluebi_create\n mtd_device_register\n mtd_device_parse_register\n add_mtd_device\n blktrans_notify_add not-\u003eadd()\n ftl_add_mtd tr-\u003eadd_mtd()\n scan_header\n mtd_read\n mtd_read_oob\n mtd_read_oob_std\n gluebi_read mtd-\u003eread()\n gluebi-\u003edesc - NULL\n\nDetailed reproduction information available at the Link [1],\n\nIn the normal case, obtain gluebi-\u003edesc in the gluebi_get_device(),\nand access gluebi-\u003edesc in the gluebi_read(). However,\ngluebi_get_device() is not executed in advance in the\nftl_add_mtd() process, which leads to NULL pointer dereference.\n\nThe solution for the gluebi module is to run jffs2 on the UBI\nvolume without considering working with ftl or mtdblock [2].\nTherefore, this problem can be avoided by preventing gluebi from\ncreating the mtdblock device after creating mtd partition of the\ntype MTD_UBIVOLUME.",
"id": "GHSA-268r-8rwm-mqq9",
"modified": "2024-11-04T15:31:51Z",
"published": "2024-02-22T18:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52449"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/001a3f59d8c914ef8273461d4bf495df384cc5f8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1bf4fe14e97cda621522eb2f28b0a4e87c5b0745"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5389407bba1eab1266c6d83e226fb0840cb98dd5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a43bdc376deab5fff1ceb93dca55bcab8dbdc1d6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/aeba358bcc8ffddf9b4a9bd0e5ec9eb338d46022"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b36aaa64d58aaa2f2cbc8275e89bae76a2b6c3dc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cfd7c9d260dc0a3baaea05a122a19ab91e193c65"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d8ac2537763b54d278b80b2b080e1652523c7d4c"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2696-454C-76J5
Vulnerability from github – Published: 2022-05-14 03:41 – Updated: 2022-05-14 03:41Under certain conditions a malicious user provoking a Null Pointer dereference can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services.
{
"affected": [],
"aliases": [
"CVE-2018-2384"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-02-14T12:29:00Z",
"severity": "MODERATE"
},
"details": "Under certain conditions a malicious user provoking a Null Pointer dereference can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services.",
"id": "GHSA-2696-454c-76j5",
"modified": "2022-05-14T03:41:44Z",
"published": "2022-05-14T03:41:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-2384"
},
{
"type": "WEB",
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018"
},
{
"type": "WEB",
"url": "https://launchpad.support.sap.com/#/notes/2525222"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-26C8-846H-XFJJ
Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-05-24 19:15An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::ReconstructUnsampled() located in blockbitmaprequester.cpp. It allows an attacker to cause Denial of Service.
{
"affected": [],
"aliases": [
"CVE-2021-39517"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-20T16:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::ReconstructUnsampled() located in blockbitmaprequester.cpp. It allows an attacker to cause Denial of Service.",
"id": "GHSA-26c8-846h-xfjj",
"modified": "2022-05-24T19:15:11Z",
"published": "2022-05-24T19:15:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39517"
},
{
"type": "WEB",
"url": "https://github.com/thorfdbg/libjpeg/issues/33"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-26CR-GFXR-8XQ9
Vulnerability from github – Published: 2022-03-17 00:00 – Updated: 2022-03-17 00:00Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2021-40785"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-16T15:15:00Z",
"severity": "MODERATE"
},
"details": "Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-26cr-gfxr-8xq9",
"modified": "2022-03-17T00:00:32Z",
"published": "2022-03-17T00:00:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40785"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/premiere_elements/apsb21-106.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-26FH-VR24-Q829
Vulnerability from github – Published: 2022-05-17 03:21 – Updated: 2022-05-17 03:21An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2016-9628"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-12-12T02:59:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",
"id": "GHSA-26fh-vr24-q829",
"modified": "2022-05-17T03:21:44Z",
"published": "2022-05-17T03:21:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9628"
},
{
"type": "WEB",
"url": "https://github.com/tats/w3m/issues/39"
},
{
"type": "WEB",
"url": "https://github.com/tats/w3m/blob/master/ChangeLog"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/11/24/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.