Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-HJHF-9J6X-5777

Vulnerability from github – Published: 2026-01-13 18:31 – Updated: 2026-01-13 18:31
VLAI
Details

Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-20875"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-13T18:16:17Z",
    "severity": "HIGH"
  },
  "details": "Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.",
  "id": "GHSA-hjhf-9j6x-5777",
  "modified": "2026-01-13T18:31:10Z",
  "published": "2026-01-13T18:31:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20875"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20875"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HJMV-HQM5-66XP

Vulnerability from github – Published: 2022-05-17 00:29 – Updated: 2022-05-17 00:29
VLAI
Details

p_lx_elf.cpp in UPX 3.94 mishandles ELF headers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by an Invalid Pointer Read in PackLinuxElf64::unpack().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-15056"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-06T07:29:00Z",
    "severity": "HIGH"
  },
  "details": "p_lx_elf.cpp in UPX 3.94 mishandles ELF headers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by an Invalid Pointer Read in PackLinuxElf64::unpack().",
  "id": "GHSA-hjmv-hqm5-66xp",
  "modified": "2022-05-17T00:29:01Z",
  "published": "2022-05-17T00:29:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15056"
    },
    {
      "type": "WEB",
      "url": "https://github.com/upx/upx/issues/128"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HJPQ-CMQM-X5P7

Vulnerability from github – Published: 2022-05-14 01:05 – Updated: 2022-05-14 01:05
VLAI
Details

The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-14977"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-02T01:29:00Z",
    "severity": "HIGH"
  },
  "details": "The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack.",
  "id": "GHSA-hjpq-cmqm-x5p7",
  "modified": "2022-05-14T01:05:48Z",
  "published": "2022-05-14T01:05:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14977"
    },
    {
      "type": "WEB",
      "url": "https://bugs.freedesktop.org/show_bug.cgi?id=103045"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4079"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HJR5-PR64-8MC2

Vulnerability from github – Published: 2024-12-16 18:31 – Updated: 2024-12-16 18:31
VLAI
Details

A vulnerability, which was classified as problematic, was found in FabulaTech USB over Network 6.0.6.1. This affects the function 0x220448 in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-12656"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-404",
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-16T17:15:09Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability, which was classified as problematic, was found in FabulaTech USB over Network 6.0.6.1. This affects the function 0x220448 in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-hjr5-pr64-8mc2",
  "modified": "2024-12-16T18:31:09Z",
  "published": "2024-12-16T18:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12656"
    },
    {
      "type": "WEB",
      "url": "https://shareforall.notion.site/FabulaTech-USB-over-Network-Client-ftusbbus2-0x220448-NPD-DOS-15160437bb1e80cb837cd715680be6ea"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.288525"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.288525"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.456030"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-HJRF-48VM-FQ22

Vulnerability from github – Published: 2025-02-27 03:34 – Updated: 2025-11-03 21:33
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

vxlan: check vxlan_vnigroup_init() return value

vxlan_init() must check vxlan_vnigroup_init() success otherwise a crash happens later, spotted by syzbot.

Oops: general protection fault, probably for non-canonical address 0xdffffc000000002c: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000160-0x0000000000000167] CPU: 0 UID: 0 PID: 7313 Comm: syz-executor147 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 RIP: 0010:vxlan_vnigroup_uninit+0x89/0x500 drivers/net/vxlan/vxlan_vnifilter.c:912 Code: 00 48 8b 44 24 08 4c 8b b0 98 41 00 00 49 8d 86 60 01 00 00 48 89 c2 48 89 44 24 10 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 4d 04 00 00 49 8b 86 60 01 00 00 48 ba 00 00 00 RSP: 0018:ffffc9000cc1eea8 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8672effb RDX: 000000000000002c RSI: ffffffff8672ecb9 RDI: ffff8880461b4f18 RBP: ffff8880461b4ef4 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000020000 R13: ffff8880461b0d80 R14: 0000000000000000 R15: dffffc0000000000 FS: 00007fecfa95d6c0(0000) GS:ffff88806a600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fecfa95cfb8 CR3: 000000004472c000 CR4: 0000000000352ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: vxlan_uninit+0x1ab/0x200 drivers/net/vxlan/vxlan_core.c:2942 unregister_netdevice_many_notify+0x12d6/0x1f30 net/core/dev.c:11824 unregister_netdevice_many net/core/dev.c:11866 [inline] unregister_netdevice_queue+0x307/0x3f0 net/core/dev.c:11736 register_netdevice+0x1829/0x1eb0 net/core/dev.c:10901 __vxlan_dev_create+0x7c6/0xa30 drivers/net/vxlan/vxlan_core.c:3981 vxlan_newlink+0xd1/0x130 drivers/net/vxlan/vxlan_core.c:4407 rtnl_newlink_create net/core/rtnetlink.c:3795 [inline] __rtnl_newlink net/core/rtnetlink.c:3906 [inline]

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21790"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-27T03:15:19Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: check vxlan_vnigroup_init() return value\n\nvxlan_init() must check vxlan_vnigroup_init() success\notherwise a crash happens later, spotted by syzbot.\n\nOops: general protection fault, probably for non-canonical address 0xdffffc000000002c: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000160-0x0000000000000167]\nCPU: 0 UID: 0 PID: 7313 Comm: syz-executor147 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n RIP: 0010:vxlan_vnigroup_uninit+0x89/0x500 drivers/net/vxlan/vxlan_vnifilter.c:912\nCode: 00 48 8b 44 24 08 4c 8b b0 98 41 00 00 49 8d 86 60 01 00 00 48 89 c2 48 89 44 24 10 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 4d 04 00 00 49 8b 86 60 01 00 00 48 ba 00 00 00\nRSP: 0018:ffffc9000cc1eea8 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8672effb\nRDX: 000000000000002c RSI: ffffffff8672ecb9 RDI: ffff8880461b4f18\nRBP: ffff8880461b4ef4 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000020000\nR13: ffff8880461b0d80 R14: 0000000000000000 R15: dffffc0000000000\nFS:  00007fecfa95d6c0(0000) GS:ffff88806a600000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fecfa95cfb8 CR3: 000000004472c000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n  vxlan_uninit+0x1ab/0x200 drivers/net/vxlan/vxlan_core.c:2942\n  unregister_netdevice_many_notify+0x12d6/0x1f30 net/core/dev.c:11824\n  unregister_netdevice_many net/core/dev.c:11866 [inline]\n  unregister_netdevice_queue+0x307/0x3f0 net/core/dev.c:11736\n  register_netdevice+0x1829/0x1eb0 net/core/dev.c:10901\n  __vxlan_dev_create+0x7c6/0xa30 drivers/net/vxlan/vxlan_core.c:3981\n  vxlan_newlink+0xd1/0x130 drivers/net/vxlan/vxlan_core.c:4407\n  rtnl_newlink_create net/core/rtnetlink.c:3795 [inline]\n  __rtnl_newlink net/core/rtnetlink.c:3906 [inline]",
  "id": "GHSA-hjrf-48vm-fq22",
  "modified": "2025-11-03T21:33:01Z",
  "published": "2025-02-27T03:34:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21790"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3215f5aafc49aaa993991633833854694e73b439"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5805402dcc56241987bca674a1b4da79a249bab7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/79aea5e55156c87dc570e43fcd8bba01b9d6ab3f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a303649b99b64858d62ce7428125d8e71675d2b6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e860f847787fbbf0d8dacd638c019c7c3d4a9bd3"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HJV6-9PR5-J6W8

Vulnerability from github – Published: 2026-06-10 06:30 – Updated: 2026-06-15 21:30
VLAI
Details

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS) attack.

We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build 20260214 and later QuTS hero h5.2.9.3410 build 20260214 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3397 build 20260206 and later

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-66281"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-10T04:17:14Z",
    "severity": "MODERATE"
  },
  "details": "A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.9.3410 build 20260214 and later\nQuTS hero h5.2.9.3410 build 20260214 and later\nQuTS hero h5.3.4.3500 build 20260520 and later\nQuTS hero h6.0.0.3397 build 20260206 and later",
  "id": "GHSA-hjv6-9pr5-j6w8",
  "modified": "2026-06-15T21:30:26Z",
  "published": "2026-06-10T06:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66281"
    },
    {
      "type": "WEB",
      "url": "https://www.qnap.com/en/security-advisory/qsa-26-10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-HJWP-9P4P-7CGX

Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2022-05-24 17:47
VLAI
Details

A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-3463"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-13T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error.",
  "id": "GHSA-hjwp-9p4p-7cgx",
  "modified": "2022-05-24T17:47:31Z",
  "published": "2022-05-24T17:47:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3463"
    },
    {
      "type": "WEB",
      "url": "https://support.lenovo.com/us/en/product_security/LEN-59174"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-HM27-9G63-W87W

Vulnerability from github – Published: 2023-07-24 18:30 – Updated: 2023-12-04 15:31
VLAI
Details

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_TREE_CONNECT and SMB2_QUERY_INFO commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-32248"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-24T16:15:11Z",
    "severity": "HIGH"
  },
  "details": "A flaw was found in the Linux kernel\u0027s ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_TREE_CONNECT and SMB2_QUERY_INFO commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.",
  "id": "GHSA-hm27-9g63-w87w",
  "modified": "2023-12-04T15:31:54Z",
  "published": "2023-07-24T18:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32248"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2023-32248"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219818"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230915-0006"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20479"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HM2G-J35V-6VXH

Vulnerability from github – Published: 2024-04-10 15:30 – Updated: 2024-11-07 21:31
VLAI
Details

Time4J Base v5.9.3 was discovered to contain a NullPointerException via the component net.time4j.format.internal.FormatUtils::useDefaultWeekmodel(Locale).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-23083"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-10T14:15:07Z",
    "severity": "MODERATE"
  },
  "details": "Time4J Base v5.9.3 was discovered to contain a NullPointerException via the component net.time4j.format.internal.FormatUtils::useDefaultWeekmodel(Locale).",
  "id": "GHSA-hm2g-j35v-6vxh",
  "modified": "2024-11-07T21:31:37Z",
  "published": "2024-04-10T15:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23083"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/LLM4IG/624598834f6699e3617d47c675227e97"
    },
    {
      "type": "WEB",
      "url": "https://github.com/MenoData/Time4J"
    },
    {
      "type": "WEB",
      "url": "http://time4j.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HM4C-83CP-Q77M

Vulnerability from github – Published: 2025-03-27 15:31 – Updated: 2026-06-26 00:31
VLAI
Details

A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-31179"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-27T15:16:03Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash.",
  "id": "GHSA-hm4c-83cp-q77m",
  "modified": "2026-06-26T00:31:59Z",
  "published": "2025-03-27T15:31:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31179"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2025-31179"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355340"
    },
    {
      "type": "WEB",
      "url": "https://sourceforge.net/p/gnuplot/bugs/2779"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.