Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-HW53-4Q7V-6MCG

Vulnerability from github – Published: 2025-06-20 21:32 – Updated: 2025-10-22 21:31
VLAI
Details

brplot v420.69.1 contains a Null Pointer Dereference (NPD) vulnerability in the br_dagens_handle_once function of its data processing module, leading to unpredictable program behavior, causing segmentation faults, and program crashes.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-45331"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-20T16:15:29Z",
    "severity": "HIGH"
  },
  "details": "brplot v420.69.1 contains a Null Pointer Dereference (NPD) vulnerability in the br_dagens_handle_once function of its data processing module, leading to unpredictable program behavior, causing segmentation faults, and program crashes.",
  "id": "GHSA-hw53-4q7v-6mcg",
  "modified": "2025-10-22T21:31:18Z",
  "published": "2025-06-20T21:32:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-45331"
    },
    {
      "type": "WEB",
      "url": "https://github.com/branc116/brplot/commit/b90e93a0e0d514d48f38d1584496130fa5fe4fe4"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/QiuYitai/9dd6db6e9dfc03868b9c886b801502ac"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HW98-2857-JGGJ

Vulnerability from github – Published: 2022-05-13 01:25 – Updated: 2022-05-13 01:25
VLAI
Details

XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-20481"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-26T04:29:00Z",
    "severity": "MODERATE"
  },
  "details": "XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.",
  "id": "GHSA-hw98-2857-jggj",
  "modified": "2022-05-13T01:25:12Z",
  "published": "2022-05-13T01:25:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20481"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2022"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2713"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.freedesktop.org/poppler/poppler/issues/692"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.freedesktop.org/poppler/poppler/merge_requests/143"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3865-1"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/106321"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HWF6-8434-65RV

Vulnerability from github – Published: 2024-06-19 15:30 – Updated: 2024-08-27 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

tee: amdtee: fix an IS_ERR() vs NULL bug

The __get_free_pages() function does not return error pointers it returns NULL so fix this condition to avoid a NULL dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47601"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-19T15:15:54Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntee: amdtee: fix an IS_ERR() vs NULL bug\n\nThe __get_free_pages() function does not return error pointers it returns\nNULL so fix this condition to avoid a NULL dereference.",
  "id": "GHSA-hwf6-8434-65rv",
  "modified": "2024-08-27T18:31:35Z",
  "published": "2024-06-19T15:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47601"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/640e28d618e82be78fb43b4bf5113bc90d6aa442"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/832f3655c6138c23576ed268e31cc76e0f05f2b1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9d7482771fac8d8e38e763263f2ca0ca12dd22c6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HWFV-6R5J-7XM3

Vulnerability from github – Published: 2025-08-16 15:30 – Updated: 2025-11-18 18:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: validate session id and tree id in the compound request

This patch validate session id and tree id in compound request. If first operation in the compound is SMB2 ECHO request, ksmbd bypass session and tree validation. So work->sess and work->tcon could be NULL. If secound request in the compound access work->sess or tcon, It cause NULL pointer dereferecing error.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-3866"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-16T14:15:27Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: validate session id and tree id in the compound request\n\nThis patch validate session id and tree id in compound request.\nIf first operation in the compound is SMB2 ECHO request, ksmbd bypass\nsession and tree validation. So work-\u003esess and work-\u003etcon could be NULL.\nIf secound request in the compound access work-\u003esess or tcon, It cause\nNULL pointer dereferecing error.",
  "id": "GHSA-hwfv-6r5j-7xm3",
  "modified": "2025-11-18T18:32:49Z",
  "published": "2025-08-16T15:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3866"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5005bcb4219156f1bf7587b185080ec1da08518e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/854156d12caa9d36de1cf5f084591c7686cc8a9d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d1066c1b3663401cd23c0d6e60cdae750ce00c0f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eb947403518ea3d93f6d89264bb1f5416bb0c7d0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HWG2-4PQ6-P2CF

Vulnerability from github – Published: 2022-11-19 00:30 – Updated: 2022-11-29 18:30
VLAI
Details

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-34665"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-19T00:15:00Z",
    "severity": "MODERATE"
  },
  "details": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service.",
  "id": "GHSA-hwg2-4pq6-p2cf",
  "modified": "2022-11-29T18:30:19Z",
  "published": "2022-11-19T00:30:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34665"
    },
    {
      "type": "WEB",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202310-02"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HWHJ-RR4W-2XMM

Vulnerability from github – Published: 2022-05-14 00:56 – Updated: 2022-05-14 00:56
VLAI
Details

The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-1000027"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-02-09T23:29:00Z",
    "severity": "HIGH"
  },
  "details": "The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.",
  "id": "GHSA-hwhj-rr4w-2xmm",
  "modified": "2022-05-14T00:56:21Z",
  "published": "2022-05-14T00:56:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000027"
    },
    {
      "type": "WEB",
      "url": "https://github.com/squid-cache/squid/pull/129/files"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3557-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4059-2"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4122"
    },
    {
      "type": "WEB",
      "url": "http://www.squid-cache.org/Advisories/SQUID-2018_2.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch"
    },
    {
      "type": "WEB",
      "url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_2.patch"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HWJ7-VQX3-V4R8

Vulnerability from github – Published: 2022-05-17 00:12 – Updated: 2022-05-17 00:12
VLAI
Details

K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025c8 DeviceIoControl request.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-17701"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-12-15T20:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025c8 DeviceIoControl request.",
  "id": "GHSA-hwj7-vqx3-v4r8",
  "modified": "2022-05-17T00:12:25Z",
  "published": "2022-05-17T00:12:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17701"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mmmxny/K7-Antivirus/tree/master/cve2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HWPQ-9G3C-W6V8

Vulnerability from github – Published: 2022-05-17 02:51 – Updated: 2022-05-17 02:51
VLAI
Details

ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted wpg file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-9814"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-03-30T15:59:00Z",
    "severity": "MODERATE"
  },
  "details": "ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted wpg file.",
  "id": "GHSA-hwpq-9g3c-w6v8",
  "modified": "2022-05-17T02:51:57Z",
  "published": "2022-05-17T02:51:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9814"
    },
    {
      "type": "WEB",
      "url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream\u0026id=fcced2ba626109d23186282d326427a0fc85fec0"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343470"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2014/12/24/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HWPQ-HMQ9-WJ77

Vulnerability from github – Published: 2026-07-07 13:02 – Updated: 2026-07-07 13:02
VLAI
Summary
ONNX has Null Pointer Dereference in Upsample Version Converter Adapter (Zero Inputs)
Details

Summary

Null pointer dereference (SIGSEGV) in Upsample_6_7::adapt_upsample_6_7() (onnx/version_converter/adapters/upsample_6_7.h:31) when convert_version() processes a model with an Upsample node that has zero inputs. The adapter accesses node->inputs()[0]->sizes() without checking input count. 107-byte PoC crashes on Release build.

This is the same class of bug as the Cast adapter advisory (separate report) but in a different adapter, different file, and different operator.

Details

The Upsample 6→7 adapter validates attributes but not inputs:

// upsample_6_7.h:20-33
void adapt_upsample_6_7(..., Node* node) const {
    ONNX_ASSERTM(
        node->hasAttribute(width_scale_symbol) && node->hasAttribute(height_scale_symbol),
        "...")  // Attribute check PASSES

    auto width_scale = node->f(width_scale_symbol);
    auto height_scale = node->f(height_scale_symbol);

    auto input_shape = node->inputs()[0]->sizes();
    //                 ^^^^^^^^^^^^^^^^^^^^
    //                 OOB when inputs().size() == 0 → SIGSEGV
}

The PoC has an Upsample node at opset 6 with the required width_scale and height_scale attributes but zero inputs. The attribute assertions pass, then node->inputs()[0] on an empty ArrayRef: - Release builds (NDEBUG): bounds-check assertion compiled out → reads garbage pointer → SIGSEGV - Debug builds: assert(Index < Length) at array_ref.h:159 → SIGABRT

An Upsample node with zero inputs passes graphProtoToGraph() because the import code only resolves input names present in the protobuf.

PoC

import base64
import onnx
from onnx import version_converter

poc_b64 = "CAI6YQo8EgFZIghVcHNhbXBsZSoVCgt3aWR0aF9zY2FsZRUAAABAoAEBKhYKDGhlaWdodF9zY2FsZRUAAABAoAEBEgR0ZXN0YhsKAVkSFgoUCAESEAoCCAEKAggBCgIIBAoCCARCBAoAEAY="

model = onnx.load_from_string(base64.b64decode(poc_b64))

# CRASHES — Upsample_6_7 adapter dereferences empty inputs array
version_converter.convert_version(model, 7)  # SIGSEGV

107-byte PoC. Confirmed SIGSEGV on both onnx 1.21.0 (pip) and 1.22.0 (source build).

Impact

Any application that uses onnx.version_converter.convert_version() on untrusted models is vulnerable. This includes model conversion pipelines and tools that auto-upgrade opset versions for compatibility. The crash is unrecoverable (SIGSEGV).

This vulnerability is part of a systemic pattern across multiple version converter adapters. A full audit of all ~45 adapters was performed as part of the fix; eight adapters were found with the same class of unguarded indexed access (cast_9_8, softmax_12_13, softmax_13_12, upsample_6_7, upsample_9_10, group_normalization_20_21, broadcast_forward_compatibility, upsample_9_8) and all have been fixed in PR #7813.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "onnx"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.9.0"
            },
            {
              "fixed": "1.22.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-44512"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-07T13:02:10Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Summary\n\nNull pointer dereference (SIGSEGV) in `Upsample_6_7::adapt_upsample_6_7()` (`onnx/version_converter/adapters/upsample_6_7.h:31`) when `convert_version()` processes a model with an Upsample node that has zero inputs. The adapter accesses `node-\u003einputs()[0]-\u003esizes()` without checking input count. 107-byte PoC crashes on Release build.\n\nThis is the same class of bug as the Cast adapter advisory (separate report) but in a different adapter, different file, and different operator.\n\n### Details\n\nThe Upsample 6\u21927 adapter validates attributes but not inputs:\n```cpp\n// upsample_6_7.h:20-33\nvoid adapt_upsample_6_7(..., Node* node) const {\n    ONNX_ASSERTM(\n        node-\u003ehasAttribute(width_scale_symbol) \u0026\u0026 node-\u003ehasAttribute(height_scale_symbol),\n        \"...\")  // Attribute check PASSES\n\n    auto width_scale = node-\u003ef(width_scale_symbol);\n    auto height_scale = node-\u003ef(height_scale_symbol);\n\n    auto input_shape = node-\u003einputs()[0]-\u003esizes();\n    //                 ^^^^^^^^^^^^^^^^^^^^\n    //                 OOB when inputs().size() == 0 \u2192 SIGSEGV\n}\n```\n\nThe PoC has an Upsample node at opset 6 with the required `width_scale` and `height_scale` attributes but zero inputs. The attribute assertions pass, then `node-\u003einputs()[0]` on an empty `ArrayRef`:\n- Release builds (`NDEBUG`): bounds-check assertion compiled out \u2192 reads garbage pointer \u2192 SIGSEGV\n- Debug builds: `assert(Index \u003c Length)` at `array_ref.h:159` \u2192 SIGABRT\n\nAn Upsample node with zero inputs passes `graphProtoToGraph()` because the import code only resolves input names present in the protobuf.\n\n### PoC\n```python\nimport base64\nimport onnx\nfrom onnx import version_converter\n\npoc_b64 = \"CAI6YQo8EgFZIghVcHNhbXBsZSoVCgt3aWR0aF9zY2FsZRUAAABAoAEBKhYKDGhlaWdodF9zY2FsZRUAAABAoAEBEgR0ZXN0YhsKAVkSFgoUCAESEAoCCAEKAggBCgIIBAoCCARCBAoAEAY=\"\n\nmodel = onnx.load_from_string(base64.b64decode(poc_b64))\n\n# CRASHES \u2014 Upsample_6_7 adapter dereferences empty inputs array\nversion_converter.convert_version(model, 7)  # SIGSEGV\n```\n\n107-byte PoC. Confirmed SIGSEGV on both onnx 1.21.0 (pip) and 1.22.0 (source build).\n\n### Impact\n\nAny application that uses `onnx.version_converter.convert_version()` on untrusted models is vulnerable. This includes model conversion pipelines and tools that auto-upgrade opset versions for compatibility. The crash is unrecoverable (SIGSEGV). \n\nThis vulnerability is part of a systemic pattern across multiple version converter adapters. A full audit of all ~45 adapters was performed as part of the fix; eight adapters were found with the same class of unguarded indexed access (cast_9_8, softmax_12_13, softmax_13_12, upsample_6_7, upsample_9_10, group_normalization_20_21, broadcast_forward_compatibility, upsample_9_8) and all have been fixed in PR #7813.",
  "id": "GHSA-hwpq-hmq9-wj77",
  "modified": "2026-07-07T13:02:10Z",
  "published": "2026-07-07T13:02:10Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/onnx/onnx/security/advisories/GHSA-hwpq-hmq9-wj77"
    },
    {
      "type": "WEB",
      "url": "https://github.com/onnx/onnx/pull/7916"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/onnx/onnx"
    },
    {
      "type": "WEB",
      "url": "https://github.com/onnx/onnx/releases/tag/v1.22.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "ONNX has Null Pointer Dereference in Upsample Version Converter Adapter (Zero Inputs)"
}

GHSA-HWR7-8GXX-FJ5P

Vulnerability from github – Published: 2021-08-25 14:44 – Updated: 2024-11-13 16:33
VLAI
Summary
Null pointer dereference in `RaggedTensorToTensor`
Details

Impact

Sending invalid argument for row_partition_types of tf.raw_ops.RaggedTensorToTensor API results in a null pointer dereference and undefined behavior:

import tensorflow as tf

tf.raw_ops.RaggedTensorToTensor(
  shape=1,
  values=10,
  default_value=21,
  row_partition_tensors=tf.constant([0,0,0,0]),
  row_partition_types=[])

The implementation accesses the first element of a user supplied list of values without validating that the provided list is not empty.

Patches

We have patched the issue in GitHub commit 301ae88b331d37a2a16159b65b255f4f9eb39314.

The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by members of the Aivul Team from Qihoo 360.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.3.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.5.0"
            },
            {
              "fixed": "2.5.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.5.0"
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.3.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.5.0"
            },
            {
              "fixed": "2.5.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.5.0"
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.3.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.5.0"
            },
            {
              "fixed": "2.5.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.5.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2021-37638"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-23T18:10:19Z",
    "nvd_published_at": "2021-08-12T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nSending invalid argument for `row_partition_types` of `tf.raw_ops.RaggedTensorToTensor` API results in a null pointer dereference and undefined behavior:\n\n```python\nimport tensorflow as tf\n\ntf.raw_ops.RaggedTensorToTensor(\n  shape=1,\n  values=10,\n  default_value=21,\n  row_partition_tensors=tf.constant([0,0,0,0]),\n  row_partition_types=[])\n```\n\nThe [implementation](https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L328) accesses the first element of a user supplied list of values without validating that the provided list is not empty.\n\n### Patches\nWe have patched the issue in GitHub commit [301ae88b331d37a2a16159b65b255f4f9eb39314](https://github.com/tensorflow/tensorflow/commit/301ae88b331d37a2a16159b65b255f4f9eb39314).\n\nThe fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by members of the Aivul Team from Qihoo 360.",
  "id": "GHSA-hwr7-8gxx-fj5p",
  "modified": "2024-11-13T16:33:37Z",
  "published": "2021-08-25T14:44:09Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hwr7-8gxx-fj5p"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37638"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/commit/301ae88b331d37a2a16159b65b255f4f9eb39314"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-551.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-749.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-260.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tensorflow/tensorflow"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Null pointer dereference in `RaggedTensorToTensor`"
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.