CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-JFQX-FFQ5-HW55
Vulnerability from github – Published: 2022-01-07 00:00 – Updated: 2023-05-27 06:30A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the _fseeko function, which causes a Denial of Service.
{
"affected": [],
"aliases": [
"CVE-2021-46042"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-06T20:15:00Z",
"severity": "MODERATE"
},
"details": "A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the _fseeko function, which causes a Denial of Service.",
"id": "GHSA-jfqx-ffq5-hw55",
"modified": "2023-05-27T06:30:37Z",
"published": "2022-01-07T00:00:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46042"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/issues/2002"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5411"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JFRH-XH86-V7PP
Vulnerability from github – Published: 2026-06-22 21:31 – Updated: 2026-07-09 21:31IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server, and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server.
{
"affected": [],
"aliases": [
"CVE-2026-10852"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-22T20:16:27Z",
"severity": "MODERATE"
},
"details": "IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server, and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server.",
"id": "GHSA-jfrh-xh86-v7pp",
"modified": "2026-07-09T21:31:13Z",
"published": "2026-06-22T21:31:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10852"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7276560"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7277344"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JFRJ-R763-GV36
Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-11-06 21:31In the Linux kernel, the following vulnerability has been resolved:
net: libwx: handle page_pool_dev_alloc_pages error
page_pool_dev_alloc_pages could return NULL. There was a WARN_ON(!page) but it would still proceed to use the NULL pointer and then crash.
This is similar to commit 001ba0902046 ("net: fec: handle page_pool_dev_alloc_pages error").
This is found by our static analysis tool KNighter.
{
"affected": [],
"aliases": [
"CVE-2025-37755"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-01T13:15:54Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: libwx: handle page_pool_dev_alloc_pages error\n\npage_pool_dev_alloc_pages could return NULL. There was a WARN_ON(!page)\nbut it would still proceed to use the NULL pointer and then crash.\n\nThis is similar to commit 001ba0902046\n(\"net: fec: handle page_pool_dev_alloc_pages error\").\n\nThis is found by our static analysis tool KNighter.",
"id": "GHSA-jfrj-r763-gv36",
"modified": "2025-11-06T21:31:17Z",
"published": "2025-05-01T15:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37755"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1dd13c60348f515acd8c6f25a561b9c4e3b04fea"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7f1ff1b38a7c8b872382b796023419d87d78c47e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/90bec7cef8805f9a23145e070dff28a02bb584eb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ad81d666e114ebf989fc9994d4c93d451dc60056"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c17ef974bfcf1a50818168b47c4606b425a957c4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JFVF-G3QM-F87G
Vulnerability from github – Published: 2022-05-17 00:28 – Updated: 2022-05-17 00:28The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an error, related to the initialization of the snapshot_offset and nb_snapshots fields.
{
"affected": [],
"aliases": [
"CVE-2014-0146"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-10T15:29:00Z",
"severity": "MODERATE"
},
"details": "The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an error, related to the initialization of the snapshot_offset and nb_snapshots fields.",
"id": "GHSA-jfvf-g3qm-f87g",
"modified": "2022-05-17T00:28:35Z",
"published": "2022-05-17T00:28:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0146"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2014:0420"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2014:0421"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2014:0434"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2014:0435"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2014:0674"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2014-0146"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1078232"
},
{
"type": "WEB",
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=11b128f4062dd7f89b14abc8877ff20d41b28be9"
},
{
"type": "WEB",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=11b128f4062dd7f89b14abc8877ff20d41b28be9"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0420.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0421.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2014/dsa-3044"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2014/03/26/8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JFX8-WC49-MG5C
Vulnerability from github – Published: 2024-05-19 09:34 – Updated: 2024-11-07 21:31In the Linux kernel, the following vulnerability has been resolved:
dma-buf: Fix NULL pointer dereference in sanitycheck()
If due to a memory allocation failure mock_chain() returns NULL, it is passed to dma_fence_enable_sw_signaling() resulting in NULL pointer dereference there.
Call dma_fence_enable_sw_signaling() only if mock_chain() succeeds.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
{
"affected": [],
"aliases": [
"CVE-2024-35916"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-19T09:15:12Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf: Fix NULL pointer dereference in sanitycheck()\n\nIf due to a memory allocation failure mock_chain() returns NULL, it is\npassed to dma_fence_enable_sw_signaling() resulting in NULL pointer\ndereference there.\n\nCall dma_fence_enable_sw_signaling() only if mock_chain() succeeds.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"id": "GHSA-jfx8-wc49-mg5c",
"modified": "2024-11-07T21:31:37Z",
"published": "2024-05-19T09:34:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35916"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0336995512cdab0c65e99e4cdd47c4606debe14e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/156c226cbbdcf5f3bce7b2408a33b59fab7fae2c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2295bd846765c766701e666ed2e4b35396be25e6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/eabf131cba1db12005a68378305f13b9090a7a6b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-JG3H-4JH8-MFWR
Vulnerability from github – Published: 2026-04-24 15:32 – Updated: 2026-04-28 15:30In the Linux kernel, the following vulnerability has been resolved:
ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0
A malicious USB device with the TASCAM US-144MKII device id can have a configuration containing bInterfaceNumber=1 but no interface 0. USB configuration descriptors are not required to assign interface numbers sequentially, so usb_ifnum_to_if(dev, 0) returns will NULL, which will then be dereferenced directly.
Fix this up by checking the return value properly.
{
"affected": [],
"aliases": [
"CVE-2026-31620"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-24T15:16:41Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usx2y: us144mkii: fix NULL deref on missing interface 0\n\nA malicious USB device with the TASCAM US-144MKII device id can have a\nconfiguration containing bInterfaceNumber=1 but no interface 0. USB\nconfiguration descriptors are not required to assign interface numbers\nsequentially, so usb_ifnum_to_if(dev, 0) returns will NULL, which will\nthen be dereferenced directly.\n\nFix this up by checking the return value properly.",
"id": "GHSA-jg3h-4jh8-mfwr",
"modified": "2026-04-28T15:30:48Z",
"published": "2026-04-24T15:32:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31620"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/09b145c1f1331c40dc955c0024d636f25417cddb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/48bd344e1040b9f2eb512be73c13f5db83efc191"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d04dd67ab10dc978c6c843c6bd6a2a66a9444f51"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fbaf29ce00e7bce683f3faf4f2b326bd0a9e6602"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JG3J-8QG2-GPH3
Vulnerability from github – Published: 2024-04-02 09:30 – Updated: 2025-01-07 18:30In the Linux kernel, the following vulnerability has been resolved:
tipc: Check the bearer type before calling tipc_udp_nl_bearer_add()
syzbot reported the following general protection fault [1]:
general protection fault, probably for non-canonical address 0xdffffc0000000010: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000080-0x0000000000000087] ... RIP: 0010:tipc_udp_is_known_peer+0x9c/0x250 net/tipc/udp_media.c:291 ... Call Trace: tipc_udp_nl_bearer_add+0x212/0x2f0 net/tipc/udp_media.c:646 tipc_nl_bearer_add+0x21e/0x360 net/tipc/bearer.c:1089 genl_family_rcv_msg_doit+0x1fc/0x2e0 net/netlink/genetlink.c:972 genl_family_rcv_msg net/netlink/genetlink.c:1052 [inline] genl_rcv_msg+0x561/0x800 net/netlink/genetlink.c:1067 netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2544 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1076 netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline] netlink_unicast+0x53b/0x810 net/netlink/af_netlink.c:1367 netlink_sendmsg+0x8b7/0xd70 net/netlink/af_netlink.c:1909 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0xd5/0x180 net/socket.c:745 _syssendmsg+0x6ac/0x940 net/socket.c:2584 _sys_sendmsg+0x135/0x1d0 net/socket.c:2638 __sys_sendmsg+0x117/0x1e0 net/socket.c:2667 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b
The cause of this issue is that when tipc_nl_bearer_add() is called with the TIPC_NLA_BEARER_UDP_OPTS attribute, tipc_udp_nl_bearer_add() is called even if the bearer is not UDP.
tipc_udp_is_known_peer() called by tipc_udp_nl_bearer_add() assumes that the media_ptr field of the tipc_bearer has an udp_bearer type object, so the function goes crazy for non-UDP bearers.
This patch fixes the issue by checking the bearer type before calling tipc_udp_nl_bearer_add() in tipc_nl_bearer_add().
{
"affected": [],
"aliases": [
"CVE-2024-26663"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-02T07:15:43Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Check the bearer type before calling tipc_udp_nl_bearer_add()\n\nsyzbot reported the following general protection fault [1]:\n\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000010: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000080-0x0000000000000087]\n...\nRIP: 0010:tipc_udp_is_known_peer+0x9c/0x250 net/tipc/udp_media.c:291\n...\nCall Trace:\n \u003cTASK\u003e\n tipc_udp_nl_bearer_add+0x212/0x2f0 net/tipc/udp_media.c:646\n tipc_nl_bearer_add+0x21e/0x360 net/tipc/bearer.c:1089\n genl_family_rcv_msg_doit+0x1fc/0x2e0 net/netlink/genetlink.c:972\n genl_family_rcv_msg net/netlink/genetlink.c:1052 [inline]\n genl_rcv_msg+0x561/0x800 net/netlink/genetlink.c:1067\n netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2544\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1076\n netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]\n netlink_unicast+0x53b/0x810 net/netlink/af_netlink.c:1367\n netlink_sendmsg+0x8b7/0xd70 net/netlink/af_netlink.c:1909\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0xd5/0x180 net/socket.c:745\n ____sys_sendmsg+0x6ac/0x940 net/socket.c:2584\n ___sys_sendmsg+0x135/0x1d0 net/socket.c:2638\n __sys_sendmsg+0x117/0x1e0 net/socket.c:2667\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nThe cause of this issue is that when tipc_nl_bearer_add() is called with\nthe TIPC_NLA_BEARER_UDP_OPTS attribute, tipc_udp_nl_bearer_add() is called\neven if the bearer is not UDP.\n\ntipc_udp_is_known_peer() called by tipc_udp_nl_bearer_add() assumes that\nthe media_ptr field of the tipc_bearer has an udp_bearer type object, so\nthe function goes crazy for non-UDP bearers.\n\nThis patch fixes the issue by checking the bearer type before calling\ntipc_udp_nl_bearer_add() in tipc_nl_bearer_add().",
"id": "GHSA-jg3j-8qg2-gph3",
"modified": "2025-01-07T18:30:39Z",
"published": "2024-04-02T09:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26663"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0cd331dfd6023640c9669d0592bc0fd491205f87"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/19d7314f2fb9515bdaac9829d4d8eb34edd1fe95"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/24ec8f0da93b8a9fba11600be8a90f0d73fb46f1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3871aa01e1a779d866fa9dfdd5a836f342f4eb87"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3d3a5b31b43515b5752ff282702ca546ec3e48b6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6f70f0b412458c622a12d4292782c8e92e210c2f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/888e3524be87f3df9fa3c083484e4b62b3e3bb59"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c1701ea85ef0ec7be6a1b36c7da69f572ed2fd12"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JG4G-P5JG-PHCR
Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-05-24 17:44A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local access to the system could cause a Denial-of-Service condition in the application when it is used to open a specially crafted file. As a consequence, a NULL pointer deference condition could cause the application to terminate unexpectedly and must be restarted to restore the service.
{
"affected": [],
"aliases": [
"CVE-2021-25674"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-15T17:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local access to the system could cause a Denial-of-Service condition in the application when it is used to open a specially crafted file. As a consequence, a NULL pointer deference condition could cause the application to terminate unexpectedly and must be restarted to restore the service.",
"id": "GHSA-jg4g-p5jg-phcr",
"modified": "2022-05-24T17:44:34Z",
"published": "2022-05-24T17:44:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25674"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-256092.pdf"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-JG4R-5FPX-73GM
Vulnerability from github – Published: 2025-10-15 15:30 – Updated: 2025-10-15 15:30When HTTP/2 Ingress is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
{
"affected": [],
"aliases": [
"CVE-2025-58120"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-15T14:15:52Z",
"severity": "HIGH"
},
"details": "When HTTP/2 Ingress is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"id": "GHSA-jg4r-5fpx-73gm",
"modified": "2025-10-15T15:30:28Z",
"published": "2025-10-15T15:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58120"
},
{
"type": "WEB",
"url": "https://my.f5.com/manage/s/article/K000156623"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-JG5G-XGHX-3FQC
Vulnerability from github – Published: 2022-05-13 01:14 – Updated: 2022-05-13 01:14The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
{
"affected": [],
"aliases": [
"CVE-2011-1752"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-06-06T19:55:00Z",
"severity": "MODERATE"
},
"details": "The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.",
"id": "GHSA-jg5g-xghx-3fqc",
"modified": "2022-05-13T01:14:59Z",
"published": "2022-05-13T01:14:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1752"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709111"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18922"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062211.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061913.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/44633"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/44681"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/44849"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/44879"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/44888"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/45162"
},
{
"type": "WEB",
"url": "http://subversion.apache.org/security/CVE-2011-1752-advisory.txt"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT5130"
},
{
"type": "WEB",
"url": "http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2011/dsa-2251"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:106"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0861.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0862.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/48091"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1025617"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-1144-1"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.