Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-JH6C-HC58-2PXV

Vulnerability from github – Published: 2023-11-02 21:30 – Updated: 2023-11-02 21:30
VLAI
Details

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a NULL-pointer dereference may lead to denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-31022"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-02T19:15:41Z",
    "severity": "MODERATE"
  },
  "details": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a NULL-pointer dereference may lead to denial of service.",
  "id": "GHSA-jh6c-hc58-2pxv",
  "modified": "2023-11-02T21:30:19Z",
  "published": "2023-11-02T21:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31022"
    },
    {
      "type": "WEB",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5491"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JH94-6VQX-6XVM

Vulnerability from github – Published: 2022-05-14 00:54 – Updated: 2022-05-14 00:54
VLAI
Details

An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-19060"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-11-07T16:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.",
  "id": "GHSA-jh94-6vqx-6xvm",
  "modified": "2022-05-14T00:54:45Z",
  "published": "2022-05-14T00:54:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19060"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2022"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.freedesktop.org/poppler/poppler/issues/660"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3837-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JH9H-25H7-28GQ

Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-05-24 19:07
VLAI
Details

Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-20212"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-07T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).",
  "id": "GHSA-jh9h-25h7-28gq",
  "modified": "2022-05-24T19:07:06Z",
  "published": "2022-05-24T19:07:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20212"
    },
    {
      "type": "WEB",
      "url": "https://mikrotik.com"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2021/May/0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-JHFH-G9JF-GFPV

Vulnerability from github – Published: 2025-09-18 15:30 – Updated: 2025-12-11 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: mwifiex: avoid possible NULL skb pointer dereference

In 'mwifiex_handle_uap_rx_forward()', always check the value returned by 'skb_copy()' to avoid potential NULL pointer dereference in 'mwifiex_uap_queue_bridged_pkt()', and drop original skb in case of copying failure.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53384"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-18T14:15:41Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: avoid possible NULL skb pointer dereference\n\nIn \u0027mwifiex_handle_uap_rx_forward()\u0027, always check the value\nreturned by \u0027skb_copy()\u0027 to avoid potential NULL pointer\ndereference in \u0027mwifiex_uap_queue_bridged_pkt()\u0027, and drop\noriginal skb in case of copying failure.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
  "id": "GHSA-jhfh-g9jf-gfpv",
  "modified": "2025-12-11T18:30:34Z",
  "published": "2025-09-18T15:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53384"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0c57f9ad2c3ed43abb764b0247d610ff7fdb7a00"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/139d285e7695279f030dbb172e2d0245425c86c6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/231086e6a36316b823654f4535653f22d6344420"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/35a7a1ce7c7d61664ee54f5239a1f120ab95a87e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7e7197e4d6a1bc72a774590d8765909f898be1dc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bef85d58f7709896ed8426560ad117a73a37762f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c2509f7c37355e1f0bd5b7087815b845fd383723"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d155c5f64cefacdc6a9a26d40be53ee2903c28ff"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d7fd24b8d1bb54c5bcf583139e11a5e651e0263c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JHFJ-RGFJ-CVQH

Vulnerability from github – Published: 2022-01-22 00:00 – Updated: 2022-01-27 00:01
VLAI
Details

A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_vrml_field_pointer_del () at scenegraph/vrml_tools.c. This vulnerability can lead to a Denial of Service (DoS).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-46236"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-21T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_vrml_field_pointer_del () at scenegraph/vrml_tools.c. This vulnerability can lead to a Denial of Service (DoS).",
  "id": "GHSA-jhfj-rgfj-cvqh",
  "modified": "2022-01-27T00:01:56Z",
  "published": "2022-01-22T00:00:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46236"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/issues/2024"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-JHFQ-CFJ3-RM7V

Vulnerability from github – Published: 2025-07-04 15:31 – Updated: 2025-12-18 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer

The reproduction steps: 1. create a tun interface 2. enable l2 bearer 3. TIPC_NL_UDP_GET_REMOTEIP with media name set to tun

tipc: Started in network mode tipc: Node identity 8af312d38a21, cluster identity 4711 tipc: Enabled bearer , priority 1 Oops: general protection fault KASAN: null-ptr-deref in range CPU: 1 UID: 1000 PID: 559 Comm: poc Not tainted 6.16.0-rc1+ #117 PREEMPT Hardware name: QEMU Ubuntu 24.04 PC RIP: 0010:tipc_udp_nl_dump_remoteip+0x4a4/0x8f0

the ub was in fact a struct dev.

when bid != 0 && skip_cnt != 0, bearer_list[bid] may be NULL or other media when other thread changes it.

fix this by checking media_id.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38184"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-04T14:15:25Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer\n\nThe reproduction steps:\n1. create a tun interface\n2. enable l2 bearer\n3. TIPC_NL_UDP_GET_REMOTEIP with media name set to tun\n\ntipc: Started in network mode\ntipc: Node identity 8af312d38a21, cluster identity 4711\ntipc: Enabled bearer \u003ceth:syz_tun\u003e, priority 1\nOops: general protection fault\nKASAN: null-ptr-deref in range\nCPU: 1 UID: 1000 PID: 559 Comm: poc Not tainted 6.16.0-rc1+ #117 PREEMPT\nHardware name: QEMU Ubuntu 24.04 PC\nRIP: 0010:tipc_udp_nl_dump_remoteip+0x4a4/0x8f0\n\nthe ub was in fact a struct dev.\n\nwhen bid != 0 \u0026\u0026 skip_cnt != 0, bearer_list[bid] may be NULL or\nother media when other thread changes it.\n\nfix this by checking media_id.",
  "id": "GHSA-jhfq-cfj3-rm7v",
  "modified": "2025-12-18T18:30:28Z",
  "published": "2025-07-04T15:31:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38184"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/05d332ba075753d569d66333d62d60fff5f57ad8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0d3d91c3500f0c480e016faa4e2259c588616e59"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0f4a72fb266e48dbe928e1d936eab149e4ac3e1b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3998283e4c32c0fe69edd59b0876c193f50abce6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8595350615f952fcf8bc861464a6bf6b1129af50"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c2e17984752b9131061d1a2ca1199da2706337fd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d3dfe821dfe091c0045044343c8d86596d66e2cf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f82727adcf2992822e12198792af450a76ebd5ef"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JHG5-Q2MJ-R9VH

Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-11-05 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: Fix dereference of null pointer flow

In the case where chain->flags & NFT_CHAIN_HW_OFFLOAD is false then nft_flow_rule_create is not called and flow is NULL. The subsequent error handling execution via label err_destroy_flow_rule will lead to a null pointer dereference on flow when calling nft_flow_rule_destroy. Since the error path to err_destroy_flow_rule has to cater for null and non-null flows, only call nft_flow_rule_destroy if flow is non-null to fix this issue.

Addresses-Coverity: ("Explicity null dereference")

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47312"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T15:15:18Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: Fix dereference of null pointer flow\n\nIn the case where chain-\u003eflags \u0026 NFT_CHAIN_HW_OFFLOAD is false then\nnft_flow_rule_create is not called and flow is NULL. The subsequent\nerror handling execution via label err_destroy_flow_rule will lead\nto a null pointer dereference on flow when calling nft_flow_rule_destroy.\nSince the error path to err_destroy_flow_rule has to cater for null\nand non-null flows, only call nft_flow_rule_destroy if flow is non-null\nto fix this issue.\n\nAddresses-Coverity: (\"Explicity null dereference\")",
  "id": "GHSA-jhg5-q2mj-r9vh",
  "modified": "2024-11-05T18:31:59Z",
  "published": "2024-05-21T15:31:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47312"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4ca041f919f13783b0b03894783deee00dbca19a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/70a5a1950cca02c5cd161bb3846b4d983eed97d3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JHGG-M334-7PXP

Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-05-24 19:15
VLAI
Details

An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function InfoOutputDev::type3D1() located in InfoOutputDev.cc. It allows an attacker to cause Denial of Service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-39556"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-20T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function InfoOutputDev::type3D1() located in InfoOutputDev.cc. It allows an attacker to cause Denial of Service.",
  "id": "GHSA-jhgg-m334-7pxp",
  "modified": "2022-05-24T19:15:07Z",
  "published": "2022-05-24T19:15:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39556"
    },
    {
      "type": "WEB",
      "url": "https://github.com/matthiaskramm/swftools/issues/105"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-JHGR-2WPG-7P64

Vulnerability from github – Published: 2025-01-15 15:31 – Updated: 2025-11-03 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

RDMA/rtrs: Ensure 'ib_sge list' is accessible

Move the declaration of the 'ib_sge list' variable outside the 'always_invalidate' block to ensure it remains accessible for use throughout the function.

Previously, 'ib_sge list' was declared within the 'always_invalidate' block, limiting its accessibility, then caused a 'BUG: kernel NULL pointer dereference'[1]. ? __die_body.cold+0x19/0x27 ? page_fault_oops+0x15a/0x2d0 ? search_module_extables+0x19/0x60 ? search_bpf_extables+0x5f/0x80 ? exc_page_fault+0x7e/0x180 ? asm_exc_page_fault+0x26/0x30 ? memcpy_orig+0xd5/0x140 rxe_mr_copy+0x1c3/0x200 [rdma_rxe] ? rxe_pool_get_index+0x4b/0x80 [rdma_rxe] copy_data+0xa5/0x230 [rdma_rxe] rxe_requester+0xd9b/0xf70 [rdma_rxe] ? finish_task_switch.isra.0+0x99/0x2e0 rxe_sender+0x13/0x40 [rdma_rxe] do_task+0x68/0x1e0 [rdma_rxe] process_one_work+0x177/0x330 worker_thread+0x252/0x390 ? __pfx_worker_thread+0x10/0x10

This change ensures the variable is available for subsequent operations that require it.

[1] https://lore.kernel.org/linux-rdma/6a1f3e8f-deb0-49f9-bc69-a9b03ecfcda7@fujitsu.com/

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-36476"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-15T13:15:09Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rtrs: Ensure \u0027ib_sge list\u0027 is accessible\n\nMove the declaration of the \u0027ib_sge list\u0027 variable outside the\n\u0027always_invalidate\u0027 block to ensure it remains accessible for use\nthroughout the function.\n\nPreviously, \u0027ib_sge list\u0027 was declared within the \u0027always_invalidate\u0027\nblock, limiting its accessibility, then caused a\n\u0027BUG: kernel NULL pointer dereference\u0027[1].\n ? __die_body.cold+0x19/0x27\n ? page_fault_oops+0x15a/0x2d0\n ? search_module_extables+0x19/0x60\n ? search_bpf_extables+0x5f/0x80\n ? exc_page_fault+0x7e/0x180\n ? asm_exc_page_fault+0x26/0x30\n ? memcpy_orig+0xd5/0x140\n rxe_mr_copy+0x1c3/0x200 [rdma_rxe]\n ? rxe_pool_get_index+0x4b/0x80 [rdma_rxe]\n copy_data+0xa5/0x230 [rdma_rxe]\n rxe_requester+0xd9b/0xf70 [rdma_rxe]\n ? finish_task_switch.isra.0+0x99/0x2e0\n rxe_sender+0x13/0x40 [rdma_rxe]\n do_task+0x68/0x1e0 [rdma_rxe]\n process_one_work+0x177/0x330\n worker_thread+0x252/0x390\n ? __pfx_worker_thread+0x10/0x10\n\nThis change ensures the variable is available for subsequent operations\nthat require it.\n\n[1] https://lore.kernel.org/linux-rdma/6a1f3e8f-deb0-49f9-bc69-a9b03ecfcda7@fujitsu.com/",
  "id": "GHSA-jhgr-2wpg-7p64",
  "modified": "2025-11-03T21:32:10Z",
  "published": "2025-01-15T15:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36476"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/143378075904e78b3b2a810099bcc3b3d82d762f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/32e1e748a85bd52b20b3857d80fd166d22fa455a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6ffb5c1885195ae5211a12b4acd2d51843ca41b0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7eaa71f56a6f7ab87957213472dc6d4055862722"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b238f61cc394d5fef27b26d7d9aa383ebfddabb0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fb514b31395946022f13a08e06a435f53cf9e8b3"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JHJ6-5MH6-4PVF

Vulnerability from github – Published: 2021-05-24 17:00 – Updated: 2023-10-02 15:30
VLAI
Summary
Denial-of-Service within Docker container
Details

Impact

If you run teler inside a Docker container and encounter errors.Exit function, it will cause denial-of-service (SIGSEGV) because it doesn't get process ID and process group ID of teler properly to kills.

Specific Go Packages Affected

ktbs.dev/teler/pkg/errors

Patches

Upgrade to the >= 0.0.1 version.

Workarounds

N/A

References

  • https://github.com/kitabisa/teler/commit/ec6082049dba9e44a21f35fb7b123d42ce1a1a7e

For more information

If you have any questions or comments about this advisory: * Open an issue in Issues Section * Email us at infosec@kitabisa.com

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "ktbs.dev/teler"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-26213"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-21T22:09:36Z",
    "nvd_published_at": "2020-11-06T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nIf you run teler inside a Docker container and encounter `errors.Exit` function, it will cause denial-of-service (`SIGSEGV`) because it doesn\u0027t get process ID and process group ID of teler properly to kills.\n\n### Specific Go Packages Affected\nktbs.dev/teler/pkg/errors\n\n### Patches\nUpgrade to the \u003e= 0.0.1 version.\n\n### Workarounds\nN/A\n\n### References\n- https://github.com/kitabisa/teler/commit/ec6082049dba9e44a21f35fb7b123d42ce1a1a7e\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [Issues Section](https://github.com/kitabisa/teler/issues)\n* Email us at [infosec@kitabisa.com](mailto:infosec@kitabisa.com)\n",
  "id": "GHSA-jhj6-5mh6-4pvf",
  "modified": "2023-10-02T15:30:28Z",
  "published": "2021-05-24T17:00:46Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/kitabisa/teler/security/advisories/GHSA-jhj6-5mh6-4pvf"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26213"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kitabisa/teler/commit/ec6082049dba9e44a21f35fb7b123d42ce1a1a7e"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/kitabisa/teler"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Denial-of-Service within Docker container"
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.