CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-PVGC-VPGW-88MQ
Vulnerability from github – Published: 2024-10-21 18:30 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
ext4: update orig_path in ext4_find_extent()
In ext4_find_extent(), if the path is not big enough, we free it and set orig_path to NULL. But after reallocating and successfully initializing the path, we don't update orig_path, in which case the caller gets a valid path but a NULL ppath, and this may cause a NULL pointer dereference or a path memory leak. For example:
ext4_split_extent path = ppath = 2000 ext4_find_extent if (depth > path[0].p_maxdepth) kfree(path = 2000); orig_path = path = NULL; path = kcalloc() = 3000 ext4_split_extent_at(ppath = NULL) path = ppath; ex = path[depth].p_ext; // NULL pointer dereference!
================================================================== BUG: kernel NULL pointer dereference, address: 0000000000000010 CPU: 6 UID: 0 PID: 576 Comm: fsstress Not tainted 6.11.0-rc2-dirty #847 RIP: 0010:ext4_split_extent_at+0x6d/0x560 Call Trace: ext4_split_extent.isra.0+0xcb/0x1b0 ext4_ext_convert_to_initialized+0x168/0x6c0 ext4_ext_handle_unwritten_extents+0x325/0x4d0 ext4_ext_map_blocks+0x520/0xdb0 ext4_map_blocks+0x2b0/0x690 ext4_iomap_begin+0x20e/0x2c0 [...] ==================================================================
Therefore, orig_path is updated when the extent lookup succeeds, so that the caller can safely use path or ppath.
{
"affected": [],
"aliases": [
"CVE-2024-49881"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T18:15:10Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: update orig_path in ext4_find_extent()\n\nIn ext4_find_extent(), if the path is not big enough, we free it and set\n*orig_path to NULL. But after reallocating and successfully initializing\nthe path, we don\u0027t update *orig_path, in which case the caller gets a\nvalid path but a NULL ppath, and this may cause a NULL pointer dereference\nor a path memory leak. For example:\n\next4_split_extent\n path = *ppath = 2000\n ext4_find_extent\n if (depth \u003e path[0].p_maxdepth)\n kfree(path = 2000);\n *orig_path = path = NULL;\n path = kcalloc() = 3000\n ext4_split_extent_at(*ppath = NULL)\n path = *ppath;\n ex = path[depth].p_ext;\n // NULL pointer dereference!\n\n==================================================================\nBUG: kernel NULL pointer dereference, address: 0000000000000010\nCPU: 6 UID: 0 PID: 576 Comm: fsstress Not tainted 6.11.0-rc2-dirty #847\nRIP: 0010:ext4_split_extent_at+0x6d/0x560\nCall Trace:\n \u003cTASK\u003e\n ext4_split_extent.isra.0+0xcb/0x1b0\n ext4_ext_convert_to_initialized+0x168/0x6c0\n ext4_ext_handle_unwritten_extents+0x325/0x4d0\n ext4_ext_map_blocks+0x520/0xdb0\n ext4_map_blocks+0x2b0/0x690\n ext4_iomap_begin+0x20e/0x2c0\n[...]\n==================================================================\n\nTherefore, *orig_path is updated when the extent lookup succeeds, so that\nthe caller can safely use path or *ppath.",
"id": "GHSA-pvgc-vpgw-88mq",
"modified": "2025-11-04T00:31:40Z",
"published": "2024-10-21T18:30:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49881"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/11b230100d6801c014fab2afabc8bdea304c1b96"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5b4b2dcace35f618fe361a87bae6f0d13af31bc1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6766937d0327000ac1b87c97bbecdd28b0dd6599"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6801ed1298204d16a38571091e31178bfdc3c679"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a9fcb1717d75061d3653ed69365c8d45331815cd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b63481b3a388ee2df9e295f97273226140422a42"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ec0c0beb9b777cdd1edd7df9b36e0f3e67e2bdff"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f55ecc58d07a6c1f6d6d5b5af125c25f8da0bda2"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PVHR-37PJ-QC85
Vulnerability from github – Published: 2022-05-24 17:40 – Updated: 2022-05-24 17:40Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd
{
"affected": [],
"aliases": [
"CVE-2020-12514"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-22T19:15:00Z",
"severity": "MODERATE"
},
"details": "Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd",
"id": "GHSA-pvhr-37pj-qc85",
"modified": "2022-05-24T17:40:03Z",
"published": "2022-05-24T17:40:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12514"
},
{
"type": "WEB",
"url": "https://cert.vde.com/en-us/advisories/vde-2020-038"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-PVP4-8Q5G-43FG
Vulnerability from github – Published: 2025-02-21 12:32 – Updated: 2025-03-05 21:32In Eclipse OMR, from the initial contribution to version 0.4.0, some OMR internal port library and utilities consumers of z/OS atoe functions do not check their return values for NULL memory pointers or for memory allocation failures. This can lead to NULL pointer dereference crashes. Beginning in version 0.5.0, internal OMR consumers of atoe functions handle NULL return values and memory allocation failures correctly.
{
"affected": [],
"aliases": [
"CVE-2025-1470"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-21T10:15:11Z",
"severity": "MODERATE"
},
"details": "In Eclipse OMR, from the initial contribution to version 0.4.0, some OMR internal port library and utilities consumers of z/OS atoe functions do not check their return values for NULL memory pointers or for memory allocation failures. This can lead to NULL pointer dereference crashes. Beginning in version 0.5.0, internal OMR consumers of atoe functions handle NULL return values and memory allocation failures correctly.",
"id": "GHSA-pvp4-8q5g-43fg",
"modified": "2025-03-05T21:32:05Z",
"published": "2025-02-21T12:32:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1470"
},
{
"type": "WEB",
"url": "https://github.com/eclipse-omr/omr/pull/7655"
},
{
"type": "WEB",
"url": "https://github.com/eclipse-omr/omr/pull/7663"
},
{
"type": "WEB",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/54"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-PW6H-QMVR-5F3P
Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-06-29 00:00Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). NOTE: this is different from CVE-2020-20253 and CVE-2020-20254. All four vulnerabilities in the /nova/bin/lcdstat process are discussed in the CVE-2020-20250 github.com/cq674350529 reference.
{
"affected": [],
"aliases": [
"CVE-2020-20250"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-13T12:15:00Z",
"severity": "MODERATE"
},
"details": "Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). NOTE: this is different from CVE-2020-20253 and CVE-2020-20254. All four vulnerabilities in the /nova/bin/lcdstat process are discussed in the CVE-2020-20250 github.com/cq674350529 reference.",
"id": "GHSA-pw6h-qmvr-5f3p",
"modified": "2022-06-29T00:00:30Z",
"published": "2022-05-24T19:07:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20250"
},
{
"type": "WEB",
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20250/README.md"
},
{
"type": "WEB",
"url": "https://mikrotik.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PWC3-R6H3-WX7V
Vulnerability from github – Published: 2022-05-17 01:19 – Updated: 2022-05-17 01:19Audio in Apple OS X before 10.11.6 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
{
"affected": [],
"aliases": [
"CVE-2016-4649"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-07-22T03:00:00Z",
"severity": "MODERATE"
},
"details": "Audio in Apple OS X before 10.11.6 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.",
"id": "GHSA-pwc3-r6h3-wx7v",
"modified": "2022-05-17T01:19:49Z",
"published": "2022-05-17T01:19:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4649"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT206903"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/91824"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1036348"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PWG3-M7H4-XJVM
Vulnerability from github – Published: 2025-03-27 18:31 – Updated: 2025-04-15 15:30In the Linux kernel, the following vulnerability has been resolved:
reset: uniphier-glue: Fix possible null-ptr-deref
It will cause null-ptr-deref when resource_size(res) invoked, if platform_get_resource() returns NULL.
{
"affected": [],
"aliases": [
"CVE-2022-49758"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-27T17:15:41Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nreset: uniphier-glue: Fix possible null-ptr-deref\n\nIt will cause null-ptr-deref when resource_size(res) invoked,\nif platform_get_resource() returns NULL.",
"id": "GHSA-pwg3-m7h4-xjvm",
"modified": "2025-04-15T15:30:46Z",
"published": "2025-03-27T18:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49758"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3a2390c6777e3f6662980c6cfc25cafe9e4fef98"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/633bad3dc81ce2aa561f704ec091e49eb647bd0b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/95de286200b2a046da01c4aeba02ae9220d68ca4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PWQF-CGF8-RX4X
Vulnerability from github – Published: 2024-08-28 18:31 – Updated: 2024-08-28 18:31A vulnerability in the DHCPv6 relay agent of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to improper handling of specific fields in a DHCPv6 RELAY-REPLY message. An attacker could exploit this vulnerability by sending a crafted DHCPv6 packet to any IPv6 address that is configured on an affected device. A successful exploit could allow the attacker to cause the dhcp_snoop process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition.
{
"affected": [],
"aliases": [
"CVE-2024-20446"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-28T17:15:09Z",
"severity": "HIGH"
},
"details": "A vulnerability in the DHCPv6 relay agent of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\n\nThis vulnerability is due to improper handling of specific fields in a DHCPv6 RELAY-REPLY message. An attacker could exploit this vulnerability by sending a crafted DHCPv6 packet to any IPv6 address that is configured on an affected device. A successful exploit could allow the attacker to cause the dhcp_snoop process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition.",
"id": "GHSA-pwqf-cgf8-rx4x",
"modified": "2024-08-28T18:31:54Z",
"published": "2024-08-28T18:31:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20446"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-dhcp6-relay-dos-znEAA6xn"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PWRJ-H3FW-3QP7
Vulnerability from github – Published: 2025-07-26 03:30 – Updated: 2025-07-26 03:30A vulnerability was found in D-Link DI-8400 16.07.26A1. It has been classified as problematic. This affects an unknown part of the file usb_paswd.asp of the component jhttpd. The manipulation of the argument share_enable leads to null pointer dereference. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2025-8175"
],
"database_specific": {
"cwe_ids": [
"CWE-404",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-26T03:15:25Z",
"severity": "HIGH"
},
"details": "A vulnerability was found in D-Link DI-8400 16.07.26A1. It has been classified as problematic. This affects an unknown part of the file usb_paswd.asp of the component jhttpd. The manipulation of the argument share_enable leads to null pointer dereference. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-pwrj-h3fw-3qp7",
"modified": "2025-07-26T03:30:27Z",
"published": "2025-07-26T03:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8175"
},
{
"type": "WEB",
"url": "https://github.com/Kriswu1337/CVE/blob/main/DI_8400%20Null%20pointer%20dereference%20vulnerability.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.317589"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.317589"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.621708"
},
{
"type": "WEB",
"url": "https://www.dlink.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-PWV6-Q4QX-8VF8
Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-12-04 21:31In the Linux kernel, the following vulnerability has been resolved:
io_uring/msg_ring: Fix NULL pointer dereference in io_msg_send_fd()
Syzkaller produced the below call trace:
BUG: KASAN: null-ptr-deref in io_msg_ring+0x3cb/0x9f0 Write of size 8 at addr 0000000000000070 by task repro/16399
CPU: 0 PID: 16399 Comm: repro Not tainted 6.1.0-rc1 #28 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 Call Trace: dump_stack_lvl+0xcd/0x134 ? io_msg_ring+0x3cb/0x9f0 kasan_report+0xbc/0xf0 ? io_msg_ring+0x3cb/0x9f0 kasan_check_range+0x140/0x190 io_msg_ring+0x3cb/0x9f0 ? io_msg_ring_prep+0x300/0x300 io_issue_sqe+0x698/0xca0 io_submit_sqes+0x92f/0x1c30 __do_sys_io_uring_enter+0xae4/0x24b0 .... RIP: 0033:0x7f2eaf8f8289 RSP: 002b:00007fff40939718 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2eaf8f8289 RDX: 0000000000000000 RSI: 0000000000006f71 RDI: 0000000000000004 RBP: 00007fff409397a0 R08: 0000000000000000 R09: 0000000000000039 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004006d0 R13: 00007fff40939880 R14: 0000000000000000 R15: 0000000000000000 Kernel panic - not syncing: panic_on_warn set ...
We don't have a NULL check on file_ptr in io_msg_send_fd() function, so when file_ptr is NUL src_file is also NULL and get_file() dereferences a NULL pointer and leads to above crash.
Add a NULL check to fix this issue.
{
"affected": [],
"aliases": [
"CVE-2022-50295"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-15T15:15:40Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/msg_ring: Fix NULL pointer dereference in io_msg_send_fd()\n\nSyzkaller produced the below call trace:\n\n BUG: KASAN: null-ptr-deref in io_msg_ring+0x3cb/0x9f0\n Write of size 8 at addr 0000000000000070 by task repro/16399\n\n CPU: 0 PID: 16399 Comm: repro Not tainted 6.1.0-rc1 #28\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xcd/0x134\n ? io_msg_ring+0x3cb/0x9f0\n kasan_report+0xbc/0xf0\n ? io_msg_ring+0x3cb/0x9f0\n kasan_check_range+0x140/0x190\n io_msg_ring+0x3cb/0x9f0\n ? io_msg_ring_prep+0x300/0x300\n io_issue_sqe+0x698/0xca0\n io_submit_sqes+0x92f/0x1c30\n __do_sys_io_uring_enter+0xae4/0x24b0\n....\n RIP: 0033:0x7f2eaf8f8289\n RSP: 002b:00007fff40939718 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa\n RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2eaf8f8289\n RDX: 0000000000000000 RSI: 0000000000006f71 RDI: 0000000000000004\n RBP: 00007fff409397a0 R08: 0000000000000000 R09: 0000000000000039\n R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004006d0\n R13: 00007fff40939880 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n Kernel panic - not syncing: panic_on_warn set ...\n\nWe don\u0027t have a NULL check on file_ptr in io_msg_send_fd() function,\nso when file_ptr is NUL src_file is also NULL and get_file()\ndereferences a NULL pointer and leads to above crash.\n\nAdd a NULL check to fix this issue.",
"id": "GHSA-pwv6-q4qx-8vf8",
"modified": "2025-12-04T21:31:01Z",
"published": "2025-09-15T15:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50295"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0163e04ea64cc3dfaa12390286e5f2f481c3b2e3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/16bbdfe5fb0e78e0acb13e45fc127e9a296913f2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PWVW-JX66-55X9
Vulnerability from github – Published: 2022-05-13 01:02 – Updated: 2022-05-13 01:02A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x69). The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read-in is not validated, and its use can lead to a null pointer dereference. The IT application is opened by a user and then listens for a connection on port 4001. An attacker can deliver an attack once the application has been opened.
{
"affected": [],
"aliases": [
"CVE-2018-3841"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-26T21:29:00Z",
"severity": "HIGH"
},
"details": "A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x69). The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read-in is not validated, and its use can lead to a null pointer dereference. The IT application is opened by a user and then listens for a connection on port 4001. An attacker can deliver an attack once the application has been opened.",
"id": "GHSA-pwvw-jx66-55x9",
"modified": "2022-05-13T01:02:08Z",
"published": "2022-05-13T01:02:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3841"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0524"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.