Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-QG8H-9C83-R4H2

Vulnerability from github – Published: 2022-05-24 16:49 – Updated: 2024-04-04 01:06
VLAI
Details

An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx() or GetRelativePathsToXhtmlDocuments() when a NULL pointer is passed to xc::XMLUri::isValidURI(). This affects third-party software (not Sigil) that uses FlightCrew as a library.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-13032"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-06-28T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx() or GetRelativePathsToXhtmlDocuments() when a NULL pointer is passed to xc::XMLUri::isValidURI(). This affects third-party software (not Sigil) that uses FlightCrew as a library.",
  "id": "GHSA-qg8h-9c83-r4h2",
  "modified": "2024-04-04T01:06:46Z",
  "published": "2022-05-24T16:49:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13032"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Sigil-Ebook/flightcrew/issues/53"
    },
    {
      "type": "WEB",
      "url": "https://salvatoresecurity.com/fun-with-fuzzers-or-how-i-discovered-three-vulnerabilities-part-1-of-3"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4055-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QG9F-PH29-82PG

Vulnerability from github – Published: 2022-05-17 01:58 – Updated: 2022-05-17 01:58
VLAI
Details

In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer may be dereferenced in the front end.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-9038"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-08-18T18:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer may be dereferenced in the front end.",
  "id": "GHSA-qg9f-ph29-82pg",
  "modified": "2022-05-17T01:58:17Z",
  "published": "2022-05-17T01:58:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9038"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2017-07-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99467"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QG9W-6W4C-Q3PF

Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2022-05-24 19:10
VLAI
Details

Null pointer dereference vulnerability in D-Link DAP-2310 2,10RC039, DAP-2330 1.10RC036 BETA, DAP-2360 2.10RC055, DAP-2553 3.10rc039 BETA, DAP-2660 1.15rc131b, DAP-2690 3.20RC115 BETA, DAP-2695 1.20RC093, DAP-3320 1.05RC027 BETA and DAP-3662 1.05rc069 in the sbin/httpd binary. The crash happens at the `atoi' operation when a specific network package are sent to the httpd binary.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-28838"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-10T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "Null pointer dereference vulnerability in D-Link DAP-2310 2,10RC039, DAP-2330 1.10RC036 BETA, DAP-2360 2.10RC055, DAP-2553 3.10rc039 BETA, DAP-2660 1.15rc131b, DAP-2690 3.20RC115 BETA, DAP-2695 1.20RC093, DAP-3320 1.05RC027 BETA and DAP-3662 1.05rc069 in the sbin/httpd binary. The crash happens at the `atoi\u0027 operation when a specific network package are sent to the httpd binary.",
  "id": "GHSA-qg9w-6w4c-q3pf",
  "modified": "2022-05-24T19:10:33Z",
  "published": "2022-05-24T19:10:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28838"
    },
    {
      "type": "WEB",
      "url": "https://github.com/zyw-200/EQUAFL/blob/main/dlink-email-cve.pdf"
    },
    {
      "type": "WEB",
      "url": "https://github.com/zyw-200/EQUAFL/blob/main/dlink-email-cve2.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.dlink.com/en/security-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-QGCQ-F5V5-F8V8

Vulnerability from github – Published: 2025-10-28 15:30 – Updated: 2025-10-28 18:30
VLAI
Details

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-61104"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-28T15:16:13Z",
    "severity": "HIGH"
  },
  "details": "FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.",
  "id": "GHSA-qgcq-f5v5-f8v8",
  "modified": "2025-10-28T18:30:28Z",
  "published": "2025-10-28T15:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61104"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FRRouting/frr/issues/19471"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FRRouting/frr/pull/19480"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FRRouting/frr/pull/19480/commits/fdd957408605d4a1766225630aafc7e6b7c3daf3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/s1awwhy/BugList/blob/main/CVE-2025-61104.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QGG6-HJ2R-3X43

Vulnerability from github – Published: 2026-01-09 18:31 – Updated: 2026-01-12 18:30
VLAI
Details

fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer dereference in fluid_synth_monopoly.c, that can be triggered when loading an invalid midi file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-56225"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-09T16:16:06Z",
    "severity": "HIGH"
  },
  "details": "fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer dereference in fluid_synth_monopoly.c, that can be triggered when loading an invalid midi file.",
  "id": "GHSA-qgg6-hj2r-3x43",
  "modified": "2026-01-12T18:30:29Z",
  "published": "2026-01-09T18:31:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-56225"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FluidSynth/fluidsynth/issues/1602"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FluidSynth/fluidsynth/pull/1607"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QGGW-79C9-7RQV

Vulnerability from github – Published: 2025-06-20 15:30 – Updated: 2025-06-23 15:31
VLAI
Details

An issue was discovered in COROS PACE 3 through 3.0808.0. Due to a NULL pointer dereference vulnerability, sending a crafted BLE message forces the device to reboot.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-48705"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-20T14:15:29Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in COROS PACE 3 through 3.0808.0. Due to a NULL pointer dereference vulnerability, sending a crafted BLE message forces the device to reboot.",
  "id": "GHSA-qggw-79c9-7rqv",
  "modified": "2025-06-23T15:31:38Z",
  "published": "2025-06-20T15:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48705"
    },
    {
      "type": "WEB",
      "url": "https://syss.de"
    },
    {
      "type": "WEB",
      "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-027.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QGP7-V6FQ-JXVW

Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-19 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

arm64: fix oops in concurrently setting insn_emulation sysctls

emulation_proc_handler() changes table->data for proc_dointvec_minmax and can generate the following Oops if called concurrently with itself:

| Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010 | Internal error: Oops: 96000006 [#1] SMP | Call trace: | update_insn_emulation_mode+0xc0/0x148 | emulation_proc_handler+0x64/0xb8 | proc_sys_call_handler+0x9c/0xf8 | proc_sys_write+0x18/0x20 | __vfs_write+0x20/0x48 | vfs_write+0xe4/0x1d0 | ksys_write+0x70/0xf8 | __arm64_sys_write+0x20/0x28 | el0_svc_common.constprop.0+0x7c/0x1c0 | el0_svc_handler+0x2c/0xa0 | el0_svc+0x8/0x200

To fix this issue, keep the table->data as &insn->current_mode and use container_of() to retrieve the insn pointer. Another mutex is used to protect against the current_mode update but not for retrieving insn_emulation as table->data is no longer changing.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50206"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-18T11:15:51Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: fix oops in concurrently setting insn_emulation sysctls\n\nemulation_proc_handler() changes table-\u003edata for proc_dointvec_minmax\nand can generate the following Oops if called concurrently with itself:\n\n | Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010\n | Internal error: Oops: 96000006 [#1] SMP\n | Call trace:\n | update_insn_emulation_mode+0xc0/0x148\n | emulation_proc_handler+0x64/0xb8\n | proc_sys_call_handler+0x9c/0xf8\n | proc_sys_write+0x18/0x20\n | __vfs_write+0x20/0x48\n | vfs_write+0xe4/0x1d0\n | ksys_write+0x70/0xf8\n | __arm64_sys_write+0x20/0x28\n | el0_svc_common.constprop.0+0x7c/0x1c0\n | el0_svc_handler+0x2c/0xa0\n | el0_svc+0x8/0x200\n\nTo fix this issue, keep the table-\u003edata as \u0026insn-\u003ecurrent_mode and\nuse container_of() to retrieve the insn pointer. Another mutex is\nused to protect against the current_mode update but not for retrieving\ninsn_emulation as table-\u003edata is no longer changing.",
  "id": "GHSA-qgp7-v6fq-jxvw",
  "modified": "2025-11-19T15:31:30Z",
  "published": "2025-06-18T12:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50206"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/04549063d5701976034d8c2bfda3d3a8cbf0409f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/07022e07017ee5540f5559b0aeb916e8383c1e1a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/353b4673d01c512303c45cf2346f630cda73b5c9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6a2fd114678d7fc1b5a0f8865ae98f1c17787455"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9d5fec6ba2e4117d196a8259ab54615ffe562460"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/af483947d472eccb79e42059276c4deed76f99a6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b51881b1da57fe9877125dfdd0aac5172958fcfd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cc69ef95988b9ef2fc730ec452a7441efb90ef5e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QGPJ-59QM-CX5G

Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-19 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

iio: light: isl29028: Fix the warning in isl29028_remove()

The driver use the non-managed form of the register function in isl29028_remove(). To keep the release order as mirroring the ordering in probe, the driver should use non-managed form in probe, too.

The following log reveals it:

[ 32.374955] isl29028 0-0010: remove [ 32.376861] general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN PTI [ 32.377676] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] [ 32.379432] RIP: 0010:kernfs_find_and_get_ns+0x28/0xe0 [ 32.385461] Call Trace: [ 32.385807] sysfs_unmerge_group+0x59/0x110 [ 32.386110] dpm_sysfs_remove+0x58/0xc0 [ 32.386391] device_del+0x296/0xe50 [ 32.386959] cdev_device_del+0x1d/0xd0 [ 32.387231] devm_iio_device_unreg+0x27/0xb0 [ 32.387542] devres_release_group+0x319/0x3d0 [ 32.388162] i2c_device_remove+0x93/0x1f0

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50218"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-18T11:15:52Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: light: isl29028: Fix the warning in isl29028_remove()\n\nThe driver use the non-managed form of the register function in\nisl29028_remove(). To keep the release order as mirroring the ordering\nin probe, the driver should use non-managed form in probe, too.\n\nThe following log reveals it:\n\n[   32.374955] isl29028 0-0010: remove\n[   32.376861] general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN PTI\n[   32.377676] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]\n[   32.379432] RIP: 0010:kernfs_find_and_get_ns+0x28/0xe0\n[   32.385461] Call Trace:\n[   32.385807]  sysfs_unmerge_group+0x59/0x110\n[   32.386110]  dpm_sysfs_remove+0x58/0xc0\n[   32.386391]  device_del+0x296/0xe50\n[   32.386959]  cdev_device_del+0x1d/0xd0\n[   32.387231]  devm_iio_device_unreg+0x27/0xb0\n[   32.387542]  devres_release_group+0x319/0x3d0\n[   32.388162]  i2c_device_remove+0x93/0x1f0",
  "id": "GHSA-qgpj-59qm-cx5g",
  "modified": "2025-11-19T15:31:31Z",
  "published": "2025-06-18T12:30:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50218"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/06674fc7c003b9d0aa1d37fef7ab2c24802cc6ad"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/359f3b150eab30805fe0e4e9d616887d7257a625"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4f0ebfb4b9bfad2326c0b2c3cc7e37f4b9ee9eba"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a1135205b0affd255510775a27df571aca84ab4b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ca63d5abf404d2934e2ac03545350de7bb8c8e96"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ed43fb20d3d1fca9d79db0d5faf4321a4dd58c23"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fac589fb764699a4bcd288f6656b8cd0408ea968"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fb1888205c0782f287e5dd4ffff1f665332e868c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QGPM-JG9J-H3FQ

Vulnerability from github – Published: 2024-05-21 18:31 – Updated: 2024-06-03 18:55
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Avoid NULL dereference of timing generator

[Why & How] Check whether assigned timing generator is NULL or not before accessing its funcs to prevent NULL dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52753"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T16:15:14Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid NULL dereference of timing generator\n\n[Why \u0026 How]\nCheck whether assigned timing generator is NULL or not before\naccessing its funcs to prevent NULL dereference.",
  "id": "GHSA-qgpm-jg9j-h3fq",
  "modified": "2024-06-03T18:55:25Z",
  "published": "2024-05-21T18:31:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52753"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/09909f515032fa80b921fd3118efe66b185d10fd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4e497f1acd99075b13605b2e7fa0cba721a2cfd9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6d8653b1a7a8dc938b566ae8c4f373b36e792c68"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/79b6a90f4f2433312154cd68452b0ba501fa74db"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8a06894666e0b462c9316b26ab615cefdd0d676c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b1904ed480cee3f9f4036ea0e36d139cb5fee2d6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/df8bc953eed72371e43ca407bd063507f760cf89"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eac3e4760aa12159f7f5475d55a67b7933abc195"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QGQ4-89P9-QFRH

Vulnerability from github – Published: 2025-05-16 18:31 – Updated: 2026-05-06 18:30
VLAI
Details

A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 (Unauthorized) HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed header can lead to a crash of the client application using libsoup. An attacker could exploit this by setting up a malicious HTTP server. If a user's application using the vulnerable libsoup library connects to this malicious server, it could result in a denial-of-service. Successful exploitation requires tricking a user's client application into connecting to the attacker's malicious server.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-4476"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-16T18:16:10Z",
    "severity": "MODERATE"
  },
  "details": "A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 (Unauthorized) HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed header can lead to a crash of the client application using libsoup. An attacker could exploit this by setting up a malicious HTTP server. If a user\u0027s application using the vulnerable libsoup library connects to this malicious server, it could result in a denial-of-service. Successful exploitation requires tricking a user\u0027s client application into connecting to the attacker\u0027s malicious server.",
  "id": "GHSA-qgq4-89p9-qfrh",
  "modified": "2026-05-06T18:30:23Z",
  "published": "2025-05-16T18:31:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4476"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2025-4476"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2366513"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/440"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.gnome.org/GNOME/libsoup/-/work_items/440"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.