CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-QGQH-PHJ7-7FM4
Vulnerability from github – Published: 2022-05-14 00:54 – Updated: 2022-05-14 00:54The igraph_i_strdiff function in igraph_trie.c in igraph through 0.7.1 has an NULL pointer dereference that allows attackers to cause a denial of service (application crash) via a crafted object.
{
"affected": [],
"aliases": [
"CVE-2018-20349"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-22T00:29:00Z",
"severity": "MODERATE"
},
"details": "The igraph_i_strdiff function in igraph_trie.c in igraph through 0.7.1 has an NULL pointer dereference that allows attackers to cause a denial of service (application crash) via a crafted object.",
"id": "GHSA-qgqh-phj7-7fm4",
"modified": "2022-05-14T00:54:10Z",
"published": "2022-05-14T00:54:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20349"
},
{
"type": "WEB",
"url": "https://github.com/igraph/igraph/issues/1141"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00038.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NCGDUNQYLSZLSGN6JJBORVFW46U3A75Y"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OWCGXEINKJM3JQUPVCSN4RBTRKWBTYI7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QGR6-HGC6-QM52
Vulnerability from github – Published: 2024-10-21 18:30 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check stream before comparing them
[WHAT & HOW] amdgpu_dm can pass a null stream to dc_is_stream_unchanged. It is necessary to check for null before dereferencing them.
This fixes 1 FORWARD_NULL issue reported by Coverity.
{
"affected": [],
"aliases": [
"CVE-2024-49896"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T18:15:12Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check stream before comparing them\n\n[WHAT \u0026 HOW]\namdgpu_dm can pass a null stream to dc_is_stream_unchanged. It is\nnecessary to check for null before dereferencing them.\n\nThis fixes 1 FORWARD_NULL issue reported by Coverity.",
"id": "GHSA-qgr6-hgc6-qm52",
"modified": "2025-11-04T00:31:41Z",
"published": "2024-10-21T18:30:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49896"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0167d570f6a0b38689c4a0e50bf79c518d827500"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/14db8692afe1aa2143b673856bb603713d8ea93f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/35ff747c86767937ee1e0ca987545b7eed7a0810"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3944d226f55235a960d8f1135927f95e9801be12"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/42d31a33643813cce55ee1ebbad3a2d0d24a08e0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/471c53350ab83e47a2a117c2738ce0363785976e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5b4b13e678b15975055f4ff1ce4cf0ce4c19b6c4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e41a291e1bef1153bba091b6580ecc7affc53c82"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e8da54b7f8a17e44e67ea6d1037f35450af28115"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QGVQ-JR42-R2GX
Vulnerability from github – Published: 2024-05-21 18:31 – Updated: 2024-07-03 18:42In the Linux kernel, the following vulnerability has been resolved:
media: vidtv: psi: Add check for kstrdup
Add check for the return value of kstrdup() and return the error if it fails in order to avoid NULL pointer dereference.
{
"affected": [],
"aliases": [
"CVE-2023-52844"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-21T16:15:21Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vidtv: psi: Add check for kstrdup\n\nAdd check for the return value of kstrdup() and return the error\nif it fails in order to avoid NULL pointer dereference.",
"id": "GHSA-qgvq-jr42-r2gx",
"modified": "2024-07-03T18:42:57Z",
"published": "2024-05-21T18:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52844"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3387490c89b10aeb4e71d78b65dbc9ba4b2385b9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5c26aae3723965c291c65dd2ecad6a3240d422b0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5cfcc8de7d733a1137b86954cc28ce99972311ad"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/76a2c5df6ca8bd8ada45e953b8c72b746f42918d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a51335704a3f90eaf23a6864faefca34b382490a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d17269fb9161995303985ab2fe6f16cfb72152f9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QGWH-9J3V-M669
Vulnerability from github – Published: 2025-05-29 15:31 – Updated: 2025-05-29 15:31yasm commit 9defefae was discovered to contain a NULL pointer dereference via the yasm_section_bcs_append function at section.c.
{
"affected": [],
"aliases": [
"CVE-2024-22653"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-29T15:15:29Z",
"severity": "MODERATE"
},
"details": "yasm commit 9defefae was discovered to contain a NULL pointer dereference via the yasm_section_bcs_append function at section.c.",
"id": "GHSA-qgwh-9j3v-m669",
"modified": "2025-05-29T15:31:09Z",
"published": "2025-05-29T15:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22653"
},
{
"type": "WEB",
"url": "https://github.com/yasm/yasm/issues/247"
},
{
"type": "WEB",
"url": "https://gist.github.com/TimChan2001/03e5792b15d0a34bfaad970e37c17660"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QH32-6JJC-QPRM
Vulnerability from github – Published: 2020-09-25 18:28 – Updated: 2024-10-28 14:48Impact
A crafted TFLite model can force a node to have as input a tensor backed by a nullptr buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one. The runtime assumes that these buffers are written to before a possible read, hence they are initialized with nullptr:
https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/lite/core/subgraph.cc#L1224-L1227
However, by changing the buffer index for a tensor and implicitly converting that tensor to be a read-write one, as there is nothing in the model that writes to it, we get a null pointer dereference.
Patches
We have patched the issue in 0b5662bc and will release patch releases for all versions between 1.15 and 2.3.
We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by members of the Aivul Team from Qihoo 360 but was also discovered through variant analysis of GHSA-cvpc-8phh-8f45.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.15.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.1.0"
},
{
"fixed": "2.1.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.2.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.3.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.15.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.1.0"
},
{
"fixed": "2.1.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.2.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.3.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.15.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.1.0"
},
{
"fixed": "2.1.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.2.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.3.0"
]
}
],
"aliases": [
"CVE-2020-15209"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": true,
"github_reviewed_at": "2020-09-25T18:13:03Z",
"nvd_published_at": "2020-09-25T19:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\nA crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one. The runtime assumes that these buffers are written to before a possible read, hence they are initialized with `nullptr`:\nhttps://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/lite/core/subgraph.cc#L1224-L1227\n\nHowever, by changing the buffer index for a tensor and implicitly converting that tensor to be a read-write one, as there is nothing in the model that writes to it, we get a null pointer dereference.\n\n### Patches\nWe have patched the issue in 0b5662bc and will release patch releases for all versions between 1.15 and 2.3.\n\nWe recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by members of the Aivul Team from Qihoo 360 but was also discovered through variant analysis of [GHSA-cvpc-8phh-8f45](https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cvpc-8phh-8f45).",
"id": "GHSA-qh32-6jjc-qprm",
"modified": "2024-10-28T14:48:11Z",
"published": "2020-09-25T18:28:46Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qh32-6jjc-qprm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15209"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/0b5662bc2be13a8c8f044d925d87fb6e56247cd8"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2020-289.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2020-324.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2020-132.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Null pointer dereference in tensorflow-lite"
}
GHSA-QH39-HPR9-W6QX
Vulnerability from github – Published: 2022-01-15 00:00 – Updated: 2022-01-23 00:00A NULL pointer dereference in CS104_IPAddress_setFromString at src/iec60870/cs104/cs104_slave.c of lib60870 commit 0d5e76e can lead to a segmentation fault or application crash.
{
"affected": [],
"aliases": [
"CVE-2021-45773"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-14T20:15:00Z",
"severity": "HIGH"
},
"details": "A NULL pointer dereference in CS104_IPAddress_setFromString at src/iec60870/cs104/cs104_slave.c of lib60870 commit 0d5e76e can lead to a segmentation fault or application crash.",
"id": "GHSA-qh39-hpr9-w6qx",
"modified": "2022-01-23T00:00:30Z",
"published": "2022-01-15T00:00:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45773"
},
{
"type": "WEB",
"url": "https://github.com/mz-automation/lib60870/issues/100"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-QH3F-H76C-JRF5
Vulnerability from github – Published: 2022-05-14 01:33 – Updated: 2022-05-14 01:33An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereference occurs in the function AP4_List:Find located in Core/Ap4List.h when called from Core/Ap4Movie.cpp. It can be triggered by sending a crafted file to the mp4dump binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
{
"affected": [],
"aliases": [
"CVE-2019-8382"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-02-17T02:29:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereference occurs in the function AP4_List:Find located in Core/Ap4List.h when called from Core/Ap4Movie.cpp. It can be triggered by sending a crafted file to the mp4dump binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.",
"id": "GHSA-qh3f-h76c-jrf5",
"modified": "2022-05-14T01:33:34Z",
"published": "2022-05-14T01:33:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8382"
},
{
"type": "WEB",
"url": "https://github.com/axiomatic-systems/Bento4/issues/364"
},
{
"type": "WEB",
"url": "https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-ap4_listfind-bento4-1-5-1-628"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QH3P-3V24-8CRJ
Vulnerability from github – Published: 2025-05-20 18:30 – Updated: 2026-07-14 15:31In the Linux kernel, the following vulnerability has been resolved:
Input: mtk-pmic-keys - fix possible null pointer dereference
In mtk_pmic_keys_probe, the regs parameter is only set if the button is parsed in the device tree. However, on hardware where the button is left floating, that node will most likely be removed not to enable that input. In that case the code will try to dereference a null pointer.
Let's use the regs struct instead as it is defined for all supported platforms. Note that it is ok setting the key reg even if that latter is disabled as the interrupt won't be enabled anyway.
{
"affected": [],
"aliases": [
"CVE-2025-37972"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-20T17:15:47Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: mtk-pmic-keys - fix possible null pointer dereference\n\nIn mtk_pmic_keys_probe, the regs parameter is only set if the button is\nparsed in the device tree. However, on hardware where the button is left\nfloating, that node will most likely be removed not to enable that\ninput. In that case the code will try to dereference a null pointer.\n\nLet\u0027s use the regs struct instead as it is defined for all supported\nplatforms. Note that it is ok setting the key reg even if that latter is\ndisabled as the interrupt won\u0027t be enabled anyway.",
"id": "GHSA-qh3p-3v24-8crj",
"modified": "2026-07-14T15:31:22Z",
"published": "2025-05-20T18:30:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37972"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/09429ddb5a91e9e8f72cd18c012ec4171c2f85ec"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/11cdb506d0fbf5ac05bf55f5afcb3a215c316490"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/334d74a798463ceec02a41eb0e2354aaac0d6249"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/619c05fb176c272ac6cecf723446b39723ee6d97"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/90fa6015ff83ef1c373cc61b7c924ab2bcbe1801"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QH89-23Q7-9296
Vulnerability from github – Published: 2022-04-29 02:57 – Updated: 2023-12-28 18:30The dissect_attribute_value_pairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference.
{
"affected": [],
"aliases": [
"CVE-2004-0365"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2004-05-04T04:00:00Z",
"severity": "MODERATE"
},
"details": "The dissect_attribute_value_pairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference.",
"id": "GHSA-qh89-23q7-9296",
"modified": "2023-12-28T18:30:27Z",
"published": "2022-04-29T02:57:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0365"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15571"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A879"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A891"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9196"
},
{
"type": "WEB",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000835"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=108058005324316\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=108213710306260\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=ethereal-dev\u0026m=107962966700423\u0026w=2"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/11185"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-200403-07.xml"
},
{
"type": "WEB",
"url": "http://www.ethereal.com/appnotes/enpa-sa-00013.html"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/124454"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:024"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2004-136.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2004-137.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QH9H-C3MP-HXR2
Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2022-05-13 01:36A vulnerability was found while fuzzing libbpg 0.9.7. It is a NULL pointer dereference issue due to missing check of the return value of function malloc in the BPG encoder. This vulnerability appeared while converting a malicious JPEG file to BPG.
{
"affected": [],
"aliases": [
"CVE-2017-2575"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-08-22T21:29:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found while fuzzing libbpg 0.9.7. It is a NULL pointer dereference issue due to missing check of the return value of function malloc in the BPG encoder. This vulnerability appeared while converting a malicious JPEG file to BPG.",
"id": "GHSA-qh9h-c3mp-hxr2",
"modified": "2022-05-13T01:36:55Z",
"published": "2022-05-13T01:36:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2575"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148857"
},
{
"type": "WEB",
"url": "http://seclists.org/oss-sec/2017/q2/100"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97963"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.