Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-QGQH-PHJ7-7FM4

Vulnerability from github – Published: 2022-05-14 00:54 – Updated: 2022-05-14 00:54
VLAI
Details

The igraph_i_strdiff function in igraph_trie.c in igraph through 0.7.1 has an NULL pointer dereference that allows attackers to cause a denial of service (application crash) via a crafted object.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-20349"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-22T00:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The igraph_i_strdiff function in igraph_trie.c in igraph through 0.7.1 has an NULL pointer dereference that allows attackers to cause a denial of service (application crash) via a crafted object.",
  "id": "GHSA-qgqh-phj7-7fm4",
  "modified": "2022-05-14T00:54:10Z",
  "published": "2022-05-14T00:54:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20349"
    },
    {
      "type": "WEB",
      "url": "https://github.com/igraph/igraph/issues/1141"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00038.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NCGDUNQYLSZLSGN6JJBORVFW46U3A75Y"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OWCGXEINKJM3JQUPVCSN4RBTRKWBTYI7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QGR6-HGC6-QM52

Vulnerability from github – Published: 2024-10-21 18:30 – Updated: 2025-11-04 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Check stream before comparing them

[WHAT & HOW] amdgpu_dm can pass a null stream to dc_is_stream_unchanged. It is necessary to check for null before dereferencing them.

This fixes 1 FORWARD_NULL issue reported by Coverity.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49896"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T18:15:12Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check stream before comparing them\n\n[WHAT \u0026 HOW]\namdgpu_dm can pass a null stream to dc_is_stream_unchanged. It is\nnecessary to check for null before dereferencing them.\n\nThis fixes 1 FORWARD_NULL issue reported by Coverity.",
  "id": "GHSA-qgr6-hgc6-qm52",
  "modified": "2025-11-04T00:31:41Z",
  "published": "2024-10-21T18:30:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49896"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0167d570f6a0b38689c4a0e50bf79c518d827500"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/14db8692afe1aa2143b673856bb603713d8ea93f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/35ff747c86767937ee1e0ca987545b7eed7a0810"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3944d226f55235a960d8f1135927f95e9801be12"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/42d31a33643813cce55ee1ebbad3a2d0d24a08e0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/471c53350ab83e47a2a117c2738ce0363785976e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5b4b13e678b15975055f4ff1ce4cf0ce4c19b6c4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e41a291e1bef1153bba091b6580ecc7affc53c82"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e8da54b7f8a17e44e67ea6d1037f35450af28115"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QGVQ-JR42-R2GX

Vulnerability from github – Published: 2024-05-21 18:31 – Updated: 2024-07-03 18:42
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

media: vidtv: psi: Add check for kstrdup

Add check for the return value of kstrdup() and return the error if it fails in order to avoid NULL pointer dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52844"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T16:15:21Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vidtv: psi: Add check for kstrdup\n\nAdd check for the return value of kstrdup() and return the error\nif it fails in order to avoid NULL pointer dereference.",
  "id": "GHSA-qgvq-jr42-r2gx",
  "modified": "2024-07-03T18:42:57Z",
  "published": "2024-05-21T18:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52844"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3387490c89b10aeb4e71d78b65dbc9ba4b2385b9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5c26aae3723965c291c65dd2ecad6a3240d422b0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5cfcc8de7d733a1137b86954cc28ce99972311ad"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/76a2c5df6ca8bd8ada45e953b8c72b746f42918d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a51335704a3f90eaf23a6864faefca34b382490a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d17269fb9161995303985ab2fe6f16cfb72152f9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QGWH-9J3V-M669

Vulnerability from github – Published: 2025-05-29 15:31 – Updated: 2025-05-29 15:31
VLAI
Details

yasm commit 9defefae was discovered to contain a NULL pointer dereference via the yasm_section_bcs_append function at section.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-22653"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-29T15:15:29Z",
    "severity": "MODERATE"
  },
  "details": "yasm commit 9defefae was discovered to contain a NULL pointer dereference via the yasm_section_bcs_append function at section.c.",
  "id": "GHSA-qgwh-9j3v-m669",
  "modified": "2025-05-29T15:31:09Z",
  "published": "2025-05-29T15:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22653"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yasm/yasm/issues/247"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/TimChan2001/03e5792b15d0a34bfaad970e37c17660"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QH32-6JJC-QPRM

Vulnerability from github – Published: 2020-09-25 18:28 – Updated: 2024-10-28 14:48
VLAI
Summary
Null pointer dereference in tensorflow-lite
Details

Impact

A crafted TFLite model can force a node to have as input a tensor backed by a nullptr buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one. The runtime assumes that these buffers are written to before a possible read, hence they are initialized with nullptr: https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/lite/core/subgraph.cc#L1224-L1227

However, by changing the buffer index for a tensor and implicitly converting that tensor to be a read-write one, as there is nothing in the model that writes to it, we get a null pointer dereference.

Patches

We have patched the issue in 0b5662bc and will release patch releases for all versions between 1.15 and 2.3.

We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by members of the Aivul Team from Qihoo 360 but was also discovered through variant analysis of GHSA-cvpc-8phh-8f45.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.15.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.1.0"
            },
            {
              "fixed": "2.1.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.2.0"
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.3.0"
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.15.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.1.0"
            },
            {
              "fixed": "2.1.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.2.0"
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.3.0"
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.15.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.1.0"
            },
            {
              "fixed": "2.1.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.2.0"
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.3.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2020-15209"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-09-25T18:13:03Z",
    "nvd_published_at": "2020-09-25T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nA crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one. The runtime assumes that these buffers are written to before a possible read, hence they are initialized with `nullptr`:\nhttps://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/lite/core/subgraph.cc#L1224-L1227\n\nHowever, by changing the buffer index for a tensor and implicitly converting that tensor to be a read-write one, as there is nothing in the model that writes to it, we get a null pointer dereference.\n\n### Patches\nWe have patched the issue in 0b5662bc and will release patch releases for all versions between 1.15 and 2.3.\n\nWe recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by members of the Aivul Team from Qihoo 360 but was also discovered through variant analysis of [GHSA-cvpc-8phh-8f45](https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cvpc-8phh-8f45).",
  "id": "GHSA-qh32-6jjc-qprm",
  "modified": "2024-10-28T14:48:11Z",
  "published": "2020-09-25T18:28:46Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qh32-6jjc-qprm"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15209"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/commit/0b5662bc2be13a8c8f044d925d87fb6e56247cd8"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2020-289.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2020-324.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2020-132.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tensorflow/tensorflow"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Null pointer dereference in tensorflow-lite"
}

GHSA-QH39-HPR9-W6QX

Vulnerability from github – Published: 2022-01-15 00:00 – Updated: 2022-01-23 00:00
VLAI
Details

A NULL pointer dereference in CS104_IPAddress_setFromString at src/iec60870/cs104/cs104_slave.c of lib60870 commit 0d5e76e can lead to a segmentation fault or application crash.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-45773"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-14T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "A NULL pointer dereference in CS104_IPAddress_setFromString at src/iec60870/cs104/cs104_slave.c of lib60870 commit 0d5e76e can lead to a segmentation fault or application crash.",
  "id": "GHSA-qh39-hpr9-w6qx",
  "modified": "2022-01-23T00:00:30Z",
  "published": "2022-01-15T00:00:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45773"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mz-automation/lib60870/issues/100"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-QH3F-H76C-JRF5

Vulnerability from github – Published: 2022-05-14 01:33 – Updated: 2022-05-14 01:33
VLAI
Details

An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereference occurs in the function AP4_List:Find located in Core/Ap4List.h when called from Core/Ap4Movie.cpp. It can be triggered by sending a crafted file to the mp4dump binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-8382"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-02-17T02:29:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereference occurs in the function AP4_List:Find located in Core/Ap4List.h when called from Core/Ap4Movie.cpp. It can be triggered by sending a crafted file to the mp4dump binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.",
  "id": "GHSA-qh3f-h76c-jrf5",
  "modified": "2022-05-14T01:33:34Z",
  "published": "2022-05-14T01:33:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8382"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axiomatic-systems/Bento4/issues/364"
    },
    {
      "type": "WEB",
      "url": "https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-ap4_listfind-bento4-1-5-1-628"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QH3P-3V24-8CRJ

Vulnerability from github – Published: 2025-05-20 18:30 – Updated: 2026-07-14 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

Input: mtk-pmic-keys - fix possible null pointer dereference

In mtk_pmic_keys_probe, the regs parameter is only set if the button is parsed in the device tree. However, on hardware where the button is left floating, that node will most likely be removed not to enable that input. In that case the code will try to dereference a null pointer.

Let's use the regs struct instead as it is defined for all supported platforms. Note that it is ok setting the key reg even if that latter is disabled as the interrupt won't be enabled anyway.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-37972"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-20T17:15:47Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: mtk-pmic-keys - fix possible null pointer dereference\n\nIn mtk_pmic_keys_probe, the regs parameter is only set if the button is\nparsed in the device tree. However, on hardware where the button is left\nfloating, that node will most likely be removed not to enable that\ninput. In that case the code will try to dereference a null pointer.\n\nLet\u0027s use the regs struct instead as it is defined for all supported\nplatforms. Note that it is ok setting the key reg even if that latter is\ndisabled as the interrupt won\u0027t be enabled anyway.",
  "id": "GHSA-qh3p-3v24-8crj",
  "modified": "2026-07-14T15:31:22Z",
  "published": "2025-05-20T18:30:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37972"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/09429ddb5a91e9e8f72cd18c012ec4171c2f85ec"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/11cdb506d0fbf5ac05bf55f5afcb3a215c316490"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/334d74a798463ceec02a41eb0e2354aaac0d6249"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/619c05fb176c272ac6cecf723446b39723ee6d97"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/90fa6015ff83ef1c373cc61b7c924ab2bcbe1801"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QH89-23Q7-9296

Vulnerability from github – Published: 2022-04-29 02:57 – Updated: 2023-12-28 18:30
VLAI
Details

The dissect_attribute_value_pairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2004-0365"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2004-05-04T04:00:00Z",
    "severity": "MODERATE"
  },
  "details": "The dissect_attribute_value_pairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference.",
  "id": "GHSA-qh89-23q7-9296",
  "modified": "2023-12-28T18:30:27Z",
  "published": "2022-04-29T02:57:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0365"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15571"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A879"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A891"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9196"
    },
    {
      "type": "WEB",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000835"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=108058005324316\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=108213710306260\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=ethereal-dev\u0026m=107962966700423\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/11185"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200403-07.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.ethereal.com/appnotes/enpa-sa-00013.html"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/124454"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:024"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-136.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-137.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QH9H-C3MP-HXR2

Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2022-05-13 01:36
VLAI
Details

A vulnerability was found while fuzzing libbpg 0.9.7. It is a NULL pointer dereference issue due to missing check of the return value of function malloc in the BPG encoder. This vulnerability appeared while converting a malicious JPEG file to BPG.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-2575"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-08-22T21:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found while fuzzing libbpg 0.9.7. It is a NULL pointer dereference issue due to missing check of the return value of function malloc in the BPG encoder. This vulnerability appeared while converting a malicious JPEG file to BPG.",
  "id": "GHSA-qh9h-c3mp-hxr2",
  "modified": "2022-05-13T01:36:55Z",
  "published": "2022-05-13T01:36:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2575"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148857"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/oss-sec/2017/q2/100"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/97963"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.