Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-QM6P-QF3F-94PQ

Vulnerability from github – Published: 2025-10-22 18:30 – Updated: 2025-10-23 15:30
VLAI
Details

A NULL pointer dereference in the main function of TOTOLINK N600R v4.3.0cu.7866_B20220506 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-60335"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-22T16:15:45Z",
    "severity": "HIGH"
  },
  "details": "A NULL pointer dereference in the main function of TOTOLINK N600R v4.3.0cu.7866_B20220506 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.",
  "id": "GHSA-qm6p-qf3f-94pq",
  "modified": "2025-10-23T15:30:34Z",
  "published": "2025-10-22T18:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60335"
    },
    {
      "type": "WEB",
      "url": "https://github.com/z472421519/BinaryAudit/blob/main/PoC/NPD/TOTOLink/main/CONTENT_LENGTH_MAX.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QM72-G7QG-9H32

Vulnerability from github – Published: 2022-05-17 02:20 – Updated: 2022-05-17 02:20
VLAI
Details

The id3_ucs4_length function in ucs4.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (NULL Pointer Dereference and application crash) via a crafted mp3 file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-11550"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-07-31T13:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The id3_ucs4_length function in ucs4.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (NULL Pointer Dereference and application crash) via a crafted mp3 file.",
  "id": "GHSA-qm72-g7qg-9h32",
  "modified": "2022-05-17T02:20:36Z",
  "published": "2022-05-17T02:20:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11550"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2017/Jul/85"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QM84-FC6X-GW47

Vulnerability from github – Published: 2024-05-20 12:30 – Updated: 2026-05-12 12:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

i2c: smbus: fix NULL function pointer dereference

Baruch reported an OOPS when using the designware controller as target only. Target-only modes break the assumption of one transfer function always being available. Fix this by always checking the pointer in __i2c_transfer.

[wsa: dropped the simplification in core-smbus to avoid theoretical regressions]

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-35984"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-20T10:15:12Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: smbus: fix NULL function pointer dereference\n\nBaruch reported an OOPS when using the designware controller as target\nonly. Target-only modes break the assumption of one transfer function\nalways being available. Fix this by always checking the pointer in\n__i2c_transfer.\n\n[wsa: dropped the simplification in core-smbus to avoid theoretical regressions]",
  "id": "GHSA-qm84-fc6x-gw47",
  "modified": "2026-05-12T12:31:51Z",
  "published": "2024-05-20T12:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35984"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-613116.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/357c64ef1ef39b1e7cd91ab6bdd304d043702c83"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/40f1d79f07b49c8a64a861706e5163f2db4bd95d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4e75e222d397c6752b229ed72fc4644c8c36ecde"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5a09eae9a7db597fe0c1fc91636205b4a25d2620"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5fd72404587d7db4acb2d241fd8c387afb0a7aec"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/91811a31b68d3765b3065f4bb6d7d6d84a7cfc9f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ad3c3ac7a03be3697114f781193dd3e9d97e6e23"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e3425674ff68dc521c57c6eabad0cbd20a027d85"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QM87-7CR9-FF26

Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-21 00:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: sf-pdma: Add multithread support for a DMA channel

When we get a DMA channel and try to use it in multiple threads it will cause oops and hanging the system.

% echo 64 > /sys/module/dmatest/parameters/threads_per_chan % echo 10000 > /sys/module/dmatest/parameters/iterations % echo 1 > /sys/module/dmatest/parameters/run [ 89.480664] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a0 [ 89.488725] Oops [#1] [ 89.494708] CPU: 2 PID: 1008 Comm: dma0chan0-copy0 Not tainted 5.17.0-rc5 [ 89.509385] epc : vchan_find_desc+0x32/0x46 [ 89.513553] ra : sf_pdma_tx_status+0xca/0xd6

This happens because of data race. Each thread rewrite channels's descriptor as soon as device_prep_dma_memcpy() is called. It leads to the situation when the driver thinks that it uses right descriptor that actually is freed or substituted for other one.

With current fixes a descriptor changes its value only when it has been used. A new descriptor is acquired from vc->desc_issued queue that is already filled with descriptors that are ready to be sent. Threads have no direct access to DMA channel descriptor. Now it is just possible to queue a descriptor for further processing.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50145"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-18T11:15:44Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: sf-pdma: Add multithread support for a DMA channel\n\nWhen we get a DMA channel and try to use it in multiple threads it\nwill cause oops and hanging the system.\n\n% echo 64 \u003e /sys/module/dmatest/parameters/threads_per_chan\n% echo 10000 \u003e /sys/module/dmatest/parameters/iterations\n% echo 1 \u003e /sys/module/dmatest/parameters/run\n[   89.480664] Unable to handle kernel NULL pointer dereference at virtual\n               address 00000000000000a0\n[   89.488725] Oops [#1]\n[   89.494708] CPU: 2 PID: 1008 Comm: dma0chan0-copy0 Not tainted\n               5.17.0-rc5\n[   89.509385] epc : vchan_find_desc+0x32/0x46\n[   89.513553]  ra : sf_pdma_tx_status+0xca/0xd6\n\nThis happens because of data race. Each thread rewrite channels\u0027s\ndescriptor as soon as device_prep_dma_memcpy() is called. It leads to the\nsituation when the driver thinks that it uses right descriptor that\nactually is freed or substituted for other one.\n\nWith current fixes a descriptor changes its value only when it has\nbeen used. A new descriptor is acquired from vc-\u003edesc_issued queue that\nis already filled with descriptors that are ready to be sent. Threads\nhave no direct access to DMA channel descriptor. Now it is just possible\nto queue a descriptor for further processing.",
  "id": "GHSA-qm87-7cr9-ff26",
  "modified": "2025-11-21T00:30:18Z",
  "published": "2025-06-18T12:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50145"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4c7350b1dd8a192af844de32fc99b9e34c876fda"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5ab2782c944e324008ef5d658f2494a9f0e3c5ac"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a93b3f1e11971a91b6441b6d47488f4492cc113f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b2cc5c465c2cb8ab697c3fd6583c614e3f6cfbcc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b9b4992f897be9b0b9e3a3b956cab6b75ccc3f11"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QM9X-FRX6-XCV6

Vulnerability from github – Published: 2026-06-03 18:33 – Updated: 2026-06-09 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

pinctrl: canaan: k230: Fix NULL pointer dereference when parsing devicetree

When probing the k230 pinctrl driver, the kernel triggers a NULL pointer dereference. The crash trace showed: [ 0.732084] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000068 [ 0.740737] ... [ 0.776296] epc : k230_pinctrl_probe+0x1be/0x4fc

In k230_pinctrl_parse_functions(), we attempt to retrieve the device pointer via info->pctl_dev->dev, but info->pctl_dev is only initialized after k230_pinctrl_parse_dt() completes.

At the time of DT parsing, info->pctl_dev is still NULL, leading to the invalid dereference of info->pctl_dev->dev.

Use the already available device pointer from platform_device instead of accessing through uninitialized pctl_dev.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-46269"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-03T18:16:28Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: canaan: k230: Fix NULL pointer dereference when parsing devicetree\n\nWhen probing the k230 pinctrl driver, the kernel triggers a NULL pointer\ndereference. The crash trace showed:\n[    0.732084] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000068\n[    0.740737] ...\n[    0.776296] epc : k230_pinctrl_probe+0x1be/0x4fc\n\nIn k230_pinctrl_parse_functions(), we attempt to retrieve the device\npointer via info-\u003epctl_dev-\u003edev, but info-\u003epctl_dev is only initialized\nafter k230_pinctrl_parse_dt() completes.\n\nAt the time of DT parsing, info-\u003epctl_dev is still NULL, leading to\nthe invalid dereference of info-\u003epctl_dev-\u003edev.\n\nUse the already available device pointer from platform_device\ninstead of accessing through uninitialized pctl_dev.",
  "id": "GHSA-qm9x-frx6-xcv6",
  "modified": "2026-06-09T21:32:21Z",
  "published": "2026-06-03T18:33:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46269"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1d0d361f4dbc2bb2003594f84e4b101fc6b508c0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3c7d637bfc3dfbd6471c68bd767f7eb8b5b09eba"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d8c128fb6c2277d95f3f6a4ce28b82c8370031f6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QMHV-3RQ4-CPJP

Vulnerability from github – Published: 2022-03-17 00:00 – Updated: 2022-03-17 00:00
VLAI
Details

Adobe Bridge version 11.1.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-40750"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-16T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Adobe Bridge version 11.1.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-qmhv-3rq4-cpjp",
  "modified": "2022-03-17T00:00:35Z",
  "published": "2022-03-17T00:00:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40750"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/bridge/apsb21-94.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QMPJ-VX37-329M

Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2022-05-13 01:36
VLAI
Details

It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation before 2.6.22.17 used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-2634"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-27T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "It was found that the Linux kernel\u0027s Datagram Congestion Control Protocol (DCCP) implementation before 2.6.22.17 used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the system.",
  "id": "GHSA-qmpj-vx37-329m",
  "modified": "2022-05-13T01:36:52Z",
  "published": "2022-05-13T01:36:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2634"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:0323"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:0346"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:0347"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2017-2634"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1424751"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2634"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f53dc67c5e7babafe239b93a11678b0e05bead51"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2017-0323.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2017-0346.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2017-0347.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/96529"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037909"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QMPX-WCM9-R94F

Vulnerability from github – Published: 2025-09-05 18:31 – Updated: 2025-11-25 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

mm/vmscan: fix hwpoisoned large folio handling in shrink_folio_list

In shrink_folio_list(), the hwpoisoned folio may be large folio, which can't be handled by unmap_poisoned_folio(). For THP, try_to_unmap_one() must be passed with TTU_SPLIT_HUGE_PMD to split huge PMD first and then retry. Without TTU_SPLIT_HUGE_PMD, we will trigger null-ptr deref of pvmw.pte. Even we passed TTU_SPLIT_HUGE_PMD, we will trigger a WARN_ON_ONCE due to the page isn't in swapcache.

Since UCE is rare in real world, and race with reclaimation is more rare, just skipping the hwpoisoned large folio is enough. memory_failure() will handle it if the UCE is triggered again.

This happens when memory reclaim for large folio races with memory_failure(), and will lead to kernel panic. The race is as follows:

cpu0 cpu1 shrink_folio_list memory_failure TestSetPageHWPoison unmap_poisoned_folio --> trigger BUG_ON due to unmap_poisoned_folio couldn't handle large folio

[tujinjiang@huawei.com: add comment to unmap_poisoned_folio()]

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-39725"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-05T18:15:50Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/vmscan: fix hwpoisoned large folio handling in shrink_folio_list\n\nIn shrink_folio_list(), the hwpoisoned folio may be large folio, which\ncan\u0027t be handled by unmap_poisoned_folio().  For THP, try_to_unmap_one()\nmust be passed with TTU_SPLIT_HUGE_PMD to split huge PMD first and then\nretry.  Without TTU_SPLIT_HUGE_PMD, we will trigger null-ptr deref of\npvmw.pte.  Even we passed TTU_SPLIT_HUGE_PMD, we will trigger a\nWARN_ON_ONCE due to the page isn\u0027t in swapcache.\n\nSince UCE is rare in real world, and race with reclaimation is more rare,\njust skipping the hwpoisoned large folio is enough.  memory_failure() will\nhandle it if the UCE is triggered again.\n\nThis happens when memory reclaim for large folio races with\nmemory_failure(), and will lead to kernel panic.  The race is as\nfollows:\n\ncpu0      cpu1\n shrink_folio_list memory_failure\n  TestSetPageHWPoison\n  unmap_poisoned_folio\n  --\u003e trigger BUG_ON due to\n  unmap_poisoned_folio couldn\u0027t\n   handle large folio\n\n[tujinjiang@huawei.com: add comment to unmap_poisoned_folio()]",
  "id": "GHSA-qmpx-wcm9-r94f",
  "modified": "2025-11-25T21:32:04Z",
  "published": "2025-09-05T18:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39725"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/656eaddbc952e1baae2f69281c22debe22140312"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9f1e8cd0b7c4c944e9921b52a6661b5eda2705ab"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c1101113d45838a823188ae25c61af97552a28ae"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QMR3-6JFH-4H6M

Vulnerability from github – Published: 2022-05-14 01:00 – Updated: 2022-05-14 01:00
VLAI
Details

An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-8357"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-02-15T23:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference.",
  "id": "GHSA-qmr3-6jfh-4h6m",
  "modified": "2022-05-14T01:00:17Z",
  "published": "2022-05-14T01:00:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8357"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00040.html"
    },
    {
      "type": "WEB",
      "url": "https://sourceforge.net/p/sox/bugs/318"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4079-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4079-2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QMWH-43GH-R2CG

Vulnerability from github – Published: 2022-05-14 01:13 – Updated: 2022-05-14 01:13
VLAI
Details

A null pointer dereference was addressed with improved validation. This issue affected versions prior to macOS High Sierra 10.13.6.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-4276"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-04-03T18:29:00Z",
    "severity": "HIGH"
  },
  "details": "A null pointer dereference was addressed with improved validation. This issue affected versions prior to macOS High Sierra 10.13.6.",
  "id": "GHSA-qmwh-43gh-r2cg",
  "modified": "2022-05-14T01:13:34Z",
  "published": "2022-05-14T01:13:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4276"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT208937"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.