CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-R633-2867-CRC8
Vulnerability from github – Published: 2024-02-26 18:30 – Updated: 2024-04-17 21:30In the Linux kernel, the following vulnerability has been resolved:
net: hso: fix null-ptr-deref during tty device unregistration
Multiple ttys try to claim the same the minor number causing a double unregistration of the same device. The first unregistration succeeds but the next one results in a null-ptr-deref.
The get_free_serial_index() function returns an available minor number but doesn't assign it immediately. The assignment is done by the caller later. But before this assignment, calls to get_free_serial_index() would return the same minor number.
Fix this by modifying get_free_serial_index to assign the minor number immediately after one is found to be and rename it to obtain_minor() to better reflect what it does. Similary, rename set_serial_by_index() to release_minor() and modify it to free up the minor number of the given hso_serial. Every obtain_minor() should have corresponding release_minor() call.
{
"affected": [],
"aliases": [
"CVE-2021-46904"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-26T16:27:45Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hso: fix null-ptr-deref during tty device unregistration\n\nMultiple ttys try to claim the same the minor number causing a double\nunregistration of the same device. The first unregistration succeeds\nbut the next one results in a null-ptr-deref.\n\nThe get_free_serial_index() function returns an available minor number\nbut doesn\u0027t assign it immediately. The assignment is done by the caller\nlater. But before this assignment, calls to get_free_serial_index()\nwould return the same minor number.\n\nFix this by modifying get_free_serial_index to assign the minor number\nimmediately after one is found to be and rename it to obtain_minor()\nto better reflect what it does. Similary, rename set_serial_by_index()\nto release_minor() and modify it to free up the minor number of the\ngiven hso_serial. Every obtain_minor() should have corresponding\nrelease_minor() call.",
"id": "GHSA-r633-2867-crc8",
"modified": "2024-04-17T21:30:45Z",
"published": "2024-02-26T18:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46904"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/145c89c441d27696961752bf51b323f347601bee"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/388d05f70f1ee0cac4a2068fd295072f1a44152a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4a2933c88399c0ebc738db39bbce3ae89786d723"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8a12f8836145ffe37e9c8733dce18c22fb668b66"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/92028d7a31e55d53e41cff679156b9432cffcb36"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a462067d7c8e6953a733bf5ade8db947b1bb5449"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/caf5ac93b3b5d5fac032fc11fbea680e115421b4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dc195928d7e4ec7b5cfc6cd10dc4c8d87a7c72ac"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R659-6FH2-V3GV
Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2022-05-24 17:45Zetetic SQLCipher 4.x before 4.4.3 has a NULL pointer dereferencing issue related to sqlcipher_export in crypto.c and sqlite3StrICmp in sqlite3.c. This may allow an attacker to perform a remote denial of service attack. For example, an SQL injection can be used to execute the crafted SQL command sequence, which causes a segmentation fault.
{
"affected": [],
"aliases": [
"CVE-2021-3119"
],
"database_specific": {
"cwe_ids": [
"CWE-476",
"CWE-89"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-25T23:15:00Z",
"severity": "HIGH"
},
"details": "Zetetic SQLCipher 4.x before 4.4.3 has a NULL pointer dereferencing issue related to sqlcipher_export in crypto.c and sqlite3StrICmp in sqlite3.c. This may allow an attacker to perform a remote denial of service attack. For example, an SQL injection can be used to execute the crafted SQL command sequence, which causes a segmentation fault.",
"id": "GHSA-r659-6fh2-v3gv",
"modified": "2022-05-24T17:45:35Z",
"published": "2022-05-24T17:45:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3119"
},
{
"type": "WEB",
"url": "https://github.com/sqlcipher/sqlcipher/commit/cb71f53e8cea4802509f182fa5bead0ac6ab0e7f#diff-9305215a9a0ea69300281fc4af90bc7f3437e34a0e1745d030213152993ddae4"
},
{
"type": "WEB",
"url": "https://www.telekom.com/resource/blob/621186/3fb50ca7a4a97728be18717ed7b0062c/dl-210308-critical-dos-vulnerability-in-sqlcipher-sql-command-processing-data.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R65M-837P-745W
Vulnerability from github – Published: 2022-05-14 03:24 – Updated: 2022-05-14 03:24In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, lack of input validation in NPA driver functions leads to null pointer dereference.
{
"affected": [],
"aliases": [
"CVE-2015-9145"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-04-18T14:29:00Z",
"severity": "CRITICAL"
},
"details": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, lack of input validation in NPA driver functions leads to null pointer dereference.",
"id": "GHSA-r65m-837p-745w",
"modified": "2022-05-14T03:24:49Z",
"published": "2022-05-14T03:24:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9145"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103671"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R65X-4XHJ-7G65
Vulnerability from github – Published: 2024-05-01 06:31 – Updated: 2024-12-23 21:30In the Linux kernel, the following vulnerability has been resolved:
serial: core: Clearing the circular buffer before NULLifying it
The circular buffer is NULLified in uart_tty_port_shutdown() under the spin lock. However, the PM or other timer based callbacks may still trigger after this event without knowning that buffer pointer is not valid. Since the serial code is a bit inconsistent in checking the buffer state (some rely on the head-tail positions, some on the buffer pointer), it's better to have both aligned, i.e. buffer pointer to be NULL and head-tail possitions to be the same, meaning it's empty. This will prevent asynchronous calls to dereference NULL pointer as reported recently in 8250 case:
BUG: kernel NULL pointer dereference, address: 00000cf5 Workqueue: pm pm_runtime_work EIP: serial8250_tx_chars (drivers/tty/serial/8250/8250_port.c:1809) ... ? serial8250_tx_chars (drivers/tty/serial/8250/8250_port.c:1809) __start_tx (drivers/tty/serial/8250/8250_port.c:1551) serial8250_start_tx (drivers/tty/serial/8250/8250_port.c:1654) serial_port_runtime_suspend (include/linux/serial_core.h:667 drivers/tty/serial/serial_port.c:63) __rpm_callback (drivers/base/power/runtime.c:393) ? serial_port_remove (drivers/tty/serial/serial_port.c:50) rpm_suspend (drivers/base/power/runtime.c:447)
The proposed change will prevent ->start_tx() to be called during suspend on shut down port.
{
"affected": [],
"aliases": [
"CVE-2024-26998"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-01T06:15:17Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: core: Clearing the circular buffer before NULLifying it\n\nThe circular buffer is NULLified in uart_tty_port_shutdown()\nunder the spin lock. However, the PM or other timer based callbacks\nmay still trigger after this event without knowning that buffer pointer\nis not valid. Since the serial code is a bit inconsistent in checking\nthe buffer state (some rely on the head-tail positions, some on the\nbuffer pointer), it\u0027s better to have both aligned, i.e. buffer pointer\nto be NULL and head-tail possitions to be the same, meaning it\u0027s empty.\nThis will prevent asynchronous calls to dereference NULL pointer as\nreported recently in 8250 case:\n\n BUG: kernel NULL pointer dereference, address: 00000cf5\n Workqueue: pm pm_runtime_work\n EIP: serial8250_tx_chars (drivers/tty/serial/8250/8250_port.c:1809)\n ...\n ? serial8250_tx_chars (drivers/tty/serial/8250/8250_port.c:1809)\n __start_tx (drivers/tty/serial/8250/8250_port.c:1551)\n serial8250_start_tx (drivers/tty/serial/8250/8250_port.c:1654)\n serial_port_runtime_suspend (include/linux/serial_core.h:667 drivers/tty/serial/serial_port.c:63)\n __rpm_callback (drivers/base/power/runtime.c:393)\n ? serial_port_remove (drivers/tty/serial/serial_port.c:50)\n rpm_suspend (drivers/base/power/runtime.c:447)\n\nThe proposed change will prevent -\u003estart_tx() to be called during\nsuspend on shut down port.",
"id": "GHSA-r65x-4xhj-7g65",
"modified": "2024-12-23T21:30:50Z",
"published": "2024-05-01T06:31:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26998"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7ae7104d54342433a3a73975f6569beefdd86350"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9cf7ea2eeb745213dc2a04103e426b960e807940"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bb1118905e875c111d7ccef9aee86ac5e4e7f985"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R6FW-8V76-P9QQ
Vulnerability from github – Published: 2026-06-09 18:30 – Updated: 2026-06-09 18:30Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network.
{
"affected": [],
"aliases": [
"CVE-2026-42903"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-09T17:17:09Z",
"severity": "MODERATE"
},
"details": "Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network.",
"id": "GHSA-r6fw-8v76-p9qq",
"modified": "2026-06-09T18:30:44Z",
"published": "2026-06-09T18:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42903"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42903"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R6JQ-J675-MX68
Vulnerability from github – Published: 2024-10-08 18:33 – Updated: 2024-10-08 18:33NULL pointer dereference in IP socket options processing of the Networking Stack in QNX Software Development Platform (SDP) version(s) 7.1 and 7.0 could allow an attacker with local access to cause a denial-of-service condition in the context of the Networking Stack process.
{
"affected": [],
"aliases": [
"CVE-2024-35215"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-08T18:15:05Z",
"severity": "MODERATE"
},
"details": "NULL pointer dereference in IP socket options processing of the Networking Stack in QNX Software Development Platform (SDP) version(s) 7.1 and 7.0 could allow an attacker with local access to cause a denial-of-service condition in the context of the Networking Stack process.",
"id": "GHSA-r6jq-j675-mx68",
"modified": "2024-10-08T18:33:14Z",
"published": "2024-10-08T18:33:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35215"
},
{
"type": "WEB",
"url": "https://support.blackberry.com/pkb/s/article/140162"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R6PG-PJWC-J585
Vulnerability from github – Published: 2021-05-21 14:25 – Updated: 2024-11-01 17:03Impact
An attacker can trigger a null pointer dereference in the implementation of tf.raw_ops.SparseFillEmptyRows:
import tensorflow as tf
indices = tf.constant([], shape=[0, 0], dtype=tf.int64)
values = tf.constant([], shape=[0], dtype=tf.int64)
dense_shape = tf.constant([], shape=[0], dtype=tf.int64)
default_value = 0
tf.raw_ops.SparseFillEmptyRows(
indices=indices, values=values, dense_shape=dense_shape,
default_value=default_value)
This is because of missing validation that was covered under a TODO. If the dense_shape tensor is empty, then dense_shape_t.vec<>() would cause a null pointer dereference in the implementation of the op:
template <typename T, typename Tindex>
struct SparseFillEmptyRows<CPUDevice, T, Tindex> {
Status operator()(OpKernelContext* context, const Tensor& default_value_t,
const Tensor& indices_t, const Tensor& values_t,
const Tensor& dense_shape_t,
typename AsyncOpKernel::DoneCallback done) {
...
const auto dense_shape = dense_shape_t.vec<Tindex>();
...
}
}
Patches
We have patched the issue in GitHub commit faa76f39014ed3b5e2c158593b1335522e573c7f.
The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Yakun Zhang and Ying Wang of Baidu X-Team.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-29565"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-18T19:34:50Z",
"nvd_published_at": "2021-05-14T20:15:00Z",
"severity": "LOW"
},
"details": "### Impact\nAn attacker can trigger a null pointer dereference in the implementation of `tf.raw_ops.SparseFillEmptyRows`:\n\n```python\nimport tensorflow as tf\n\nindices = tf.constant([], shape=[0, 0], dtype=tf.int64)\nvalues = tf.constant([], shape=[0], dtype=tf.int64)\ndense_shape = tf.constant([], shape=[0], dtype=tf.int64)\ndefault_value = 0\n \ntf.raw_ops.SparseFillEmptyRows(\n indices=indices, values=values, dense_shape=dense_shape,\n default_value=default_value)\n```\n\nThis is because of missing [validation](https://github.com/tensorflow/tensorflow/blob/fdc82089d206e281c628a93771336bf87863d5e8/tensorflow/core/kernels/sparse_fill_empty_rows_op.cc#L230-L231) that was covered under a `TODO`. If the `dense_shape` tensor is empty, then `dense_shape_t.vec\u003c\u003e()` would cause a null pointer dereference in the implementation of the op:\n\n```cc\ntemplate \u003ctypename T, typename Tindex\u003e\nstruct SparseFillEmptyRows\u003cCPUDevice, T, Tindex\u003e {\n Status operator()(OpKernelContext* context, const Tensor\u0026 default_value_t,\n const Tensor\u0026 indices_t, const Tensor\u0026 values_t,\n const Tensor\u0026 dense_shape_t,\n typename AsyncOpKernel::DoneCallback done) {\n ...\n const auto dense_shape = dense_shape_t.vec\u003cTindex\u003e();\n ... \n }\n}\n``` \n\n### Patches\nWe have patched the issue in GitHub commit [faa76f39014ed3b5e2c158593b1335522e573c7f](https://github.com/tensorflow/tensorflow/commit/faa76f39014ed3b5e2c158593b1335522e573c7f).\n\nThe fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by Yakun Zhang and Ying Wang of Baidu X-Team.",
"id": "GHSA-r6pg-pjwc-j585",
"modified": "2024-11-01T17:03:07Z",
"published": "2021-05-21T14:25:11Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r6pg-pjwc-j585"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29565"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/faa76f39014ed3b5e2c158593b1335522e573c7f"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-493.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-691.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-202.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Null pointer dereference in `SparseFillEmptyRows`"
}
GHSA-R6X3-RV9G-7PFH
Vulnerability from github – Published: 2022-05-13 01:54 – Updated: 2022-05-13 01:54The iwbmp_read_info_header function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
{
"affected": [],
"aliases": [
"CVE-2017-7452"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-04-06T00:59:00Z",
"severity": "MODERATE"
},
"details": "The iwbmp_read_info_header function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.",
"id": "GHSA-r6x3-rv9g-7pfh",
"modified": "2022-05-13T01:54:11Z",
"published": "2022-05-13T01:54:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7452"
},
{
"type": "WEB",
"url": "https://github.com/jsummers/imageworsener/issues/8"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201706-06"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97496"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R6XP-8QHF-G8WC
Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2023-02-01 00:30An issue was discovered in fig2dev through 20200520. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service.
{
"affected": [],
"aliases": [
"CVE-2021-32280"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-20T16:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in fig2dev through 20200520. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service.",
"id": "GHSA-r6xp-8qhf-g8wc",
"modified": "2023-02-01T00:30:29Z",
"published": "2022-05-24T19:15:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32280"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00002.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00044.html"
},
{
"type": "WEB",
"url": "https://sourceforge.net/p/mcj/fig2dev/ci/f17a3b8a7d54c1bc56ab92512531772a0b3ec991"
},
{
"type": "WEB",
"url": "https://sourceforge.net/p/mcj/tickets/107"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R744-R36F-363J
Vulnerability from github – Published: 2022-01-18 00:00 – Updated: 2022-01-25 00:02mruby is vulnerable to NULL Pointer Dereference
{
"affected": [],
"aliases": [
"CVE-2022-0240"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-17T14:15:00Z",
"severity": "HIGH"
},
"details": "mruby is vulnerable to NULL Pointer Dereference",
"id": "GHSA-r744-r36f-363j",
"modified": "2022-01-25T00:02:41Z",
"published": "2022-01-18T00:00:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0240"
},
{
"type": "WEB",
"url": "https://github.com/mruby/mruby/commit/31fa3304049fc406a201a72293cce140f0557dca"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/5857eced-aad9-417d-864e-0bdf17226cbb"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.