CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-RCR7-P7PF-H84M
Vulnerability from github – Published: 2022-05-17 00:12 – Updated: 2022-05-17 00:12In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer dereference and application crash) against directory authorities via a malformed descriptor, aka TROVE-2017-010.
{
"affected": [],
"aliases": [
"CVE-2017-8820"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-12-03T07:29:00Z",
"severity": "HIGH"
},
"details": "In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer dereference and application crash) against directory authorities via a malformed descriptor, aka TROVE-2017-010.",
"id": "GHSA-rcr7-p7pf-h84m",
"modified": "2022-05-17T00:12:00Z",
"published": "2022-05-17T00:12:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8820"
},
{
"type": "WEB",
"url": "https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516"
},
{
"type": "WEB",
"url": "https://bugs.torproject.org/24245"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-4054"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RCRX-FPJP-MFRW
Vulnerability from github – Published: 2022-11-02 18:10 – Updated: 2022-11-02 18:10Impact
The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be appended to another.
Patches
It has been patched in 2.6.0 for muhammara and not at all for hummus
Workarounds
Do not process files from untrusted sources
References
PR: https://github.com/julianhille/MuhammaraJS/pull/194 Issue: https://github.com/julianhille/MuhammaraJS/issues/191 Issue in hummus: https://github.com/galkahana/HummusJS/issues/293
Outline differences to https://nvd.nist.gov/vuln/detail/CVE-2022-25892
The difference is one is in src/deps/PDFWriter/PDFParser.cpp and the other is PDFDocumentHandler.cpp both is a null pointer but for different cases These are totally diffent issues, one is in reading a pdf the other is in appendending a maliciously crafted one. The function calls are different the versions in which they are solved are diffent.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "muhammara"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.6.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "hummus"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.111"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-39381"
],
"database_specific": {
"cwe_ids": [
"CWE-476",
"CWE-690"
],
"github_reviewed": true,
"github_reviewed_at": "2022-11-02T18:10:47Z",
"nvd_published_at": "2022-11-02T15:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\nThe package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be appended to another.\n\n### Patches\nIt has been patched in 2.6.0 for muhammara and not at all for hummus\n\n### Workarounds\nDo not process files from untrusted sources\n\n### References\nPR: https://github.com/julianhille/MuhammaraJS/pull/194\nIssue: https://github.com/julianhille/MuhammaraJS/issues/191\nIssue in hummus: https://github.com/galkahana/HummusJS/issues/293\n\n### Outline differences to https://nvd.nist.gov/vuln/detail/CVE-2022-25892\n\nThe difference is one is in [src/deps/PDFWriter/PDFParser.cpp](https://github.com/julianhille/MuhammaraJS/commit/1890fb555eaf171db79b73fdc3ea543bbd63c002#diff-09ac2c64aeab42b14b2ae7b11a5648314286986f8c8444a5b3739ba7203b1e9b) and the other is [PDFDocumentHandler.cpp](https://github.com/julianhille/MuhammaraJS/pull/194/files#diff-38d338ea4c047fd7dd9a05b5ffe7c964f0fa7e79aff4c307ccee7596457b1ef2) both is a null pointer but for different cases\nThese are totally diffent issues, one is in reading a pdf the other is in appendending a maliciously crafted one. The function calls are different the versions in which they are solved are diffent. ",
"id": "GHSA-rcrx-fpjp-mfrw",
"modified": "2022-11-02T18:10:47Z",
"published": "2022-11-02T18:10:47Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/julianhille/MuhammaraJS/security/advisories/GHSA-rcrx-fpjp-mfrw"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39381"
},
{
"type": "WEB",
"url": "https://github.com/galkahana/HummusJS/issues/293"
},
{
"type": "WEB",
"url": "https://github.com/julianhille/MuhammaraJS/issues/191"
},
{
"type": "WEB",
"url": "https://github.com/julianhille/MuhammaraJS/pull/194"
},
{
"type": "WEB",
"url": "https://github.com/galkahana/HummusJS/commit/a9bf2520ab5abb69f9328906e406fbebfb36159a"
},
{
"type": "PACKAGE",
"url": "https://github.com/julianhille/MuhammaraJS"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Unchecked Return Value to NULL Pointer Dereference in PDFDocumentHandler.cpp"
}
GHSA-RF35-PM73-38Q6
Vulnerability from github – Published: 2022-05-14 03:05 – Updated: 2024-03-14 21:30The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
{
"affected": [],
"aliases": [
"CVE-2017-16532"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-11-04T01:29:00Z",
"severity": "HIGH"
},
"details": "The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.",
"id": "GHSA-rf35-pm73-38q6",
"modified": "2024-03-14T21:30:50Z",
"published": "2022-05-14T03:05:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16532"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/7c80f9e4a588f1925b07134bb2e3689335f6c6d8"
},
{
"type": "WEB",
"url": "https://groups.google.com/d/msg/syzkaller/l3870gs3LhA/y79DYQdFBAAJ"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3617-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3617-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3617-3"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3619-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3619-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3754-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RF4M-3J8Q-VC2W
Vulnerability from github – Published: 2025-05-09 09:33 – Updated: 2025-11-17 15:30In the Linux kernel, the following vulnerability has been resolved:
drm/amdkfd: debugfs hang_hws skip GPU with MES
debugfs hang_hws is used by GPU reset test with HWS, for MES this crash the kernel with NULL pointer access because dqm->packet_mgr is not setup for MES path.
Skip GPU with MES for now, MES hang_hws debugfs interface will be supported later.
{
"affected": [],
"aliases": [
"CVE-2025-37853"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-09T07:16:06Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: debugfs hang_hws skip GPU with MES\n\ndebugfs hang_hws is used by GPU reset test with HWS, for MES this crash\nthe kernel with NULL pointer access because dqm-\u003epacket_mgr is not setup\nfor MES path.\n\nSkip GPU with MES for now, MES hang_hws debugfs interface will be\nsupported later.",
"id": "GHSA-rf4m-3j8q-vc2w",
"modified": "2025-11-17T15:30:31Z",
"published": "2025-05-09T09:33:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37853"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1a322b330dc0b775d1d7a84e55c752d9451bfe7d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/24b9e0e2e6147314c22d821f0542c4dd9a320c40"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a36f8d544522a19ef06ed9e84667d154dcb6be52"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f84c57906f0fd2185e557d2552b20aa8430a4677"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fe9d0061c413f8fb8c529b18b592b04170850ded"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RF58-PP6R-5653
Vulnerability from github – Published: 2024-10-21 18:30 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
gso: fix udp gso fraglist segmentation after pull from frag_list
Detect gso fraglist skbs with corrupted geometry (see below) and pass these to skb_segment instead of skb_segment_list, as the first can segment them correctly.
Valid SKB_GSO_FRAGLIST skbs - consist of two or more segments - the head_skb holds the protocol headers plus first gso_size - one or more frag_list skbs hold exactly one segment - all but the last must be gso_size
Optional datapath hooks such as NAT and BPF (bpf_skb_pull_data) can modify these skbs, breaking these invariants.
In extreme cases they pull all data into skb linear. For UDP, this causes a NULL ptr deref in __udpv4_gso_segment_list_csum at udp_hdr(seg->next)->dest.
Detect invalid geometry due to pull, by checking head_skb size. Don't just drop, as this may blackhole a destination. Convert to be able to pass to regular skb_segment.
{
"affected": [],
"aliases": [
"CVE-2024-49978"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T18:15:18Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ngso: fix udp gso fraglist segmentation after pull from frag_list\n\nDetect gso fraglist skbs with corrupted geometry (see below) and\npass these to skb_segment instead of skb_segment_list, as the first\ncan segment them correctly.\n\nValid SKB_GSO_FRAGLIST skbs\n- consist of two or more segments\n- the head_skb holds the protocol headers plus first gso_size\n- one or more frag_list skbs hold exactly one segment\n- all but the last must be gso_size\n\nOptional datapath hooks such as NAT and BPF (bpf_skb_pull_data) can\nmodify these skbs, breaking these invariants.\n\nIn extreme cases they pull all data into skb linear. For UDP, this\ncauses a NULL ptr deref in __udpv4_gso_segment_list_csum at\nudp_hdr(seg-\u003enext)-\u003edest.\n\nDetect invalid geometry due to pull, by checking head_skb size.\nDon\u0027t just drop, as this may blackhole a destination. Convert to be\nable to pass to regular skb_segment.",
"id": "GHSA-rf58-pp6r-5653",
"modified": "2025-11-04T00:31:44Z",
"published": "2024-10-21T18:30:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49978"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/080e6c9a3908de193a48f646c5ce1bfb15676ffc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/33e28acf42ee863f332a958bfc2f1a284a3659df"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3cd00d2e3655fad3bda96dc1ebf17b6495f86fea"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a1e40ac5b5e9077fe1f7ae0eb88034db0f9ae1ab"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/af3122f5fdc0d00581d6e598a668df6bf54c9daa"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RF73-69VR-QXGJ
Vulnerability from github – Published: 2025-03-03 21:30 – Updated: 2025-03-03 21:30A vulnerability, which was classified as critical, was found in D-Link DAP-1562 1.10. This affects the function pure_auth_check of the component HTTP POST Request Handler. The manipulation of the argument a1 leads to null pointer dereference. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
{
"affected": [],
"aliases": [
"CVE-2025-1877"
],
"database_specific": {
"cwe_ids": [
"CWE-404",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-03T19:15:34Z",
"severity": "HIGH"
},
"details": "A vulnerability, which was classified as critical, was found in D-Link DAP-1562 1.10. This affects the function pure_auth_check of the component HTTP POST Request Handler. The manipulation of the argument a1 leads to null pointer dereference. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.",
"id": "GHSA-rf73-69vr-qxgj",
"modified": "2025-03-03T21:30:59Z",
"published": "2025-03-03T21:30:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1877"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.298191"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.298191"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.506526"
},
{
"type": "WEB",
"url": "https://witty-maiasaura-083.notion.site/D-link-DAP-1562-pure_auth_check-Vulnerability-1a5b2f2a63618013a1fecb743f2d0667"
},
{
"type": "WEB",
"url": "https://www.dlink.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-RF84-F276-HXMW
Vulnerability from github – Published: 2024-12-27 15:31 – Updated: 2025-01-07 18:30In the Linux kernel, the following vulnerability has been resolved:
erofs: fix file-backed mounts over FUSE
syzbot reported a null-ptr-deref in fuse_read_args_fill: fuse_read_folio+0xb0/0x100 fs/fuse/file.c:905 filemap_read_folio+0xc6/0x2a0 mm/filemap.c:2367 do_read_cache_folio+0x263/0x5c0 mm/filemap.c:3825 read_mapping_folio include/linux/pagemap.h:1011 [inline] erofs_bread+0x34d/0x7e0 fs/erofs/data.c:41 erofs_read_superblock fs/erofs/super.c:281 [inline] erofs_fc_fill_super+0x2b9/0x2500 fs/erofs/super.c:625
Unlike most filesystems, some network filesystems and FUSE need
unavoidable valid file pointers for their read I/Os [1].
Anyway, those use cases need to be supported too.
[1] https://docs.kernel.org/filesystems/vfs.html
{
"affected": [],
"aliases": [
"CVE-2024-53235"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T14:15:31Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix file-backed mounts over FUSE\n\nsyzbot reported a null-ptr-deref in fuse_read_args_fill:\n fuse_read_folio+0xb0/0x100 fs/fuse/file.c:905\n filemap_read_folio+0xc6/0x2a0 mm/filemap.c:2367\n do_read_cache_folio+0x263/0x5c0 mm/filemap.c:3825\n read_mapping_folio include/linux/pagemap.h:1011 [inline]\n erofs_bread+0x34d/0x7e0 fs/erofs/data.c:41\n erofs_read_superblock fs/erofs/super.c:281 [inline]\n erofs_fc_fill_super+0x2b9/0x2500 fs/erofs/super.c:625\n\nUnlike most filesystems, some network filesystems and FUSE need\nunavoidable valid `file` pointers for their read I/Os [1].\nAnyway, those use cases need to be supported too.\n\n[1] https://docs.kernel.org/filesystems/vfs.html",
"id": "GHSA-rf84-f276-hxmw",
"modified": "2025-01-07T18:30:48Z",
"published": "2024-12-27T15:31:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53235"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3a23787ca8756920d65fda39f41353a4be1d1642"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5036f2f024cac40a02ea6ea70de2c3a4407d16bc"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RF85-MCVW-MW7J
Vulnerability from github – Published: 2025-03-03 18:31 – Updated: 2025-03-05 15:30Paragon Partition Manager version 7.9.1 contains a null pointer dereference vulnerability within biontdrv.sys that is caused by a lack of a valid MasterLrp structure in the input buffer, allowing an attacker to execute arbitrary code in the kernel, facilitating privilege escalation.
{
"affected": [],
"aliases": [
"CVE-2025-0287"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-03T17:15:13Z",
"severity": "MODERATE"
},
"details": "Paragon Partition Manager version 7.9.1 contains a null pointer dereference vulnerability within biontdrv.sys that is caused by a lack of a valid MasterLrp structure in the input buffer, allowing an attacker to execute arbitrary code in the kernel, facilitating privilege escalation.",
"id": "GHSA-rf85-mcvw-mw7j",
"modified": "2025-03-05T15:30:52Z",
"published": "2025-03-03T18:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0287"
},
{
"type": "WEB",
"url": "https://paragon-software.zendesk.com/hc/en-us/articles/32993902732817-IMPORTANT-Paragon-Driver-Security-Patch-for-All-Products-of-Hard-Disk-Manager-Product-Line-Biontdrv-sys"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/726882"
},
{
"type": "WEB",
"url": "https://www.paragon-software.com/support/#patches"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RF8C-7G59-3M3M
Vulnerability from github – Published: 2022-05-03 03:20 – Updated: 2022-05-03 03:20The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."
{
"affected": [],
"aliases": [
"CVE-2009-1387"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2009-06-04T16:30:00Z",
"severity": "MODERATE"
},
"details": "The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a \"fragment bug.\"",
"id": "GHSA-rf8c-7g59-3m3m",
"modified": "2022-05-03T03:20:27Z",
"published": "2022-05-03T03:20:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1387"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10740"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7592"
},
{
"type": "WEB",
"url": "http://cvs.openssl.org/chngview?cn=17958"
},
{
"type": "WEB",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"type": "WEB",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"type": "WEB",
"url": "http://rt.openssl.org/Ticket/Display.html?id=1838\u0026user=guest\u0026pass=guest"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/35571"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/35685"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/35729"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/36533"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/37003"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/38794"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/38834"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
},
{
"type": "WEB",
"url": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net"
},
{
"type": "WEB",
"url": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2009/06/02/1"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-792-1"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/0528"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-RF9P-3VX3-92RP
Vulnerability from github – Published: 2025-11-12 21:31 – Updated: 2025-11-13 18:31A null pointer dereference vulnerability exists in airpig2011 IEC104 thru Commit be6d841 (2019-07-08). When multiple threads enqueue elements concurrently via IEC10X_PrioEnQueue, the function may dereference a null or freed queue pointer, resulting in a segmentation fault and potential denial-of-service.
{
"affected": [],
"aliases": [
"CVE-2025-63929"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-12T19:15:37Z",
"severity": "HIGH"
},
"details": "A null pointer dereference vulnerability exists in airpig2011 IEC104 thru Commit be6d841 (2019-07-08). When multiple threads enqueue elements concurrently via IEC10X_PrioEnQueue, the function may dereference a null or freed queue pointer, resulting in a segmentation fault and potential denial-of-service.",
"id": "GHSA-rf9p-3vx3-92rp",
"modified": "2025-11-13T18:31:03Z",
"published": "2025-11-12T21:31:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-63929"
},
{
"type": "WEB",
"url": "https://github.com/airpig2011/IEC104/issues/21"
},
{
"type": "WEB",
"url": "https://songsong.host/mybugs/CVE-2025-63929.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.