Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-RCR7-P7PF-H84M

Vulnerability from github – Published: 2022-05-17 00:12 – Updated: 2022-05-17 00:12
VLAI
Details

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer dereference and application crash) against directory authorities via a malformed descriptor, aka TROVE-2017-010.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-8820"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-12-03T07:29:00Z",
    "severity": "HIGH"
  },
  "details": "In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer dereference and application crash) against directory authorities via a malformed descriptor, aka TROVE-2017-010.",
  "id": "GHSA-rcr7-p7pf-h84m",
  "modified": "2022-05-17T00:12:00Z",
  "published": "2022-05-17T00:12:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8820"
    },
    {
      "type": "WEB",
      "url": "https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516"
    },
    {
      "type": "WEB",
      "url": "https://bugs.torproject.org/24245"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2017/dsa-4054"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RCRX-FPJP-MFRW

Vulnerability from github – Published: 2022-11-02 18:10 – Updated: 2022-11-02 18:10
VLAI
Summary
Unchecked Return Value to NULL Pointer Dereference in PDFDocumentHandler.cpp
Details

Impact

The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be appended to another.

Patches

It has been patched in 2.6.0 for muhammara and not at all for hummus

Workarounds

Do not process files from untrusted sources

References

PR: https://github.com/julianhille/MuhammaraJS/pull/194 Issue: https://github.com/julianhille/MuhammaraJS/issues/191 Issue in hummus: https://github.com/galkahana/HummusJS/issues/293

Outline differences to https://nvd.nist.gov/vuln/detail/CVE-2022-25892

The difference is one is in src/deps/PDFWriter/PDFParser.cpp and the other is PDFDocumentHandler.cpp both is a null pointer but for different cases These are totally diffent issues, one is in reading a pdf the other is in appendending a maliciously crafted one. The function calls are different the versions in which they are solved are diffent.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "muhammara"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.6.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "hummus"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.111"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-39381"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476",
      "CWE-690"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-02T18:10:47Z",
    "nvd_published_at": "2022-11-02T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nThe package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be appended to another.\n\n### Patches\nIt has been patched in 2.6.0 for muhammara and not at all for hummus\n\n### Workarounds\nDo not process files from untrusted sources\n\n### References\nPR: https://github.com/julianhille/MuhammaraJS/pull/194\nIssue: https://github.com/julianhille/MuhammaraJS/issues/191\nIssue in hummus: https://github.com/galkahana/HummusJS/issues/293\n\n### Outline differences to https://nvd.nist.gov/vuln/detail/CVE-2022-25892\n\nThe difference is one is in [src/deps/PDFWriter/PDFParser.cpp](https://github.com/julianhille/MuhammaraJS/commit/1890fb555eaf171db79b73fdc3ea543bbd63c002#diff-09ac2c64aeab42b14b2ae7b11a5648314286986f8c8444a5b3739ba7203b1e9b) and the other is [PDFDocumentHandler.cpp](https://github.com/julianhille/MuhammaraJS/pull/194/files#diff-38d338ea4c047fd7dd9a05b5ffe7c964f0fa7e79aff4c307ccee7596457b1ef2) both is a null pointer but for different cases\nThese are totally diffent issues, one is in reading a pdf the other is in appendending a maliciously crafted one. The function calls are different the versions in which they are solved are diffent. ",
  "id": "GHSA-rcrx-fpjp-mfrw",
  "modified": "2022-11-02T18:10:47Z",
  "published": "2022-11-02T18:10:47Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/julianhille/MuhammaraJS/security/advisories/GHSA-rcrx-fpjp-mfrw"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39381"
    },
    {
      "type": "WEB",
      "url": "https://github.com/galkahana/HummusJS/issues/293"
    },
    {
      "type": "WEB",
      "url": "https://github.com/julianhille/MuhammaraJS/issues/191"
    },
    {
      "type": "WEB",
      "url": "https://github.com/julianhille/MuhammaraJS/pull/194"
    },
    {
      "type": "WEB",
      "url": "https://github.com/galkahana/HummusJS/commit/a9bf2520ab5abb69f9328906e406fbebfb36159a"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/julianhille/MuhammaraJS"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Unchecked Return Value to NULL Pointer Dereference in PDFDocumentHandler.cpp"
}

GHSA-RF35-PM73-38Q6

Vulnerability from github – Published: 2022-05-14 03:05 – Updated: 2024-03-14 21:30
VLAI
Details

The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-16532"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-11-04T01:29:00Z",
    "severity": "HIGH"
  },
  "details": "The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.",
  "id": "GHSA-rf35-pm73-38q6",
  "modified": "2024-03-14T21:30:50Z",
  "published": "2022-05-14T03:05:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16532"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/7c80f9e4a588f1925b07134bb2e3689335f6c6d8"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/d/msg/syzkaller/l3870gs3LhA/y79DYQdFBAAJ"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3617-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3617-2"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3617-3"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3619-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3619-2"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3754-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RF4M-3J8Q-VC2W

Vulnerability from github – Published: 2025-05-09 09:33 – Updated: 2025-11-17 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amdkfd: debugfs hang_hws skip GPU with MES

debugfs hang_hws is used by GPU reset test with HWS, for MES this crash the kernel with NULL pointer access because dqm->packet_mgr is not setup for MES path.

Skip GPU with MES for now, MES hang_hws debugfs interface will be supported later.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-37853"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-09T07:16:06Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: debugfs hang_hws skip GPU with MES\n\ndebugfs hang_hws is used by GPU reset test with HWS, for MES this crash\nthe kernel with NULL pointer access because dqm-\u003epacket_mgr is not setup\nfor MES path.\n\nSkip GPU with MES for now, MES hang_hws debugfs interface will be\nsupported later.",
  "id": "GHSA-rf4m-3j8q-vc2w",
  "modified": "2025-11-17T15:30:31Z",
  "published": "2025-05-09T09:33:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37853"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1a322b330dc0b775d1d7a84e55c752d9451bfe7d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/24b9e0e2e6147314c22d821f0542c4dd9a320c40"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a36f8d544522a19ef06ed9e84667d154dcb6be52"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f84c57906f0fd2185e557d2552b20aa8430a4677"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fe9d0061c413f8fb8c529b18b592b04170850ded"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RF58-PP6R-5653

Vulnerability from github – Published: 2024-10-21 18:30 – Updated: 2025-11-04 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

gso: fix udp gso fraglist segmentation after pull from frag_list

Detect gso fraglist skbs with corrupted geometry (see below) and pass these to skb_segment instead of skb_segment_list, as the first can segment them correctly.

Valid SKB_GSO_FRAGLIST skbs - consist of two or more segments - the head_skb holds the protocol headers plus first gso_size - one or more frag_list skbs hold exactly one segment - all but the last must be gso_size

Optional datapath hooks such as NAT and BPF (bpf_skb_pull_data) can modify these skbs, breaking these invariants.

In extreme cases they pull all data into skb linear. For UDP, this causes a NULL ptr deref in __udpv4_gso_segment_list_csum at udp_hdr(seg->next)->dest.

Detect invalid geometry due to pull, by checking head_skb size. Don't just drop, as this may blackhole a destination. Convert to be able to pass to regular skb_segment.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49978"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T18:15:18Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ngso: fix udp gso fraglist segmentation after pull from frag_list\n\nDetect gso fraglist skbs with corrupted geometry (see below) and\npass these to skb_segment instead of skb_segment_list, as the first\ncan segment them correctly.\n\nValid SKB_GSO_FRAGLIST skbs\n- consist of two or more segments\n- the head_skb holds the protocol headers plus first gso_size\n- one or more frag_list skbs hold exactly one segment\n- all but the last must be gso_size\n\nOptional datapath hooks such as NAT and BPF (bpf_skb_pull_data) can\nmodify these skbs, breaking these invariants.\n\nIn extreme cases they pull all data into skb linear. For UDP, this\ncauses a NULL ptr deref in __udpv4_gso_segment_list_csum at\nudp_hdr(seg-\u003enext)-\u003edest.\n\nDetect invalid geometry due to pull, by checking head_skb size.\nDon\u0027t just drop, as this may blackhole a destination. Convert to be\nable to pass to regular skb_segment.",
  "id": "GHSA-rf58-pp6r-5653",
  "modified": "2025-11-04T00:31:44Z",
  "published": "2024-10-21T18:30:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49978"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/080e6c9a3908de193a48f646c5ce1bfb15676ffc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/33e28acf42ee863f332a958bfc2f1a284a3659df"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3cd00d2e3655fad3bda96dc1ebf17b6495f86fea"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a1e40ac5b5e9077fe1f7ae0eb88034db0f9ae1ab"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/af3122f5fdc0d00581d6e598a668df6bf54c9daa"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RF73-69VR-QXGJ

Vulnerability from github – Published: 2025-03-03 21:30 – Updated: 2025-03-03 21:30
VLAI
Details

A vulnerability, which was classified as critical, was found in D-Link DAP-1562 1.10. This affects the function pure_auth_check of the component HTTP POST Request Handler. The manipulation of the argument a1 leads to null pointer dereference. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-1877"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-404",
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-03T19:15:34Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability, which was classified as critical, was found in D-Link DAP-1562 1.10. This affects the function pure_auth_check of the component HTTP POST Request Handler. The manipulation of the argument a1 leads to null pointer dereference. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.",
  "id": "GHSA-rf73-69vr-qxgj",
  "modified": "2025-03-03T21:30:59Z",
  "published": "2025-03-03T21:30:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1877"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.298191"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.298191"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.506526"
    },
    {
      "type": "WEB",
      "url": "https://witty-maiasaura-083.notion.site/D-link-DAP-1562-pure_auth_check-Vulnerability-1a5b2f2a63618013a1fecb743f2d0667"
    },
    {
      "type": "WEB",
      "url": "https://www.dlink.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-RF84-F276-HXMW

Vulnerability from github – Published: 2024-12-27 15:31 – Updated: 2025-01-07 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

erofs: fix file-backed mounts over FUSE

syzbot reported a null-ptr-deref in fuse_read_args_fill: fuse_read_folio+0xb0/0x100 fs/fuse/file.c:905 filemap_read_folio+0xc6/0x2a0 mm/filemap.c:2367 do_read_cache_folio+0x263/0x5c0 mm/filemap.c:3825 read_mapping_folio include/linux/pagemap.h:1011 [inline] erofs_bread+0x34d/0x7e0 fs/erofs/data.c:41 erofs_read_superblock fs/erofs/super.c:281 [inline] erofs_fc_fill_super+0x2b9/0x2500 fs/erofs/super.c:625

Unlike most filesystems, some network filesystems and FUSE need unavoidable valid file pointers for their read I/Os [1]. Anyway, those use cases need to be supported too.

[1] https://docs.kernel.org/filesystems/vfs.html

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-53235"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-27T14:15:31Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix file-backed mounts over FUSE\n\nsyzbot reported a null-ptr-deref in fuse_read_args_fill:\n fuse_read_folio+0xb0/0x100 fs/fuse/file.c:905\n filemap_read_folio+0xc6/0x2a0 mm/filemap.c:2367\n do_read_cache_folio+0x263/0x5c0 mm/filemap.c:3825\n read_mapping_folio include/linux/pagemap.h:1011 [inline]\n erofs_bread+0x34d/0x7e0 fs/erofs/data.c:41\n erofs_read_superblock fs/erofs/super.c:281 [inline]\n erofs_fc_fill_super+0x2b9/0x2500 fs/erofs/super.c:625\n\nUnlike most filesystems, some network filesystems and FUSE need\nunavoidable valid `file` pointers for their read I/Os [1].\nAnyway, those use cases need to be supported too.\n\n[1] https://docs.kernel.org/filesystems/vfs.html",
  "id": "GHSA-rf84-f276-hxmw",
  "modified": "2025-01-07T18:30:48Z",
  "published": "2024-12-27T15:31:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53235"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3a23787ca8756920d65fda39f41353a4be1d1642"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5036f2f024cac40a02ea6ea70de2c3a4407d16bc"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RF85-MCVW-MW7J

Vulnerability from github – Published: 2025-03-03 18:31 – Updated: 2025-03-05 15:30
VLAI
Details

Paragon Partition Manager version 7.9.1 contains a null pointer dereference vulnerability within biontdrv.sys that is caused by a lack of a valid MasterLrp structure in the input buffer, allowing an attacker to execute arbitrary code in the kernel, facilitating privilege escalation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-0287"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-03T17:15:13Z",
    "severity": "MODERATE"
  },
  "details": "Paragon Partition Manager version 7.9.1 contains a null pointer dereference vulnerability within biontdrv.sys that is caused by a lack of a valid MasterLrp structure in the input buffer, allowing an attacker to execute arbitrary code in the kernel, facilitating privilege escalation.",
  "id": "GHSA-rf85-mcvw-mw7j",
  "modified": "2025-03-05T15:30:52Z",
  "published": "2025-03-03T18:31:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0287"
    },
    {
      "type": "WEB",
      "url": "https://paragon-software.zendesk.com/hc/en-us/articles/32993902732817-IMPORTANT-Paragon-Driver-Security-Patch-for-All-Products-of-Hard-Disk-Manager-Product-Line-Biontdrv-sys"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/726882"
    },
    {
      "type": "WEB",
      "url": "https://www.paragon-software.com/support/#patches"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RF8C-7G59-3M3M

Vulnerability from github – Published: 2022-05-03 03:20 – Updated: 2022-05-03 03:20
VLAI
Details

The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2009-1387"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-06-04T16:30:00Z",
    "severity": "MODERATE"
  },
  "details": "The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a \"fragment bug.\"",
  "id": "GHSA-rf8c-7g59-3m3m",
  "modified": "2022-05-03T03:20:27Z",
  "published": "2022-05-03T03:20:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1387"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10740"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7592"
    },
    {
      "type": "WEB",
      "url": "http://cvs.openssl.org/chngview?cn=17958"
    },
    {
      "type": "WEB",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
    },
    {
      "type": "WEB",
      "url": "http://rt.openssl.org/Ticket/Display.html?id=1838\u0026user=guest\u0026pass=guest"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35571"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35685"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35729"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36533"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37003"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38794"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38834"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
    },
    {
      "type": "WEB",
      "url": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net"
    },
    {
      "type": "WEB",
      "url": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2009/06/02/1"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-792-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0528"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-RF9P-3VX3-92RP

Vulnerability from github – Published: 2025-11-12 21:31 – Updated: 2025-11-13 18:31
VLAI
Details

A null pointer dereference vulnerability exists in airpig2011 IEC104 thru Commit be6d841 (2019-07-08). When multiple threads enqueue elements concurrently via IEC10X_PrioEnQueue, the function may dereference a null or freed queue pointer, resulting in a segmentation fault and potential denial-of-service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-63929"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-12T19:15:37Z",
    "severity": "HIGH"
  },
  "details": "A null pointer dereference vulnerability exists in airpig2011 IEC104 thru Commit be6d841 (2019-07-08). When multiple threads enqueue elements concurrently via IEC10X_PrioEnQueue, the function may dereference a null or freed queue pointer, resulting in a segmentation fault and potential denial-of-service.",
  "id": "GHSA-rf9p-3vx3-92rp",
  "modified": "2025-11-13T18:31:03Z",
  "published": "2025-11-12T21:31:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-63929"
    },
    {
      "type": "WEB",
      "url": "https://github.com/airpig2011/IEC104/issues/21"
    },
    {
      "type": "WEB",
      "url": "https://songsong.host/mybugs/CVE-2025-63929.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.