CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-VJ6W-P4M3-PJ3W
Vulnerability from github – Published: 2022-05-14 01:06 – Updated: 2022-05-14 01:06There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.
{
"affected": [],
"aliases": [
"CVE-2018-10768"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-05-06T23:29:00Z",
"severity": "MODERATE"
},
"details": "There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.",
"id": "GHSA-vj6w-p4m3-pj3w",
"modified": "2022-05-14T01:06:51Z",
"published": "2022-05-14T01:06:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10768"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHBA-2019:0327"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3140"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"type": "WEB",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=106408"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3647-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VJ77-7VG3-HGXM
Vulnerability from github – Published: 2026-06-10 06:30 – Updated: 2026-06-17 18:35A NULL pointer dereference vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5208 and later
{
"affected": [],
"aliases": [
"CVE-2026-22899"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-10T04:17:16Z",
"severity": "MODERATE"
},
"details": "A NULL pointer dereference vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.5208 and later",
"id": "GHSA-vj77-7vg3-hgxm",
"modified": "2026-06-17T18:35:20Z",
"published": "2026-06-10T06:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22899"
},
{
"type": "WEB",
"url": "https://www.qnap.com/en/security-advisory/qsa-26-10"
},
{
"type": "WEB",
"url": "https://www.qnap.com/en/security-advisory/qsa-26-19"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-VJ7W-CQ55-7H2M
Vulnerability from github – Published: 2024-06-20 12:31 – Updated: 2024-10-29 21:30In the Linux kernel, the following vulnerability has been resolved:
arm64: extable: fix load_unaligned_zeropad() reg indices
In ex_handler_load_unaligned_zeropad() we erroneously extract the data and addr register indices from ex->type rather than ex->data. As ex->type will contain EX_TYPE_LOAD_UNALIGNED_ZEROPAD (i.e. 4): * We'll always treat X0 as the address register, since EX_DATA_REG_ADDR is extracted from bits [9:5]. Thus, we may attempt to dereference an arbitrary address as X0 may hold an arbitrary value. * We'll always treat X4 as the data register, since EX_DATA_REG_DATA is extracted from bits [4:0]. Thus we will corrupt X4 and cause arbitrary behaviour within load_unaligned_zeropad() and its caller.
Fix this by extracting both values from ex->data as originally intended.
On an MTE-enabled QEMU image we are hitting the following crash: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Call trace: fixup_exception+0xc4/0x108 __do_kernel_fault+0x3c/0x268 do_tag_check_fault+0x3c/0x104 do_mem_abort+0x44/0xf4 el1_abort+0x40/0x64 el1h_64_sync_handler+0x60/0xa0 el1h_64_sync+0x7c/0x80 link_path_walk+0x150/0x344 path_openat+0xa0/0x7dc do_filp_open+0xb8/0x168 do_sys_openat2+0x88/0x17c __arm64_sys_openat+0x74/0xa0 invoke_syscall+0x48/0x148 el0_svc_common+0xb8/0xf8 do_el0_svc+0x28/0x88 el0_svc+0x24/0x84 el0t_64_sync_handler+0x88/0xec el0t_64_sync+0x1b4/0x1b8 Code: f8695a69 71007d1f 540000e0 927df12a (f940014a)
{
"affected": [],
"aliases": [
"CVE-2022-48762"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-20T12:15:14Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: extable: fix load_unaligned_zeropad() reg indices\n\nIn ex_handler_load_unaligned_zeropad() we erroneously extract the data and\naddr register indices from ex-\u003etype rather than ex-\u003edata. As ex-\u003etype will\ncontain EX_TYPE_LOAD_UNALIGNED_ZEROPAD (i.e. 4):\n * We\u0027ll always treat X0 as the address register, since EX_DATA_REG_ADDR is\n extracted from bits [9:5]. Thus, we may attempt to dereference an\n arbitrary address as X0 may hold an arbitrary value.\n * We\u0027ll always treat X4 as the data register, since EX_DATA_REG_DATA is\n extracted from bits [4:0]. Thus we will corrupt X4 and cause arbitrary\n behaviour within load_unaligned_zeropad() and its caller.\n\nFix this by extracting both values from ex-\u003edata as originally intended.\n\nOn an MTE-enabled QEMU image we are hitting the following crash:\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n Call trace:\n fixup_exception+0xc4/0x108\n __do_kernel_fault+0x3c/0x268\n do_tag_check_fault+0x3c/0x104\n do_mem_abort+0x44/0xf4\n el1_abort+0x40/0x64\n el1h_64_sync_handler+0x60/0xa0\n el1h_64_sync+0x7c/0x80\n link_path_walk+0x150/0x344\n path_openat+0xa0/0x7dc\n do_filp_open+0xb8/0x168\n do_sys_openat2+0x88/0x17c\n __arm64_sys_openat+0x74/0xa0\n invoke_syscall+0x48/0x148\n el0_svc_common+0xb8/0xf8\n do_el0_svc+0x28/0x88\n el0_svc+0x24/0x84\n el0t_64_sync_handler+0x88/0xec\n el0t_64_sync+0x1b4/0x1b8\n Code: f8695a69 71007d1f 540000e0 927df12a (f940014a)",
"id": "GHSA-vj7w-cq55-7h2m",
"modified": "2024-10-29T21:30:47Z",
"published": "2024-06-20T12:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48762"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3758a6c74e08bdc15ccccd6872a6ad37d165239a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/47fe7a1c5e3e011eeb4ab79f2d54a794fdd1c3eb"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VJ86-92J3-RR4C
Vulnerability from github – Published: 2022-05-02 03:29 – Updated: 2022-05-02 03:29The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service (crash) via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference.
{
"affected": [],
"aliases": [
"CVE-2009-1902"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2009-06-03T17:00:00Z",
"severity": "MODERATE"
},
"details": "The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service (crash) via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference.",
"id": "GHSA-vj86-92j3-rr4c",
"modified": "2022-05-02T03:29:43Z",
"published": "2022-05-02T03:29:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1902"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49212"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/8241"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00487.html"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00529.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/34256"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/34311"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/35687"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-200907-02.xml"
},
{
"type": "WEB",
"url": "http://sourceforge.net/project/shownotes.php?release_id=667542\u0026group_id=68846"
},
{
"type": "WEB",
"url": "http://www.osvdb.org/52553"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/501968"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/34096"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2009/0703"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VJ8H-CVFH-V55G
Vulnerability from github – Published: 2022-05-13 01:16 – Updated: 2022-05-13 01:16convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.
{
"affected": [],
"aliases": [
"CVE-2016-7445"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-10-03T16:09:00Z",
"severity": "HIGH"
},
"details": "convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.",
"id": "GHSA-vj8h-cvfh-v55g",
"modified": "2022-05-13T01:16:24Z",
"published": "2022-05-13T01:16:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7445"
},
{
"type": "WEB",
"url": "https://github.com/uclouvain/openjpeg/issues/843"
},
{
"type": "WEB",
"url": "https://github.com/uclouvain/openjpeg/blob/openjpeg-2.1/CHANGELOG.md"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201612-26"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00109.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/09/18/4"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/09/18/6"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/93040"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VJCW-7F57-9VVV
Vulnerability from github – Published: 2025-08-16 12:30 – Updated: 2026-01-07 18:30In the Linux kernel, the following vulnerability has been resolved:
kasan: remove kasan_find_vm_area() to prevent possible deadlock
find_vm_area() couldn't be called in atomic_context. If find_vm_area() is called to reports vm area information, kasan can trigger deadlock like:
CPU0 CPU1 vmalloc(); alloc_vmap_area(); spin_lock(&vn->busy.lock) spin_lock_bh(&some_lock); spin_lock(&some_lock); kasan_report(); print_report(); print_address_description(); kasan_find_vm_area(); find_vm_area(); spin_lock(&vn->busy.lock) // deadlock!
To prevent possible deadlock while kasan reports, remove kasan_find_vm_area().
{
"affected": [],
"aliases": [
"CVE-2025-38510"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-16T11:15:44Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nkasan: remove kasan_find_vm_area() to prevent possible deadlock\n\nfind_vm_area() couldn\u0027t be called in atomic_context. If find_vm_area() is\ncalled to reports vm area information, kasan can trigger deadlock like:\n\nCPU0 CPU1\nvmalloc();\n alloc_vmap_area();\n spin_lock(\u0026vn-\u003ebusy.lock)\n spin_lock_bh(\u0026some_lock);\n \u003cinterrupt occurs\u003e\n \u003cin softirq\u003e\n spin_lock(\u0026some_lock);\n \u003caccess invalid address\u003e\n kasan_report();\n print_report();\n print_address_description();\n kasan_find_vm_area();\n find_vm_area();\n spin_lock(\u0026vn-\u003ebusy.lock) // deadlock!\n\nTo prevent possible deadlock while kasan reports, remove kasan_find_vm_area().",
"id": "GHSA-vjcw-7f57-9vvv",
"modified": "2026-01-07T18:30:19Z",
"published": "2025-08-16T12:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38510"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0c3566d831def922cd56322c772a7b20d8b0e0c0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2d89dab1ea6086e6cbe6fe92531b496fb6808cb9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/595f78d99b9051600233c0a5c4c47e1097e6ed01"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6ee9b3d84775944fb8c8a447961cd01274ac671c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8377d7744bdce5c4b3f1b58924eebd3fdc078dfc"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VJFF-GPGV-HF96
Vulnerability from github – Published: 2022-05-24 17:04 – Updated: 2022-05-24 17:04multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.
{
"affected": [],
"aliases": [
"CVE-2019-19926"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-12-23T01:15:00Z",
"severity": "MODERATE"
},
"details": "multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.",
"id": "GHSA-vjff-gpgv-hf96",
"modified": "2022-05-24T17:04:54Z",
"published": "2022-05-24T17:04:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19926"
},
{
"type": "WEB",
"url": "https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0514"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200114-0003"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4298-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4298-2"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4638"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VJGG-3F8R-G7RM
Vulnerability from github – Published: 2025-01-11 15:30 – Updated: 2025-11-03 21:32In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: don't access invalid sched
Since 2320c9e6a768 ("drm/sched: memset() 'job' in drm_sched_job_init()") accessing job->base.sched can produce unexpected results as the initialisation of (*job)->base.sched done in amdgpu_job_alloc is overwritten by the memset.
This commit fixes an issue when a CS would fail validation and would be rejected after job->num_ibs is incremented. In this case, amdgpu_ib_free(ring->adev, ...) will be called, which would crash the machine because the ring value is bogus.
To fix this, pass a NULL pointer to amdgpu_ib_free(): we can do this because the device is actually not used in this function.
The next commit will remove the ring argument completely.
(cherry picked from commit 2ae520cb12831d264ceb97c61f72c59d33c0dbd7)
{
"affected": [],
"aliases": [
"CVE-2024-46896"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-11T13:15:21Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: don\u0027t access invalid sched\n\nSince 2320c9e6a768 (\"drm/sched: memset() \u0027job\u0027 in drm_sched_job_init()\")\naccessing job-\u003ebase.sched can produce unexpected results as the initialisation\nof (*job)-\u003ebase.sched done in amdgpu_job_alloc is overwritten by the\nmemset.\n\nThis commit fixes an issue when a CS would fail validation and would\nbe rejected after job-\u003enum_ibs is incremented. In this case,\namdgpu_ib_free(ring-\u003eadev, ...) will be called, which would crash the\nmachine because the ring value is bogus.\n\nTo fix this, pass a NULL pointer to amdgpu_ib_free(): we can do this\nbecause the device is actually not used in this function.\n\nThe next commit will remove the ring argument completely.\n\n(cherry picked from commit 2ae520cb12831d264ceb97c61f72c59d33c0dbd7)",
"id": "GHSA-vjgg-3f8r-g7rm",
"modified": "2025-11-03T21:32:07Z",
"published": "2025-01-11T15:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46896"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/65501a4fd84ecdc0af863dbb37759242aab9f2dd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/67291d601f2b032062b1b2f60ffef1b63e10094c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a93b1020eb9386d7da11608477121b10079c076a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/da6b2c626ae73c303378ce9eaf6e3eaf16c9925a"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VJH2-VP2W-JHXR
Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2022-05-24 17:47An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.
{
"affected": [],
"aliases": [
"CVE-2021-30485"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-11T16:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.",
"id": "GHSA-vjh2-vp2w-jhxr",
"modified": "2022-05-24T17:47:05Z",
"published": "2022-05-24T17:47:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30485"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00005.html"
},
{
"type": "WEB",
"url": "https://sourceforge.net/p/ezxml/bugs/25"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VJHF-6XFR-5P9G
Vulnerability from github – Published: 2024-04-03 15:30 – Updated: 2024-04-03 18:46A NULL pointer dereference flaw was found in KubeVirt. This flaw allows an attacker who has access to a virtual machine guest on a node with DownwardMetrics enabled to cause a denial of service by issuing a high number of calls to vm-dump-metrics --virtio and then deleting the virtual machine.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "kubevirt.io/kubevirt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.2.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-31420"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-03T18:04:42Z",
"nvd_published_at": "2024-04-03T14:15:18Z",
"severity": "MODERATE"
},
"details": "A NULL pointer dereference flaw was found in KubeVirt. This flaw allows an attacker who has access to a virtual machine guest on a node with DownwardMetrics enabled to cause a denial of service by issuing a high number of calls to vm-dump-metrics --virtio and then deleting the virtual machine.",
"id": "GHSA-vjhf-6xfr-5p9g",
"modified": "2024-04-03T18:46:15Z",
"published": "2024-04-03T15:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31420"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-31420"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272951"
},
{
"type": "PACKAGE",
"url": "https://github.com/kubevirt/kubevirt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "KubeVirt NULL pointer dereference flaw"
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.