Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-VVQ6-GVX5-C36Q

Vulnerability from github – Published: 2022-05-13 01:27 – Updated: 2022-05-13 01:27
VLAI
Details

FreeRDP before 1.1.0-beta+2013071101 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by disconnecting before authentication has finished.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2013-4119"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-10-03T21:59:00Z",
    "severity": "HIGH"
  },
  "details": "FreeRDP before 1.1.0-beta+2013071101 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by disconnecting before authentication has finished.",
  "id": "GHSA-vvq6-gvx5-c36q",
  "modified": "2022-05-13T01:27:59Z",
  "published": "2022-05-13T01:27:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4119"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FreeRDP/FreeRDP/commit/0773bb9303d24473fe1185d85a424dfe159aff53"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2013/07/11/12"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2013/07/12/2"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/61072"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VVWR-MG55-MHMM

Vulnerability from github – Published: 2026-05-28 12:30 – Updated: 2026-06-10 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

batman-adv: bla: only purge non-released claims

When batadv_bla_purge_claims() goes through the list of claims, it is only traversing the hash list with an rcu_read_lock(). Due to a potential parallel batadv_claim_put(), it can happen that it encounters a claim which was actually in the process of being released+freed by batadv_claim_release(). In this case, backbone_gw is set to NULL before the delayed RCU kfree is started. Calling batadv_bla_claim_get_backbone_gw() is then no longer allowed because it would cause a NULL-ptr derefence.

To avoid this, only claims with a valid reference counter must be purged. All others are already taken care of.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-46233"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-28T10:16:38Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: bla: only purge non-released claims\n\nWhen batadv_bla_purge_claims() goes through the list of claims, it is only\ntraversing the hash list with an rcu_read_lock(). Due to a potential\nparallel batadv_claim_put(), it can happen that it encounters a claim which\nwas actually in the process of being released+freed by\nbatadv_claim_release(). In this case, backbone_gw is set to NULL before the\ndelayed RCU kfree is started. Calling batadv_bla_claim_get_backbone_gw() is\nthen no longer allowed because it would cause a NULL-ptr derefence.\n\nTo avoid this, only claims with a valid reference counter must be purged.\nAll others are already taken care of.",
  "id": "GHSA-vvwr-mg55-mhmm",
  "modified": "2026-06-10T21:31:26Z",
  "published": "2026-05-28T12:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46233"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6725c523a35eeca611ff37e7d4a8712fae92aefd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7b7ebb7222a5524ce58e48cc9c6d688320ea6cfe"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7b8fbcee3184d848b5aee085ca16d0cf05c9b641"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a9f58d5e3261f3deeae69ec1e237f38ef3ff5cbe"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ab3dbd07a809a8eb30c7ddfab9ac886ed30dce8d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/afb5436f6028fd68f408f189230fbaa19c910d72"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b65365d2b1e6095c538d49baeb140dd1c166c1b3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cf6b604011591865ae39ac82de8978c1120d17af"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VW3V-9427-R3GF

Vulnerability from github – Published: 2024-10-21 18:30 – Updated: 2024-10-25 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Check null pointers before used

[WHAT & HOW] Poniters, such as dc->clk_mgr, are null checked previously in the same function, so Coverity warns "implies that "dc->clk_mgr" might be null". As a result, these pointers need to be checked when used again.

This fixes 10 FORWARD_NULL issues reported by Coverity.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49921"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T18:15:14Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null pointers before used\n\n[WHAT \u0026 HOW]\nPoniters, such as dc-\u003eclk_mgr, are null checked previously in the same\nfunction, so Coverity warns \"implies that \"dc-\u003eclk_mgr\" might be null\".\nAs a result, these pointers need to be checked when used again.\n\nThis fixes 10 FORWARD_NULL issues reported by Coverity.",
  "id": "GHSA-vw3v-9427-r3gf",
  "modified": "2024-10-25T15:31:25Z",
  "published": "2024-10-21T18:30:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49921"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5b35bf1a82eb29841b67ff5643ba83762250fc24"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/be1fb44389ca3038ad2430dac4234669bc177ee3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VW7C-7P33-HJMQ

Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-05-24 19:11
VLAI
Details

An issue was discovered in Bento4 version 06c39d9. A NULL pointer dereference exists in the AP4_Stz2Atom::GetSampleSize component located in /Core/Ap4Stz2Atom.cpp. It allows an attacker to cause a denial of service (DOS).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-23330"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-17T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Bento4 version 06c39d9. A NULL pointer dereference exists in the AP4_Stz2Atom::GetSampleSize component located in /Core/Ap4Stz2Atom.cpp. It allows an attacker to cause a denial of service (DOS).",
  "id": "GHSA-vw7c-7p33-hjmq",
  "modified": "2022-05-24T19:11:39Z",
  "published": "2022-05-24T19:11:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-23330"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axiomatic-systems/Bento4/issues/511"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-VW7C-8M5R-GGFJ

Vulnerability from github – Published: 2022-04-16 00:00 – Updated: 2022-04-23 00:03
VLAI
Details

An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause calls to ZRead to crash due to a NULL pointer dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-44494"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-15T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause calls to ZRead to crash due to a NULL pointer dereference.",
  "id": "GHSA-vw7c-8m5r-ggfj",
  "modified": "2022-04-23T00:03:15Z",
  "published": "2022-04-16T00:00:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44494"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/YottaDB/DB/YDB/-/issues/828"
    },
    {
      "type": "WEB",
      "url": "https://sourceforge.net/projects/fis-gtm/files"
    },
    {
      "type": "WEB",
      "url": "http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VWF3-3R65-6V22

Vulnerability from github – Published: 2025-09-16 15:32 – Updated: 2025-12-02 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

sctp: check send stream number after wait_for_sndbuf

This patch fixes a corner case where the asoc out stream count may change after wait_for_sndbuf.

When the main thread in the client starts a connection, if its out stream count is set to N while the in stream count in the server is set to N - 2, another thread in the client keeps sending the msgs with stream number N - 1, and waits for sndbuf before processing INIT_ACK.

However, after processing INIT_ACK, the out stream count in the client is shrunk to N - 2, the same to the in stream count in the server. The crash occurs when the thread waiting for sndbuf is awake and sends the msg in a non-existing stream(N - 1), the call trace is as below:

KASAN: null-ptr-deref in range [0x0000000000000038-0x000000000000003f] Call Trace: sctp_cmd_send_msg net/sctp/sm_sideeffect.c:1114 [inline] sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1777 [inline] sctp_side_effects net/sctp/sm_sideeffect.c:1199 [inline] sctp_do_sm+0x197d/0x5310 net/sctp/sm_sideeffect.c:1170 sctp_primitive_SEND+0x9f/0xc0 net/sctp/primitive.c:163 sctp_sendmsg_to_asoc+0x10eb/0x1a30 net/sctp/socket.c:1868 sctp_sendmsg+0x8d4/0x1d90 net/sctp/socket.c:2026 inet_sendmsg+0x9d/0xe0 net/ipv4/af_inet.c:825 sock_sendmsg_nosec net/socket.c:722 [inline] sock_sendmsg+0xde/0x190 net/socket.c:745

The fix is to add an unlikely check for the send stream number after the thread wakes up from the wait_for_sndbuf.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53296"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-16T08:15:38Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: check send stream number after wait_for_sndbuf\n\nThis patch fixes a corner case where the asoc out stream count may change\nafter wait_for_sndbuf.\n\nWhen the main thread in the client starts a connection, if its out stream\ncount is set to N while the in stream count in the server is set to N - 2,\nanother thread in the client keeps sending the msgs with stream number\nN - 1, and waits for sndbuf before processing INIT_ACK.\n\nHowever, after processing INIT_ACK, the out stream count in the client is\nshrunk to N - 2, the same to the in stream count in the server. The crash\noccurs when the thread waiting for sndbuf is awake and sends the msg in a\nnon-existing stream(N - 1), the call trace is as below:\n\n  KASAN: null-ptr-deref in range [0x0000000000000038-0x000000000000003f]\n  Call Trace:\n   \u003cTASK\u003e\n   sctp_cmd_send_msg net/sctp/sm_sideeffect.c:1114 [inline]\n   sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1777 [inline]\n   sctp_side_effects net/sctp/sm_sideeffect.c:1199 [inline]\n   sctp_do_sm+0x197d/0x5310 net/sctp/sm_sideeffect.c:1170\n   sctp_primitive_SEND+0x9f/0xc0 net/sctp/primitive.c:163\n   sctp_sendmsg_to_asoc+0x10eb/0x1a30 net/sctp/socket.c:1868\n   sctp_sendmsg+0x8d4/0x1d90 net/sctp/socket.c:2026\n   inet_sendmsg+0x9d/0xe0 net/ipv4/af_inet.c:825\n   sock_sendmsg_nosec net/socket.c:722 [inline]\n   sock_sendmsg+0xde/0x190 net/socket.c:745\n\nThe fix is to add an unlikely check for the send stream number after the\nthread wakes up from the wait_for_sndbuf.",
  "id": "GHSA-vwf3-3r65-6v22",
  "modified": "2025-12-02T21:31:26Z",
  "published": "2025-09-16T15:32:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53296"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0443fff49d6352160c200064156c25898bd9f58c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2584024b23552c00d95b50255e47bd18d306d31a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/667eb99cf7c15fe5b0ecefe75cf658e20ef20c9f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9346a1a21142357972a6f466ba6275ddc54b04ac"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a615e7270318fa0b98bf1ff38daf6cf52d840312"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b4b6dfad41aaae9e36e44327b18d5cf4b20dd2ce"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d2128636b303aa9cf065055402ee6697409a8837"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VWFJ-PRPH-9M9P

Vulnerability from github – Published: 2023-03-01 15:30 – Updated: 2023-03-10 18:30
VLAI
Details

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_unweighted_pred_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-24756"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-01T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_unweighted_pred_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.",
  "id": "GHSA-vwfj-prph-9m9p",
  "modified": "2023-03-10T18:30:20Z",
  "published": "2023-03-01T15:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24756"
    },
    {
      "type": "WEB",
      "url": "https://github.com/strukturag/libde265/issues/380"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00004.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VWFW-86R9-43WP

Vulnerability from github – Published: 2026-06-24 18:32 – Updated: 2026-07-14 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix NULL deref in map_kptr_match_type for scalar regs

Commit ab6c637ad027 ("bpf: Fix a bpf_kptr_xchg() issue with local kptr") refactored map_kptr_match_type() to branch on btf_is_kernel() before checking base_type(). A scalar register stored into a kptr slot has no btf, so the btf_is_kernel(reg->btf) call dereferences NULL.

Move the base_type() != PTR_TO_BTF_ID guard before any reg->btf access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-53032"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-24T17:17:14Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix NULL deref in map_kptr_match_type for scalar regs\n\nCommit ab6c637ad027 (\"bpf: Fix a bpf_kptr_xchg() issue with local\nkptr\") refactored map_kptr_match_type() to branch on btf_is_kernel()\nbefore checking base_type(). A scalar register stored into a kptr\nslot has no btf, so the btf_is_kernel(reg-\u003ebtf) call dereferences\nNULL.\n\nMove the base_type() != PTR_TO_BTF_ID guard before any reg-\u003ebtf\naccess.",
  "id": "GHSA-vwfw-86r9-43wp",
  "modified": "2026-07-14T21:31:29Z",
  "published": "2026-06-24T18:32:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53032"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0a36c1f72888bca0237295a4da19cd91821a90be"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4d0a375887ab4d49e4da1ff10f9606cab8f7c3ad"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/520454e839710c327808c2fcc98e28cee77355fc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6982653ce5f119982aa58f1af58e7bfbebf39252"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/da1d615ce49a47986a8864e2371a26e97861085c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VWG2-4H4C-CH44

Vulnerability from github – Published: 2025-03-14 21:31 – Updated: 2025-03-14 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

clk: Fix clk_hw_get_clk() when dev is NULL

Any registered clk_core structure can have a NULL pointer in its dev field. While never actually documented, this is evidenced by the wide usage of clk_register and clk_hw_register with a NULL device pointer, and the fact that the core of_clk_hw_register() function also passes a NULL device pointer.

A call to clk_hw_get_clk() on a clk_hw struct whose clk_core is in that case will result in a NULL pointer derefence when it calls dev_name() on that NULL device pointer.

Add a test for this case and use NULL as the dev_id if the device pointer is NULL.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49187"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:00:55Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: Fix clk_hw_get_clk() when dev is NULL\n\nAny registered clk_core structure can have a NULL pointer in its dev\nfield. While never actually documented, this is evidenced by the wide\nusage of clk_register and clk_hw_register with a NULL device pointer,\nand the fact that the core of_clk_hw_register() function also passes a\nNULL device pointer.\n\nA call to clk_hw_get_clk() on a clk_hw struct whose clk_core is in that\ncase will result in a NULL pointer derefence when it calls dev_name() on\nthat NULL device pointer.\n\nAdd a test for this case and use NULL as the dev_id if the device\npointer is NULL.",
  "id": "GHSA-vwg2-4h4c-ch44",
  "modified": "2025-03-14T21:31:40Z",
  "published": "2025-03-14T21:31:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49187"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0c1b56df451716ba207bbf59f303473643eee4fd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/23f89fe005b105f0dcc55034c13eb89f9b570fac"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4be3e4c05d8dd1b83b75652cad88c9e752ec7054"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d183f20cf5a7b546d4108e796b98210ceb317579"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VWGC-F9CF-RP7W

Vulnerability from github – Published: 2022-04-29 02:57 – Updated: 2024-01-09 03:30
VLAI
Details

mah-jong before 1.6.2 allows remote attackers to cause a denial of service (server crash) via a missing argument, which triggers a null pointer dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2004-0458"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2004-09-28T04:00:00Z",
    "severity": "MODERATE"
  },
  "details": "mah-jong before 1.6.2 allows remote attackers to cause a denial of service (server crash) via a missing argument, which triggers a null pointer dereference.",
  "id": "GHSA-vwgc-f9cf-rp7w",
  "modified": "2024-01-09T03:30:19Z",
  "published": "2022-04-29T02:57:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0458"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16143"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2004/dsa-503"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/10343"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.