CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-X63Q-5MXW-X3P4
Vulnerability from github – Published: 2025-01-22 00:33 – Updated: 2025-01-23 18:31OpenAirInterface CN5G AMF (oai-cn5g-amf) <= 2.0.0 contains a null dereference in its handling of unsupported NGAP protocol messages which allows an attacker with network-adjacent access to the AMF to carry out denial of service. When a procedure code/presence field tuple is received that is unsupported, OAI indexes into a null function pointer and subsequently dereferences it.
{
"affected": [],
"aliases": [
"CVE-2024-24445"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-21T22:15:11Z",
"severity": "MODERATE"
},
"details": "OpenAirInterface CN5G AMF (oai-cn5g-amf) \u003c= 2.0.0 contains a null dereference in its handling of unsupported NGAP protocol messages which allows an attacker with network-adjacent access to the AMF to carry out denial of service. When a procedure code/presence field tuple is received that is unsupported, OAI indexes into a null function pointer and subsequently dereferences it.",
"id": "GHSA-x63q-5mxw-x3p4",
"modified": "2025-01-23T18:31:18Z",
"published": "2025-01-22T00:33:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24445"
},
{
"type": "WEB",
"url": "https://cellularsecurity.org/ransacked"
},
{
"type": "WEB",
"url": "http://openairinterface.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X63X-QRG6-GGCJ
Vulnerability from github – Published: 2022-01-19 00:01 – Updated: 2022-01-26 00:03There is a NULL pointer deference in the Allwinner R818 SoC Android Q SDK V1.0 camera driver /dev/cedar_dev that could use the ioctl cmd IOCTL_GET_IOMMU_ADDR to cause a system crash.
{
"affected": [],
"aliases": [
"CVE-2021-38785"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-18T14:15:00Z",
"severity": "HIGH"
},
"details": "There is a NULL pointer deference in the Allwinner R818 SoC Android Q SDK V1.0 camera driver /dev/cedar_dev that could use the ioctl cmd IOCTL_GET_IOMMU_ADDR to cause a system crash.",
"id": "GHSA-x63x-qrg6-ggcj",
"modified": "2022-01-26T00:03:28Z",
"published": "2022-01-19T00:01:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38785"
},
{
"type": "WEB",
"url": "https://github.com/pokerfacett/MY_CVE_CREDIT/blob/master/Allwinner%20R818%20SoC%EF%BC%9ACamera%20Driver%20has%20Null%20Pointer%20Dereference%20Vulnerability.md"
},
{
"type": "WEB",
"url": "https://vul.wangan.com/a/CNVD-2021-49170"
},
{
"type": "WEB",
"url": "https://www.allwinnertech.com/index.php?c=product\u0026a=index\u0026id=92"
},
{
"type": "WEB",
"url": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-49170"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-X64C-PWXP-R95W
Vulnerability from github – Published: 2022-05-14 02:19 – Updated: 2022-05-14 02:19An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.
{
"affected": [],
"aliases": [
"CVE-2018-15504"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-08-18T03:29:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.",
"id": "GHSA-x64c-pwxp-r95w",
"modified": "2022-05-14T02:19:49Z",
"published": "2022-05-14T02:19:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15504"
},
{
"type": "WEB",
"url": "https://github.com/embedthis/appweb/issues/605"
},
{
"type": "WEB",
"url": "https://github.com/embedthis/goahead/issues/264"
},
{
"type": "WEB",
"url": "https://github.com/embedthis/appweb/commit/66067ae6d1fa08b37a270e7dc1821df52ed2daef"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/s/article/2019-07-Security-Bulletin-Junos-OS-J-Web-Denial-of-Service-due-to-multiple-vulnerabilities-in-Embedthis-Appweb-Server"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X664-JH9H-XWCQ
Vulnerability from github – Published: 2022-05-13 01:24 – Updated: 2022-05-13 01:24The bcm_release function in net/can/bcm.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation.
{
"affected": [],
"aliases": [
"CVE-2011-1598"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-05-09T22:55:00Z",
"severity": "MODERATE"
},
"details": "The bcm_release function in net/can/bcm.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation.",
"id": "GHSA-x664-jh9h-xwcq",
"modified": "2022-05-13T01:24:48Z",
"published": "2022-05-13T01:24:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1598"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=698057"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c6914a6f261aca0c9f715f883a353ae7ff51fe83"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c6914a6f261aca0c9f715f883a353ae7ff51fe83"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2011/04/20/2"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2011/04/20/6"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2011/04/20/7"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2011/04/21/1"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2011/04/21/2"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2011/04/21/7"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2011/04/22/2"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2011/04/25/4"
},
{
"type": "WEB",
"url": "http://permalink.gmane.org/gmane.linux.network/192898"
},
{
"type": "WEB",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.39-rc6"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/47503"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-X66F-V9WW-9C9P
Vulnerability from github – Published: 2024-08-17 09:30 – Updated: 2024-09-03 15:30In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check for NULL pointer
[why & how] Need to make sure plane_state is initialized before accessing its members.
(cherry picked from commit 295d91cbc700651782a60572f83c24861607b648)
{
"affected": [],
"aliases": [
"CVE-2024-42308"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-17T09:15:10Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check for NULL pointer\n\n[why \u0026 how]\nNeed to make sure plane_state is initialized\nbefore accessing its members.\n\n(cherry picked from commit 295d91cbc700651782a60572f83c24861607b648)",
"id": "GHSA-x66f-v9ww-9c9p",
"modified": "2024-09-03T15:30:38Z",
"published": "2024-08-17T09:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42308"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/185616085b12e651cdfd11ef00d1449f54552d89"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4ab68e168ae1695f7c04fae98930740aaf7c50fa"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4ccd37085976ea5d3c499b1e6d0b3f4deaf2cd5a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6b5ed0648213e9355cc78f4a264d9afe8536d692"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/71dbf95359347c2ecc5a6dfc02783fcfccb2e9fb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9ce89824ff04d261fc855e0ca6e6025251d9fa40"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f068494430d15b5fc551ac928de9dac7e5e27602"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X674-MFWP-GM8V
Vulnerability from github – Published: 2025-05-20 18:30 – Updated: 2025-11-14 18:31In the Linux kernel, the following vulnerability has been resolved:
s390/pci: Fix missing check for zpci_create_device() error return
The zpci_create_device() function returns an error pointer that needs to be checked before dereferencing it as a struct zpci_dev pointer. Add the missing check in __clp_add() where it was missed when adding the scan_list in the fixed commit. Simply not adding the device to the scan list results in the previous behavior.
{
"affected": [],
"aliases": [
"CVE-2025-37974"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-20T17:15:47Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pci: Fix missing check for zpci_create_device() error return\n\nThe zpci_create_device() function returns an error pointer that needs to\nbe checked before dereferencing it as a struct zpci_dev pointer. Add the\nmissing check in __clp_add() where it was missed when adding the\nscan_list in the fixed commit. Simply not adding the device to the scan\nlist results in the previous behavior.",
"id": "GHSA-x674-mfwp-gm8v",
"modified": "2025-11-14T18:31:19Z",
"published": "2025-05-20T18:30:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37974"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2769b718e164df983c20c314b263a71a699be6cd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/42420c50c68f3e95e90de2479464f420602229fc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/be54b750c333a9db7c3b3686846bb06b07b011fe"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X689-8M9R-8332
Vulnerability from github – Published: 2025-05-20 18:30 – Updated: 2026-07-14 15:31In the Linux kernel, the following vulnerability has been resolved:
net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY
DSA has 2 kinds of drivers:
- Those who call dsa_switch_suspend() and dsa_switch_resume() from their device PM ops: qca8k-8xxx, bcm_sf2, microchip ksz
- Those who don't: all others. The above methods should be optional.
For type 1, dsa_switch_suspend() calls dsa_user_suspend() -> phylink_stop(), and dsa_switch_resume() calls dsa_user_resume() -> phylink_start(). These seem good candidates for setting mac_managed_pm = true because that is essentially its definition [1], but that does not seem to be the biggest problem for now, and is not what this change focuses on.
Talking strictly about the 2nd category of DSA drivers here (which do not have MAC managed PM, meaning that for their attached PHYs, mdio_bus_phy_suspend() and mdio_bus_phy_resume() should run in full), I have noticed that the following warning from mdio_bus_phy_resume() is triggered:
WARN_ON(phydev->state != PHY_HALTED && phydev->state != PHY_READY &&
phydev->state != PHY_UP);
because the PHY state machine is running.
It's running as a result of a previous dsa_user_open() -> ... -> phylink_start() -> phy_start() having been initiated by the user.
The previous mdio_bus_phy_suspend() was supposed to have called phy_stop_machine(), but it didn't. So this is why the PHY is in state PHY_NOLINK by the time mdio_bus_phy_resume() runs.
mdio_bus_phy_suspend() did not call phy_stop_machine() because for phylink, the phydev->adjust_link function pointer is NULL. This seems a technicality introduced by commit fddd91016d16 ("phylib: fix PAL state machine restart on resume"). That commit was written before phylink existed, and was intended to avoid crashing with consumer drivers which don't use the PHY state machine - phylink always does, when using a PHY. But phylink itself has historically not been developed with suspend/resume in mind, and apparently not tested too much in that scenario, allowing this bug to exist unnoticed for so long. Plus, prior to the WARN_ON(), it would have likely been invisible.
This issue is not in fact restricted to type 2 DSA drivers (according to the above ad-hoc classification), but can be extrapolated to any MAC driver with phylink and MDIO-bus-managed PHY PM ops. DSA is just where the issue was reported. Assuming mac_managed_pm is set correctly, a quick search indicates the following other drivers might be affected:
$ grep -Zlr PHYLINK_NETDEV drivers/ | xargs -0 grep -L mac_managed_pm drivers/net/ethernet/atheros/ag71xx.c drivers/net/ethernet/microchip/sparx5/sparx5_main.c drivers/net/ethernet/microchip/lan966x/lan966x_main.c drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c drivers/net/ethernet/freescale/fs_enet/fs_enet-main.c drivers/net/ethernet/freescale/dpaa/dpaa_eth.c drivers/net/ethernet/freescale/ucc_geth.c drivers/net/ethernet/freescale/enetc/enetc_pf_common.c drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c drivers/net/ethernet/marvell/mvneta.c drivers/net/ethernet/marvell/prestera/prestera_main.c drivers/net/ethernet/mediatek/mtk_eth_soc.c drivers/net/ethernet/altera/altera_tse_main.c drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c drivers/net/ethernet/meta/fbnic/fbnic_phylink.c drivers/net/ethernet/tehuti/tn40_phy.c drivers/net/ethernet/mscc/ocelot_net.c
Make the existing conditions dependent on the PHY device having a phydev->phy_link_change() implementation equal to the default phy_link_change() provided by phylib. Otherwise, we implicitly know that the phydev has the phylink-provided phylink_phy_change() callback, and when phylink is used, the PHY state machine always needs to be stopped/ started on the suspend/resume path. The code is structured as such that if phydev->phy_link_change() is absent, it is a matter of time until the kernel will crash - no need to further complicate the test.
Thus, for the situation where the PM is not managed b ---truncated---
{
"affected": [],
"aliases": [
"CVE-2025-37945"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-20T16:15:32Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY\n\nDSA has 2 kinds of drivers:\n\n1. Those who call dsa_switch_suspend() and dsa_switch_resume() from\n their device PM ops: qca8k-8xxx, bcm_sf2, microchip ksz\n2. Those who don\u0027t: all others. The above methods should be optional.\n\nFor type 1, dsa_switch_suspend() calls dsa_user_suspend() -\u003e phylink_stop(),\nand dsa_switch_resume() calls dsa_user_resume() -\u003e phylink_start().\nThese seem good candidates for setting mac_managed_pm = true because\nthat is essentially its definition [1], but that does not seem to be the\nbiggest problem for now, and is not what this change focuses on.\n\nTalking strictly about the 2nd category of DSA drivers here (which\ndo not have MAC managed PM, meaning that for their attached PHYs,\nmdio_bus_phy_suspend() and mdio_bus_phy_resume() should run in full),\nI have noticed that the following warning from mdio_bus_phy_resume() is\ntriggered:\n\n\tWARN_ON(phydev-\u003estate != PHY_HALTED \u0026\u0026 phydev-\u003estate != PHY_READY \u0026\u0026\n\t\tphydev-\u003estate != PHY_UP);\n\nbecause the PHY state machine is running.\n\nIt\u0027s running as a result of a previous dsa_user_open() -\u003e ... -\u003e\nphylink_start() -\u003e phy_start() having been initiated by the user.\n\nThe previous mdio_bus_phy_suspend() was supposed to have called\nphy_stop_machine(), but it didn\u0027t. So this is why the PHY is in state\nPHY_NOLINK by the time mdio_bus_phy_resume() runs.\n\nmdio_bus_phy_suspend() did not call phy_stop_machine() because for\nphylink, the phydev-\u003eadjust_link function pointer is NULL. This seems a\ntechnicality introduced by commit fddd91016d16 (\"phylib: fix PAL state\nmachine restart on resume\"). That commit was written before phylink\nexisted, and was intended to avoid crashing with consumer drivers which\ndon\u0027t use the PHY state machine - phylink always does, when using a PHY.\nBut phylink itself has historically not been developed with\nsuspend/resume in mind, and apparently not tested too much in that\nscenario, allowing this bug to exist unnoticed for so long. Plus, prior\nto the WARN_ON(), it would have likely been invisible.\n\nThis issue is not in fact restricted to type 2 DSA drivers (according to\nthe above ad-hoc classification), but can be extrapolated to any MAC\ndriver with phylink and MDIO-bus-managed PHY PM ops. DSA is just where\nthe issue was reported. Assuming mac_managed_pm is set correctly, a\nquick search indicates the following other drivers might be affected:\n\n$ grep -Zlr PHYLINK_NETDEV drivers/ | xargs -0 grep -L mac_managed_pm\ndrivers/net/ethernet/atheros/ag71xx.c\ndrivers/net/ethernet/microchip/sparx5/sparx5_main.c\ndrivers/net/ethernet/microchip/lan966x/lan966x_main.c\ndrivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c\ndrivers/net/ethernet/freescale/fs_enet/fs_enet-main.c\ndrivers/net/ethernet/freescale/dpaa/dpaa_eth.c\ndrivers/net/ethernet/freescale/ucc_geth.c\ndrivers/net/ethernet/freescale/enetc/enetc_pf_common.c\ndrivers/net/ethernet/marvell/mvpp2/mvpp2_main.c\ndrivers/net/ethernet/marvell/mvneta.c\ndrivers/net/ethernet/marvell/prestera/prestera_main.c\ndrivers/net/ethernet/mediatek/mtk_eth_soc.c\ndrivers/net/ethernet/altera/altera_tse_main.c\ndrivers/net/ethernet/wangxun/txgbe/txgbe_phy.c\ndrivers/net/ethernet/meta/fbnic/fbnic_phylink.c\ndrivers/net/ethernet/tehuti/tn40_phy.c\ndrivers/net/ethernet/mscc/ocelot_net.c\n\nMake the existing conditions dependent on the PHY device having a\nphydev-\u003ephy_link_change() implementation equal to the default\nphy_link_change() provided by phylib. Otherwise, we implicitly know that\nthe phydev has the phylink-provided phylink_phy_change() callback, and\nwhen phylink is used, the PHY state machine always needs to be stopped/\nstarted on the suspend/resume path. The code is structured as such that\nif phydev-\u003ephy_link_change() is absent, it is a matter of time until the\nkernel will crash - no need to further complicate the test.\n\nThus, for the situation where the PM is not managed b\n---truncated---",
"id": "GHSA-x689-8m9r-8332",
"modified": "2026-07-14T15:31:22Z",
"published": "2025-05-20T18:30:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37945"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/043aa41c43f8cb9cce75367ea07895ce68b5abb0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/17eef1e44883845b9567afc893dc41e004c08d65"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/54e5d00a8de6c13f6c01a94ed48025e882cd15f7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a6ed6f8ec81b8ca7100dcd9e62bdbc0dff1b2259"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bd4037d51d3f6667636a1383e78e48a5b7b60755"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fc75ea20ffb452652f0d4033f38fe88d7cfdae35"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X697-2XRM-FH6R
Vulnerability from github – Published: 2022-05-24 17:37 – Updated: 2025-08-08 12:32VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine's vmx process leading to a denial of service condition.
{
"affected": [],
"aliases": [
"CVE-2020-3999"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-21T16:15:00Z",
"severity": "MODERATE"
},
"details": "VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine\u0027s vmx process leading to a denial of service condition.",
"id": "GHSA-x697-2xrm-fh6r",
"modified": "2025-08-08T12:32:16Z",
"published": "2022-05-24T17:37:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3999"
},
{
"type": "WEB",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0029.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X6FP-542M-2MR8
Vulnerability from github – Published: 2024-09-18 15:30 – Updated: 2025-11-04 18:31Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger these vulnerabilities.This instance of the vulnerability occurs within the Protected_Logical_Read_Reply function
{
"affected": [],
"aliases": [
"CVE-2024-39589"
],
"database_specific": {
"cwe_ids": [
"CWE-476",
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-18T15:15:15Z",
"severity": "HIGH"
},
"details": "Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger these vulnerabilities.This instance of the vulnerability occurs within the `Protected_Logical_Read_Reply` function",
"id": "GHSA-x6fp-542m-2mr8",
"modified": "2025-11-04T18:31:25Z",
"published": "2024-09-18T15:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39589"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2016"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2016"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X6HW-42RG-XJ9M
Vulnerability from github – Published: 2022-07-27 00:00 – Updated: 2022-07-29 00:00An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in if_condition() in modules/preprocs/nasm/nasm-pp.c.
{
"affected": [],
"aliases": [
"CVE-2021-33460"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-26T13:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in if_condition() in modules/preprocs/nasm/nasm-pp.c.",
"id": "GHSA-x6hw-42rg-xj9m",
"modified": "2022-07-29T00:00:34Z",
"published": "2022-07-27T00:00:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33460"
},
{
"type": "WEB",
"url": "https://github.com/yasm/yasm/issues/168"
},
{
"type": "WEB",
"url": "https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.