CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
CVE-2022-25739 (GCVE-0-2022-25739)
Vulnerability from cvelistv5 – Published: 2023-04-04 04:46 – Updated: 2024-08-03 04:49- CWE-476 - NULL Pointer Dereference
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Affected:
9205 LTE Modem
Affected: 9206 LTE Modem Affected: 9207 LTE Modem Affected: FastConnect 6900 Affected: FastConnect 7800 Affected: MDM8207 Affected: QCA4004 Affected: QTS110 Affected: Snapdragon 1100 Wearable Platform Affected: Snapdragon 1200 Wearable Platform Affected: Snapdragon AR2 Gen 1 Platform Affected: Snapdragon Wear 1300 Platform Affected: Snapdragon X5 LTE Modem Affected: SSG2115P Affected: SSG2125P Affected: SXR1230P Affected: SXR2230P Affected: WCD9306 Affected: WCD9330 Affected: WCD9380 Affected: WCD9385 Affected: WSA8830 Affected: WSA8832 Affected: WSA8835 |
|
| qualcomm | 9205_lte_modem_firmware |
Affected:
*
cpe:2.3:o:qualcomm:9205_lte_modem_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | 9206_lte_modem_firmware |
Affected:
*
cpe:2.3:o:qualcomm:9206_lte_modem_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | 9207_lte_modem_firmware |
Affected:
*
cpe:2.3:o:qualcomm:9207_lte_modem_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | fastconnect_6900_firmware |
Affected:
*
cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | fastconnect_7800_firmware |
Affected:
*
cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | mdm8207_firmware |
Affected:
*
cpe:2.3:o:qualcomm:mdm8207_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | qca4004_firmware |
Affected:
*
cpe:2.3:o:qualcomm:qca4004_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | qts110_firmware |
Affected:
*
cpe:2.3:o:qualcomm:qts110_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | snapdragon_1100_wearable_platform_firmware |
Affected:
*
cpe:2.3:o:qualcomm:snapdragon_1100_wearable_platform_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | snapdragon_1200_wearable_platform_firmware |
Affected:
*
cpe:2.3:o:qualcomm:snapdragon_1200_wearable_platform_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | snapdragon_ar2_gen_1_platform_firmware |
Affected:
*
cpe:2.3:o:qualcomm:snapdragon_ar2_gen_1_platform_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | snapdragon_wear_1300_platform_firmware |
Affected:
*
cpe:2.3:o:qualcomm:snapdragon_wear_1300_platform_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | snapdragon_x5_lte_modem_firmware |
Affected:
*
cpe:2.3:o:qualcomm:snapdragon_x5_lte_modem_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | ssg2115p_firmware |
Affected:
*
cpe:2.3:o:qualcomm:ssg2115p_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | ssg2125p_firmware |
Affected:
*
cpe:2.3:o:qualcomm:ssg2125p_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | sxr1230p_firmware |
Affected:
*
cpe:2.3:o:qualcomm:sxr1230p_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | sxr2230p_firmware |
Affected:
*
cpe:2.3:o:qualcomm:sxr2230p_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wcd9306_firmware |
Affected:
*
cpe:2.3:o:qualcomm:wcd9306_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wcd9330_firmware |
Affected:
*
cpe:2.3:o:qualcomm:wcd9330_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wcd9380_firmware |
Affected:
*
cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wcd9385_firmware |
Affected:
*
cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wsa8830_firmware |
Affected:
*
cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wsa8832_firmware |
Affected:
*
cpe:2.3:o:qualcomm:wsa8832_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wsa8835_firmware |
Affected:
*
cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:qualcomm:9205_lte_modem_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "9205_lte_modem_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:9206_lte_modem_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "9206_lte_modem_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:9207_lte_modem_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "9207_lte_modem_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fastconnect_6900_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fastconnect_7800_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:mdm8207_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mdm8207_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca4004_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca4004_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qts110_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qts110_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:snapdragon_1100_wearable_platform_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "snapdragon_1100_wearable_platform_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:snapdragon_1200_wearable_platform_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "snapdragon_1200_wearable_platform_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:snapdragon_ar2_gen_1_platform_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "snapdragon_ar2_gen_1_platform_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:snapdragon_wear_1300_platform_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "snapdragon_wear_1300_platform_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:snapdragon_x5_lte_modem_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "snapdragon_x5_lte_modem_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:ssg2115p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ssg2115p_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:ssg2125p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ssg2125p_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sxr1230p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sxr1230p_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sxr2230p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sxr2230p_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcd9306_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcd9306_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcd9330_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcd9330_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcd9380_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcd9385_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wsa8830_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wsa8832_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wsa8832_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wsa8835_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-25739",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-10T17:11:14.969354Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T17:11:32.528Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:49:43.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Compute",
"Snapdragon Industrial IOT"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "9205 LTE Modem"
},
{
"status": "affected",
"version": "9206 LTE Modem"
},
{
"status": "affected",
"version": "9207 LTE Modem"
},
{
"status": "affected",
"version": "FastConnect 6900"
},
{
"status": "affected",
"version": "FastConnect 7800"
},
{
"status": "affected",
"version": "MDM8207"
},
{
"status": "affected",
"version": "QCA4004"
},
{
"status": "affected",
"version": "QTS110"
},
{
"status": "affected",
"version": "Snapdragon 1100 Wearable Platform"
},
{
"status": "affected",
"version": "Snapdragon 1200 Wearable Platform"
},
{
"status": "affected",
"version": "Snapdragon AR2 Gen 1 Platform"
},
{
"status": "affected",
"version": "Snapdragon Wear 1300 Platform"
},
{
"status": "affected",
"version": "Snapdragon X5 LTE Modem"
},
{
"status": "affected",
"version": "SSG2115P"
},
{
"status": "affected",
"version": "SSG2125P"
},
{
"status": "affected",
"version": "SXR1230P"
},
{
"status": "affected",
"version": "SXR2230P"
},
{
"status": "affected",
"version": "WCD9306"
},
{
"status": "affected",
"version": "WCD9330"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCD9385"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8832"
},
{
"status": "affected",
"version": "WSA8835"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Denial of service in modem due to missing null check while processing the ipv6 packet received during ECM call"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-12T16:28:25.458Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
}
],
"title": "Null Point Dereference in MODEM"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2022-25739",
"datePublished": "2023-04-04T04:46:17.961Z",
"dateReserved": "2022-02-22T11:38:09.313Z",
"dateUpdated": "2024-08-03T04:49:43.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25735 (GCVE-0-2022-25735)
Vulnerability from cvelistv5 – Published: 2023-02-09 06:58 – Updated: 2024-08-03 04:49- CWE-476 - NULL Pointer Dereference
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Affected:
AR8031
Affected: CSRA6620 Affected: CSRA6640 Affected: MDM8207 Affected: MDM9205 Affected: MDM9206 Affected: MDM9207 Affected: MDM9607 Affected: QCA4004 Affected: QCA4020 Affected: QCA4024 Affected: QCS405 Affected: QTS110 Affected: SSG2115P Affected: SSG2125P Affected: SXR1230P Affected: SXR2230P Affected: WCD9306 Affected: WCD9330 Affected: WCD9335 Affected: WCD9380 Affected: WCD9385 Affected: WCN3980 Affected: WCN3998 Affected: WCN3999 Affected: WCN6855 Affected: WCN6856 Affected: WCN7850 Affected: WCN7851 Affected: WSA8810 Affected: WSA8815 Affected: WSA8830 Affected: WSA8832 Affected: WSA8835 |
|
| qualcomm | ar8031_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:ar8031_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | csra6620_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:csra6620_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | csra6640_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:csra6640_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | mdm8207_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:mdm8207_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | mdm9205_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:mdm9205_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | mdm9206_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | mdm9207_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:mdm9207_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | mdm9607_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | qca4004_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:qca4004_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | qca4020_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:qca4020_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | qca4024_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:qca4024_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | qcs405_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | qts110_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:qts110_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | ssg2115p_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:ssg2115p_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | ssg2125p_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:ssg2125p_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | sxr1230p_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:sxr1230p_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | sxr2230p_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:sxr2230p_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wcd9306_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wcd9306_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wcd9330_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wcd9330_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wcd9335_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wcd9335_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wcd9380_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wcd9385_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wcn3980_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wcn3998_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wcn3999_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wcn3999_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wcn6855_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wcn6855_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wcn6856_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wcn6856_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wcn7850_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wcn7850_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wcn7851_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wcn7851_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wsa8810_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wsa8815_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wsa8830_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wsa8832_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wsa8832_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wsa8835_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:qualcomm:ar8031_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ar8031_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:csra6620_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "csra6620_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:csra6640_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "csra6640_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:mdm8207_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mdm8207_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:mdm9205_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mdm9205_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mdm9206_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:mdm9207_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mdm9207_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mdm9607_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca4004_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca4004_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca4020_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca4020_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca4024_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca4024_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qcs405_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qts110_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qts110_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:ssg2115p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ssg2115p_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:ssg2125p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ssg2125p_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sxr1230p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sxr1230p_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sxr2230p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sxr2230p_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcd9306_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcd9306_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcd9330_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcd9330_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcd9335_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcd9335_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcd9380_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcd9385_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn3980_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn3998_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn3999_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn3999_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn6855_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn6855_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn6856_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn6856_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn7850_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn7850_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn7851_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn7851_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wsa8810_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wsa8815_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wsa8830_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wsa8832_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wsa8832_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wsa8835_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-25735",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T20:34:16.962832Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T20:34:24.444Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:49:43.211Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/february-2023-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Compute",
"Snapdragon Consumer IOT",
"Snapdragon Industrial IOT",
"Snapdragon Voice \u0026 Music"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "AR8031"
},
{
"status": "affected",
"version": "CSRA6620"
},
{
"status": "affected",
"version": "CSRA6640"
},
{
"status": "affected",
"version": "MDM8207"
},
{
"status": "affected",
"version": "MDM9205"
},
{
"status": "affected",
"version": "MDM9206"
},
{
"status": "affected",
"version": "MDM9207"
},
{
"status": "affected",
"version": "MDM9607"
},
{
"status": "affected",
"version": "QCA4004"
},
{
"status": "affected",
"version": "QCA4020"
},
{
"status": "affected",
"version": "QCA4024"
},
{
"status": "affected",
"version": "QCS405"
},
{
"status": "affected",
"version": "QTS110"
},
{
"status": "affected",
"version": "SSG2115P"
},
{
"status": "affected",
"version": "SSG2125P"
},
{
"status": "affected",
"version": "SXR1230P"
},
{
"status": "affected",
"version": "SXR2230P"
},
{
"status": "affected",
"version": "WCD9306"
},
{
"status": "affected",
"version": "WCD9330"
},
{
"status": "affected",
"version": "WCD9335"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCD9385"
},
{
"status": "affected",
"version": "WCN3980"
},
{
"status": "affected",
"version": "WCN3998"
},
{
"status": "affected",
"version": "WCN3999"
},
{
"status": "affected",
"version": "WCN6855"
},
{
"status": "affected",
"version": "WCN6856"
},
{
"status": "affected",
"version": "WCN7850"
},
{
"status": "affected",
"version": "WCN7851"
},
{
"status": "affected",
"version": "WSA8810"
},
{
"status": "affected",
"version": "WSA8815"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8832"
},
{
"status": "affected",
"version": "WSA8835"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Denial of service in modem due to missing null check while processing TCP or UDP packets from server"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-12T16:31:48.178Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://www.qualcomm.com/company/product-security/bulletins/february-2023-bulletin"
}
],
"title": "Null Pointer Dereference in MODEM"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2022-25735",
"datePublished": "2023-02-09T06:58:22.577Z",
"dateReserved": "2022-02-22T11:38:09.311Z",
"dateUpdated": "2024-08-03T04:49:43.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25733 (GCVE-0-2022-25733)
Vulnerability from cvelistv5 – Published: 2023-02-09 06:58 – Updated: 2024-08-03 04:49- CWE-476 - NULL Pointer Dereference
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Affected:
AR8031
Affected: CSRA6620 Affected: CSRA6640 Affected: MDM8207 Affected: MDM9205 Affected: MDM9206 Affected: MDM9207 Affected: MDM9607 Affected: QCA4004 Affected: QCA4010 Affected: QCA4020 Affected: QCA4024 Affected: QCS405 Affected: QTS110 Affected: SSG2115P Affected: SSG2125P Affected: SXR1230P Affected: SXR2230P Affected: WCD9306 Affected: WCD9330 Affected: WCD9335 Affected: WCD9380 Affected: WCD9385 Affected: WCN3980 Affected: WCN3998 Affected: WCN3999 Affected: WCN6855 Affected: WCN6856 Affected: WCN7850 Affected: WCN7851 Affected: WSA8810 Affected: WSA8815 Affected: WSA8830 Affected: WSA8832 Affected: WSA8835 |
|
| qualcomm | ar8031_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:ar8031_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | csra6620_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:csra6620_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | csra6640_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:csra6640_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | mdm8207_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:mdm8207_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | mdm9205_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:mdm9205_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | mdm9206_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | mdm9207_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:mdm9207_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | mdm9607_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | qca4004_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:qca4004_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | qca4010_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:qca4010_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | qca4020_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:qca4020_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | qca4024_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:qca4024_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | qcs405_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | qts110_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:qts110_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | ssg2115p_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:ssg2115p_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | ssg2125p_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:ssg2125p_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | sxr1230p_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:sxr1230p_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | sxr2230p_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:sxr2230p_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wcd9306_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wcd9306_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wcd9330_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wcd9330_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wcd9335_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wcd9335_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wcd9380_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wcd9385_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wcn3980_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wcn3998_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wcn3999_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wcn3999_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wcn6855_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wcn6855_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wcn6856_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wcn6856_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wcn7850_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wcn7850_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wcn7851_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wcn7851_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wsa8810_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wsa8815_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wsa8830_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wsa8832_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wsa8832_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wsa8835_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:qualcomm:ar8031_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ar8031_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:csra6620_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "csra6620_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:csra6640_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "csra6640_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:mdm8207_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mdm8207_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:mdm9205_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mdm9205_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mdm9206_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:mdm9207_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mdm9207_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mdm9607_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca4004_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca4004_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca4010_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca4010_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca4020_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca4020_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca4024_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca4024_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qcs405_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qts110_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qts110_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:ssg2115p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ssg2115p_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:ssg2125p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ssg2125p_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sxr1230p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sxr1230p_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sxr2230p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sxr2230p_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcd9306_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcd9306_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcd9330_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcd9330_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcd9335_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcd9335_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcd9380_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcd9385_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn3980_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn3998_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn3999_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn3999_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn6855_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn6855_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn6856_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn6856_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn7850_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn7850_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn7851_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn7851_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wsa8810_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wsa8815_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wsa8830_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wsa8832_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wsa8832_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wsa8835_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-25733",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T21:10:27.364634Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T21:10:32.937Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:49:42.822Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/february-2023-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Compute",
"Snapdragon Consumer IOT",
"Snapdragon Industrial IOT",
"Snapdragon Voice \u0026 Music"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "AR8031"
},
{
"status": "affected",
"version": "CSRA6620"
},
{
"status": "affected",
"version": "CSRA6640"
},
{
"status": "affected",
"version": "MDM8207"
},
{
"status": "affected",
"version": "MDM9205"
},
{
"status": "affected",
"version": "MDM9206"
},
{
"status": "affected",
"version": "MDM9207"
},
{
"status": "affected",
"version": "MDM9607"
},
{
"status": "affected",
"version": "QCA4004"
},
{
"status": "affected",
"version": "QCA4010"
},
{
"status": "affected",
"version": "QCA4020"
},
{
"status": "affected",
"version": "QCA4024"
},
{
"status": "affected",
"version": "QCS405"
},
{
"status": "affected",
"version": "QTS110"
},
{
"status": "affected",
"version": "SSG2115P"
},
{
"status": "affected",
"version": "SSG2125P"
},
{
"status": "affected",
"version": "SXR1230P"
},
{
"status": "affected",
"version": "SXR2230P"
},
{
"status": "affected",
"version": "WCD9306"
},
{
"status": "affected",
"version": "WCD9330"
},
{
"status": "affected",
"version": "WCD9335"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCD9385"
},
{
"status": "affected",
"version": "WCN3980"
},
{
"status": "affected",
"version": "WCN3998"
},
{
"status": "affected",
"version": "WCN3999"
},
{
"status": "affected",
"version": "WCN6855"
},
{
"status": "affected",
"version": "WCN6856"
},
{
"status": "affected",
"version": "WCN7850"
},
{
"status": "affected",
"version": "WCN7851"
},
{
"status": "affected",
"version": "WSA8810"
},
{
"status": "affected",
"version": "WSA8815"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8832"
},
{
"status": "affected",
"version": "WSA8835"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Denial of service in modem due to null pointer dereference while processing DNS packets"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-12T16:31:41.344Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://www.qualcomm.com/company/product-security/bulletins/february-2023-bulletin"
}
],
"title": "Null Pointer Dereference in MODEM"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2022-25733",
"datePublished": "2023-02-09T06:58:20.099Z",
"dateReserved": "2022-02-22T11:38:09.310Z",
"dateUpdated": "2024-08-03T04:49:42.822Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24810 (GCVE-0-2022-24810)
Vulnerability from cvelistv5 – Published: 2024-04-16 19:59 – Updated: 2024-08-03 04:20- CWE-476 - NULL Pointer Dereference
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:net-snmp:net-snmp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "net-snmp",
"vendor": "net-snmp",
"versions": [
{
"lessThan": "5.9.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24810",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T20:37:22.193847Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:15:55.143Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103225"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-29"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5209"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105241"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "net-snmp",
"repo": "https://github.com/net-snmp/net-snmp",
"vendor": "net-snmp",
"versions": [
{
"lessThan": "5.9.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a SET to the nsVacmAccessTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.\u003cbr\u003e"
}
],
"value": "net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a SET to the nsVacmAccessTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-16T19:59:41.084Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103225"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/"
},
{
"url": "https://security.gentoo.org/glsa/202210-29"
},
{
"url": "https://www.debian.org/security/2022/dsa-5209"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105241"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "net-snmp: A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference.",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24810",
"datePublished": "2024-04-16T19:59:41.084Z",
"dateReserved": "2022-02-10T16:41:34.918Z",
"dateUpdated": "2024-08-03T04:20:50.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24809 (GCVE-0-2022-24809)
Vulnerability from cvelistv5 – Published: 2024-04-16 19:56 – Updated: 2024-08-03 04:20- CWE-476 - NULL Pointer Dereference
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24809",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-13T17:11:17.126824Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:15:55.584Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103225"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-29"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5209"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105242"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "net-snmp",
"repo": "https://github.com/net-snmp/net-snmp",
"vendor": "net-snmp",
"versions": [
{
"lessThan": "5.9.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a `GET-NEXT` to the `nsVacmAccessTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.\u003cbr\u003e"
}
],
"value": "net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a `GET-NEXT` to the `nsVacmAccessTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-16T19:56:07.108Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103225"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/"
},
{
"url": "https://security.gentoo.org/glsa/202210-29"
},
{
"url": "https://www.debian.org/security/2022/dsa-5209"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105242"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "net-snmp: A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24809",
"datePublished": "2024-04-16T19:56:07.108Z",
"dateReserved": "2022-02-10T16:41:34.918Z",
"dateUpdated": "2024-08-03T04:20:50.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24808 (GCVE-0-2022-24808)
Vulnerability from cvelistv5 – Published: 2024-04-16 19:52 – Updated: 2024-08-03 04:20- CWE-476 - NULL Pointer Dereference
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:net-snmp:net-snmp:5.9.2:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "net-snmp",
"vendor": "net-snmp",
"versions": [
{
"status": "affected",
"version": "5.9.2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24808",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T18:23:10.723285Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:15:57.749Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103225"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-29"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5209"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105240"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "net-snmp",
"repo": "https://github.com/net-snmp/net-snmp",
"vendor": "net-snmp",
"versions": [
{
"lessThan": "5.9.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a `SET` request to `NET-SNMP-AGENT-MIB::nsLogTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.\u003cbr\u003e"
}
],
"value": "net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a `SET` request to `NET-SNMP-AGENT-MIB::nsLogTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-16T19:52:31.783Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103225"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/"
},
{
"url": "https://security.gentoo.org/glsa/202210-29"
},
{
"url": "https://www.debian.org/security/2022/dsa-5209"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105240"
},
{
"url": "https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "net-snmp: A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24808",
"datePublished": "2024-04-16T19:52:31.783Z",
"dateReserved": "2022-02-10T16:41:34.917Z",
"dateUpdated": "2024-08-03T04:20:50.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24736 (GCVE-0-2022-24736)
Vulnerability from cvelistv5 – Published: 2022-04-27 19:55 – Updated: 2025-04-22 18:02- CWE-476 - NULL Pointer Dereference
| URL | Tags |
|---|---|
| https://github.com/redis/redis/pull/10651 | x_refsource_MISC |
| https://github.com/redis/redis/releases/tag/6.2.7 | x_refsource_MISC |
| https://github.com/redis/redis/releases/tag/7.0.0 | x_refsource_MISC |
| https://github.com/redis/redis/security/advisorie… | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2022071… | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/202209-17 | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redis/redis/pull/10651"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redis/redis/releases/tag/6.2.7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redis/redis/releases/tag/7.0.0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-3qpw-7686-5984"
},
{
"name": "FEDORA-2022-6ed1ce2838",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VPYKSG7LKUJGVM2P72EHXKVRVRWHLORX/"
},
{
"name": "FEDORA-2022-a0a4c7eb31",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WSTPUCAPBRHIFPSCOURR4OYX4E2OISAF/"
},
{
"name": "FEDORA-2022-44373f6778",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4ZK3675DGHVVDOFLJN7WX6YYH27GPMK/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220715-0003/"
},
{
"name": "GLSA-202209-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-17"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24736",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T15:48:18.596255Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T18:02:34.902Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "redis",
"vendor": "redis",
"versions": [
{
"status": "affected",
"version": "\u003c 6.2.7"
},
{
"status": "affected",
"version": "\u003c 7.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-29T16:07:32.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/pull/10651"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/releases/tag/6.2.7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/releases/tag/7.0.0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-3qpw-7686-5984"
},
{
"name": "FEDORA-2022-6ed1ce2838",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VPYKSG7LKUJGVM2P72EHXKVRVRWHLORX/"
},
{
"name": "FEDORA-2022-a0a4c7eb31",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WSTPUCAPBRHIFPSCOURR4OYX4E2OISAF/"
},
{
"name": "FEDORA-2022-44373f6778",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4ZK3675DGHVVDOFLJN7WX6YYH27GPMK/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220715-0003/"
},
{
"name": "GLSA-202209-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202209-17"
}
],
"source": {
"advisory": "GHSA-3qpw-7686-5984",
"discovery": "UNKNOWN"
},
"title": "A Malformed Lua script can crash Redis",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24736",
"STATE": "PUBLIC",
"TITLE": "A Malformed Lua script can crash Redis"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "redis",
"version": {
"version_data": [
{
"version_value": "\u003c 6.2.7"
},
{
"version_value": "\u003c 7.0.0"
}
]
}
}
]
},
"vendor_name": "redis"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476: NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/redis/redis/pull/10651",
"refsource": "MISC",
"url": "https://github.com/redis/redis/pull/10651"
},
{
"name": "https://github.com/redis/redis/releases/tag/6.2.7",
"refsource": "MISC",
"url": "https://github.com/redis/redis/releases/tag/6.2.7"
},
{
"name": "https://github.com/redis/redis/releases/tag/7.0.0",
"refsource": "MISC",
"url": "https://github.com/redis/redis/releases/tag/7.0.0"
},
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-3qpw-7686-5984",
"refsource": "CONFIRM",
"url": "https://github.com/redis/redis/security/advisories/GHSA-3qpw-7686-5984"
},
{
"name": "FEDORA-2022-6ed1ce2838",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VPYKSG7LKUJGVM2P72EHXKVRVRWHLORX/"
},
{
"name": "FEDORA-2022-a0a4c7eb31",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSTPUCAPBRHIFPSCOURR4OYX4E2OISAF/"
},
{
"name": "FEDORA-2022-44373f6778",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4ZK3675DGHVVDOFLJN7WX6YYH27GPMK/"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220715-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220715-0003/"
},
{
"name": "GLSA-202209-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202209-17"
}
]
},
"source": {
"advisory": "GHSA-3qpw-7686-5984",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24736",
"datePublished": "2022-04-27T19:55:10.000Z",
"dateReserved": "2022-02-10T00:00:00.000Z",
"dateUpdated": "2025-04-22T18:02:34.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23595 (GCVE-0-2022-23595)
Vulnerability from cvelistv5 – Published: 2022-02-04 22:32 – Updated: 2025-04-22 18:26- CWE-476 - NULL Pointer Dereference
| URL | Tags |
|---|---|
| https://github.com/tensorflow/tensorflow/security… | x_refsource_CONFIRM |
| https://github.com/tensorflow/tensorflow/commit/e… | x_refsource_MISC |
| https://github.com/tensorflow/tensorflow/blob/274… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| tensorflow | tensorflow |
Affected:
>= 2.7.0, < 2.7.1
Affected: >= 2.6.0, < 2.6.3 Affected: < 2.5.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:46.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fpcp-9h7m-ffpx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/e21af685e1828f7ca65038307df5cc06de4479e8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/compiler/jit/xla_platform_info.cc#L43-L104"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23595",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T15:51:22.313656Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T18:26:53.489Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tensorflow",
"vendor": "tensorflow",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.7.0, \u003c 2.7.1"
},
{
"status": "affected",
"version": "\u003e= 2.6.0, \u003c 2.6.3"
},
{
"status": "affected",
"version": "\u003c 2.5.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so `flr-\u003econfig_proto` is `nullptr`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:32:13.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fpcp-9h7m-ffpx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/e21af685e1828f7ca65038307df5cc06de4479e8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/compiler/jit/xla_platform_info.cc#L43-L104"
}
],
"source": {
"advisory": "GHSA-fpcp-9h7m-ffpx",
"discovery": "UNKNOWN"
},
"title": "Null pointer dereference in TensorFlow",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-23595",
"STATE": "PUBLIC",
"TITLE": "Null pointer dereference in TensorFlow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "tensorflow",
"version": {
"version_data": [
{
"version_value": "\u003e= 2.7.0, \u003c 2.7.1"
},
{
"version_value": "\u003e= 2.6.0, \u003c 2.6.3"
},
{
"version_value": "\u003c 2.5.3"
}
]
}
}
]
},
"vendor_name": "tensorflow"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so `flr-\u003econfig_proto` is `nullptr`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476: NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fpcp-9h7m-ffpx",
"refsource": "CONFIRM",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fpcp-9h7m-ffpx"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/e21af685e1828f7ca65038307df5cc06de4479e8",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/commit/e21af685e1828f7ca65038307df5cc06de4479e8"
},
{
"name": "https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/compiler/jit/xla_platform_info.cc#L43-L104",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/compiler/jit/xla_platform_info.cc#L43-L104"
}
]
},
"source": {
"advisory": "GHSA-fpcp-9h7m-ffpx",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23595",
"datePublished": "2022-02-04T22:32:13.000Z",
"dateReserved": "2022-01-19T00:00:00.000Z",
"dateUpdated": "2025-04-22T18:26:53.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23589 (GCVE-0-2022-23589)
Vulnerability from cvelistv5 – Published: 2022-02-04 22:32 – Updated: 2025-04-22 18:25- CWE-476 - NULL Pointer Dereference
| URL | Tags |
|---|---|
| https://github.com/tensorflow/tensorflow/security… | x_refsource_CONFIRM |
| https://github.com/tensorflow/tensorflow/commit/0… | x_refsource_MISC |
| https://github.com/tensorflow/tensorflow/commit/0… | x_refsource_MISC |
| https://github.com/tensorflow/tensorflow/blob/a13… | x_refsource_MISC |
| https://github.com/tensorflow/tensorflow/blob/a13… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| tensorflow | tensorflow |
Affected:
>= 2.7.0, < 2.7.1
Affected: >= 2.6.0, < 2.6.3 Affected: < 2.5.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:46.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9px9-73fg-3fqp"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/045deec1cbdebb27d817008ad5df94d96a08b1bf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/0a365c029e437be0349c31f8d4c9926b69fa3fa1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/mutable_graph_view.cc#L59-L74"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L3466-L3497"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23589",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T15:50:53.419550Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T18:25:46.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tensorflow",
"vendor": "tensorflow",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.7.0, \u003c 2.7.1"
},
{
"status": "affected",
"version": "\u003e= 2.6.0, \u003c 2.6.3"
},
{
"status": "affected",
"version": "\u003c 2.5.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one would trigger the same dereference in the second place). First, during constant folding, the `GraphDef` might not have the required nodes for the binary operation. If a node is missing, the correposning `mul_*child` would be null, and the dereference in the subsequent line would be incorrect. We have a similar issue during `IsIdentityConsumingSwitch`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:32:20.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9px9-73fg-3fqp"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/045deec1cbdebb27d817008ad5df94d96a08b1bf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/0a365c029e437be0349c31f8d4c9926b69fa3fa1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/mutable_graph_view.cc#L59-L74"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L3466-L3497"
}
],
"source": {
"advisory": "GHSA-9px9-73fg-3fqp",
"discovery": "UNKNOWN"
},
"title": "Null pointer dereference in Grappler\u0027s `IsConstant` in Tensorflow",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-23589",
"STATE": "PUBLIC",
"TITLE": "Null pointer dereference in Grappler\u0027s `IsConstant` in Tensorflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "tensorflow",
"version": {
"version_data": [
{
"version_value": "\u003e= 2.7.0, \u003c 2.7.1"
},
{
"version_value": "\u003e= 2.6.0, \u003c 2.6.3"
},
{
"version_value": "\u003c 2.5.3"
}
]
}
}
]
},
"vendor_name": "tensorflow"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one would trigger the same dereference in the second place). First, during constant folding, the `GraphDef` might not have the required nodes for the binary operation. If a node is missing, the correposning `mul_*child` would be null, and the dereference in the subsequent line would be incorrect. We have a similar issue during `IsIdentityConsumingSwitch`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476: NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9px9-73fg-3fqp",
"refsource": "CONFIRM",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9px9-73fg-3fqp"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/045deec1cbdebb27d817008ad5df94d96a08b1bf",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/commit/045deec1cbdebb27d817008ad5df94d96a08b1bf"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/0a365c029e437be0349c31f8d4c9926b69fa3fa1",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/commit/0a365c029e437be0349c31f8d4c9926b69fa3fa1"
},
{
"name": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/mutable_graph_view.cc#L59-L74",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/mutable_graph_view.cc#L59-L74"
},
{
"name": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L3466-L3497",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L3466-L3497"
}
]
},
"source": {
"advisory": "GHSA-9px9-73fg-3fqp",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23589",
"datePublished": "2022-02-04T22:32:20.000Z",
"dateReserved": "2022-01-19T00:00:00.000Z",
"dateUpdated": "2025-04-22T18:25:46.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23577 (GCVE-0-2022-23577)
Vulnerability from cvelistv5 – Published: 2022-02-04 22:32 – Updated: 2025-04-22 18:23- CWE-476 - NULL Pointer Dereference
| URL | Tags |
|---|---|
| https://github.com/tensorflow/tensorflow/security… | x_refsource_CONFIRM |
| https://github.com/tensorflow/tensorflow/commit/4… | x_refsource_MISC |
| https://github.com/tensorflow/tensorflow/blob/a13… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| tensorflow | tensorflow |
Affected:
< 2.8.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:46.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8cxv-76p7-jxwr"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/4f38b1ac8e42727e18a2f0bde06d3bee8e77b250"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/cc/saved_model/loader_util.cc#L31-L61"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23577",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T15:50:02.817092Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T18:23:59.696Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tensorflow",
"vendor": "tensorflow",
"versions": [
{
"status": "affected",
"version": "\u003c 2.8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `GetInitOp` is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:32:31.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8cxv-76p7-jxwr"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/4f38b1ac8e42727e18a2f0bde06d3bee8e77b250"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/cc/saved_model/loader_util.cc#L31-L61"
}
],
"source": {
"advisory": "GHSA-8cxv-76p7-jxwr",
"discovery": "UNKNOWN"
},
"title": "Null-dereference in Tensorflow",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-23577",
"STATE": "PUBLIC",
"TITLE": "Null-dereference in Tensorflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "tensorflow",
"version": {
"version_data": [
{
"version_value": "\u003c 2.8.0"
}
]
}
}
]
},
"vendor_name": "tensorflow"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `GetInitOp` is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476: NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8cxv-76p7-jxwr",
"refsource": "CONFIRM",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8cxv-76p7-jxwr"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/4f38b1ac8e42727e18a2f0bde06d3bee8e77b250",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/commit/4f38b1ac8e42727e18a2f0bde06d3bee8e77b250"
},
{
"name": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/cc/saved_model/loader_util.cc#L31-L61",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/cc/saved_model/loader_util.cc#L31-L61"
}
]
},
"source": {
"advisory": "GHSA-8cxv-76p7-jxwr",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23577",
"datePublished": "2022-02-04T22:32:31.000Z",
"dateReserved": "2022-01-19T00:00:00.000Z",
"dateUpdated": "2025-04-22T18:23:59.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.