CWE-476
NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
CVE-2020-35505 (GCVE-0-2020-35505)
Vulnerability from cvelistv5 – Published: 2021-05-28 10:20 – Updated: 2024-08-04 17:02
VLAI
Summary
A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Severity
No CVSS data available.
CWE
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2021/04/16/3 | mailing-listx_refsource_MLIST |
| https://www.openwall.com/lists/oss-security/2021/… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=1909769 | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2021071… | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/202208-27 | vendor-advisoryx_refsource_GENTOO |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:08.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20210416 QEMU: ESP security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/16/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/04/16/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909769"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210713-0006/"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "qemu 6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the \u0027Information Transfer\u0027 command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T05:06:12.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20210416 QEMU: ESP security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/16/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2021/04/16/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909769"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210713-0006/"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-35505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QEMU",
"version": {
"version_data": [
{
"version_value": "qemu 6.0.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the \u0027Information Transfer\u0027 command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20210416 QEMU: ESP security fixes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/04/16/3"
},
{
"name": "https://www.openwall.com/lists/oss-security/2021/04/16/3",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2021/04/16/3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1909769",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909769"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210713-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210713-0006/"
},
{
"name": "GLSA-202208-27",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-35505",
"datePublished": "2021-05-28T10:20:48.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:02:08.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35507 (GCVE-0-2020-35507)
Vulnerability from cvelistv5 – Published: 2021-01-04 14:24 – Updated: 2024-08-04 17:02
VLAI
Summary
There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.
Severity
No CVSS data available.
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1911691 | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2021021… | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/202107-24 | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:08.104Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911691"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"name": "GLSA-202107-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "binutils",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "binutils 2.34"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There\u0027s a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-10T04:06:32.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911691"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"name": "GLSA-202107-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-24"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-35507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "binutils",
"version": {
"version_data": [
{
"version_value": "binutils 2.34"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There\u0027s a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1911691",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911691"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210212-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"name": "GLSA-202107-24",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-24"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-35507",
"datePublished": "2021-01-04T14:24:56.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:02:08.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3552 (GCVE-0-2020-3552)
Vulnerability from cvelistv5 – Published: 2020-09-24 17:51 – Updated: 2024-11-13 18:01
VLAI
Title
Cisco Aironet Access Points Ethernet Wired Clients Denial of Service Vulnerability
Summary
A vulnerability in the Ethernet packet handling of Cisco Aironet Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting as a wired client to the Ethernet interface of an affected device and sending a series of specific packets within a short time frame. A successful exploit could allow the attacker to cause a NULL pointer access that results in a reload of the affected device.
Severity
7.4 (High)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://tools.cisco.com/security/center/content/C… | vendor-advisoryx_refsource_CISCO |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Aironet Access Point Software |
Affected:
n/a
|
Date Public
2020-09-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:37:54.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200924 Cisco Aironet Access Points Ethernet Wired Clients Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-ethport-dos-xtjTt8pY"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3552",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T17:23:40.472481Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T18:01:45.175Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Aironet Access Point Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-09-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Ethernet packet handling of Cisco Aironet Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting as a wired client to the Ethernet interface of an affected device and sending a series of specific packets within a short time frame. A successful exploit could allow the attacker to cause a NULL pointer access that results in a reload of the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-24T17:51:08.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200924 Cisco Aironet Access Points Ethernet Wired Clients Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-ethport-dos-xtjTt8pY"
}
],
"source": {
"advisory": "cisco-sa-ap-ethport-dos-xtjTt8pY",
"defect": [
[
"CSCvq94716"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Aironet Access Points Ethernet Wired Clients Denial of Service Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-09-24T16:00:00",
"ID": "CVE-2020-3552",
"STATE": "PUBLIC",
"TITLE": "Cisco Aironet Access Points Ethernet Wired Clients Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Aironet Access Point Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Ethernet packet handling of Cisco Aironet Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting as a wired client to the Ethernet interface of an affected device and sending a series of specific packets within a short time frame. A successful exploit could allow the attacker to cause a NULL pointer access that results in a reload of the affected device."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "7.4",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200924 Cisco Aironet Access Points Ethernet Wired Clients Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-ethport-dos-xtjTt8pY"
}
]
},
"source": {
"advisory": "cisco-sa-ap-ethport-dos-xtjTt8pY",
"defect": [
[
"CSCvq94716"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3552",
"datePublished": "2020-09-24T17:51:08.669Z",
"dateReserved": "2019-12-12T00:00:00.000Z",
"dateUpdated": "2024-11-13T18:01:45.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35525 (GCVE-0-2020-35525)
Vulnerability from cvelistv5 – Published: 2022-09-01 00:00 – Updated: 2024-08-04 17:02
VLAI
Summary
In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing.
Severity
No CVSS data available.
CWE
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:08.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.sqlite.org/src/info/a67cf5b7d37d5b14"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230706-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "sqlite",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "sqlite 3.31.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-06T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://www.sqlite.org/src/info/a67cf5b7d37d5b14"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230706-0007/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-35525",
"datePublished": "2022-09-01T00:00:00.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:02:08.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35538 (GCVE-0-2020-35538)
Vulnerability from cvelistv5 – Published: 2022-08-31 15:33 – Updated: 2024-08-04 17:02
VLAI
Summary
A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo.
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/libjpeg-turbo/libjpeg-turbo/is… | x_refsource_MISC |
| https://github.com/libjpeg-turbo/libjpeg-turbo/co… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | libjpeg-turbo |
Affected:
libjpeg-turbo 2.0.5 onwards
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:08.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/441"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9120a247436e84c0b4eea828cb11e8f665fcde30"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libjpeg-turbo",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "libjpeg-turbo 2.0.5 onwards"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-31T15:33:04.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/441"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9120a247436e84c0b4eea828cb11e8f665fcde30"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-35538",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libjpeg-turbo",
"version": {
"version_data": [
{
"version_value": "libjpeg-turbo 2.0.5 onwards"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/441",
"refsource": "MISC",
"url": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/441"
},
{
"name": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9120a247436e84c0b4eea828cb11e8f665fcde30",
"refsource": "MISC",
"url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9120a247436e84c0b4eea828cb11e8f665fcde30"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-35538",
"datePublished": "2022-08-31T15:33:04.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:02:08.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5736 (GCVE-0-2020-5736)
Vulnerability from cvelistv5 – Published: 2020-04-08 12:42 – Updated: 2024-08-04 08:39
VLAI
Summary
Amcrest cameras and NVR are vulnerable to a null pointer dereference over port 37777. An authenticated remote attacker can abuse this issue to crash the device.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.tenable.com/security/research/tra-2020-20 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.743Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2020-20"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Amcrest",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before 2.623.00AC004.0.R.200316"
},
{
"status": "affected",
"version": "2.420.AC00.18.R.20200217"
},
{
"status": "affected",
"version": "2.800.00AC000.0.R.200330"
},
{
"status": "affected",
"version": "2.800.0000000.6.R.200314.bin"
},
{
"status": "affected",
"version": "2.622.00AC000.0.R.200320.bin"
},
{
"status": "affected",
"version": "and\u00a04.000.00AC000.0.R.200218"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Amcrest cameras and NVR are vulnerable to a null pointer dereference over port 37777. An authenticated remote attacker can abuse this issue to crash the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-08T12:42:22.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2020-20"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2020-5736",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Amcrest",
"version": {
"version_data": [
{
"version_value": "before 2.623.00AC004.0.R.200316"
},
{
"version_value": "2.420.AC00.18.R.20200217"
},
{
"version_value": "2.800.00AC000.0.R.200330"
},
{
"version_value": "2.800.0000000.6.R.200314.bin"
},
{
"version_value": "2.622.00AC000.0.R.200320.bin"
},
{
"version_value": "and\u00a04.000.00AC000.0.R.200218"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Amcrest cameras and NVR are vulnerable to a null pointer dereference over port 37777. An authenticated remote attacker can abuse this issue to crash the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2020-20",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2020-20"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2020-5736",
"datePublished": "2020-04-08T12:42:22.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:39:25.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5762 (GCVE-0-2020-5762)
Vulnerability from cvelistv5 – Published: 2020-07-29 18:51 – Updated: 2024-08-04 08:39
VLAI
Summary
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to mishandling of the HTTP Authentication field.
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.tenable.com/security/research/tra-2020-43 | x_refsource_MISC |
| https://www.tenable.com/security/research/tra-2020-47 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Grandstream HT800 Series |
Affected:
Versions 1.0.17.5 and below
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2020-43"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2020-47"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Grandstream HT800 Series",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions 1.0.17.5 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to mishandling of the HTTP Authentication field."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-29T19:06:10.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2020-43"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2020-47"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2020-5762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Grandstream HT800 Series",
"version": {
"version_data": [
{
"version_value": "Versions 1.0.17.5 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to mishandling of the HTTP Authentication field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2020-43",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2020-43"
},
{
"name": "https://www.tenable.com/security/research/tra-2020-47",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2020-47"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2020-5762",
"datePublished": "2020-07-29T18:51:47.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:39:25.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7062 (GCVE-0-2020-7062)
Vulnerability from cvelistv5 – Published: 2020-02-27 20:25 – Updated: 2024-09-16 22:24
VLAI
Title
Null Pointer Dereference in PHP Session Upload Progress
Summary
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.
Severity
7.5 (High)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://bugs.php.net/bug.php?id=79221 | x_refsource_MISC |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://security.gentoo.org/glsa/202003-57 | vendor-advisoryx_refsource_GENTOO |
| https://lists.debian.org/debian-lts-announce/2020… | mailing-listx_refsource_MLIST |
| https://usn.ubuntu.com/4330-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://www.debian.org/security/2020/dsa-4717 | vendor-advisoryx_refsource_DEBIAN |
| https://www.debian.org/security/2020/dsa-4719 | vendor-advisoryx_refsource_DEBIAN |
| https://www.tenable.com/security/tns-2021-14 | x_refsource_CONFIRM |
Impacted products
Date Public
2020-02-17 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:18:03.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=79221"
},
{
"name": "openSUSE-SU-2020:0341",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html"
},
{
"name": "GLSA-202003-57",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-57"
},
{
"name": "[debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00034.html"
},
{
"name": "USN-4330-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4330-1/"
},
{
"name": "DSA-4717",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4717"
},
{
"name": "DSA-4719",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4719"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2021-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PHP",
"vendor": "PHP Group",
"versions": [
{
"lessThan": "7.3.15",
"status": "affected",
"version": "7.3.x",
"versionType": "custom"
},
{
"lessThan": "7.4.3",
"status": "affected",
"version": "7.4.x",
"versionType": "custom"
},
{
"lessThan": "7.2.28",
"status": "affected",
"version": "7.2.x",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "file_uploads=1\nsession.upload_progress.enabled=1\nsession.upload_progress.cleanup=0"
}
],
"credits": [
{
"lang": "en",
"value": "Reported by ryat@php.net"
}
],
"datePublic": "2020-02-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-22T17:06:46.000Z",
"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"shortName": "php"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.php.net/bug.php?id=79221"
},
{
"name": "openSUSE-SU-2020:0341",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html"
},
{
"name": "GLSA-202003-57",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-57"
},
{
"name": "[debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00034.html"
},
{
"name": "USN-4330-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4330-1/"
},
{
"name": "DSA-4717",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4717"
},
{
"name": "DSA-4719",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4719"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2021-14"
}
],
"source": {
"defect": [
"https://bugs.php.net/bug.php?id=79221"
],
"discovery": "EXTERNAL"
},
"title": "Null Pointer Dereference in PHP Session Upload Progress",
"workarounds": [
{
"lang": "en",
"value": "Disable file uploading, file upload tracking or enable session.upload_progress.cleanup."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@php.net",
"DATE_PUBLIC": "2020-02-17T16:21:00.000Z",
"ID": "CVE-2020-7062",
"STATE": "PUBLIC",
"TITLE": "Null Pointer Dereference in PHP Session Upload Progress"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PHP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "7.3.x",
"version_value": "7.3.15"
},
{
"version_affected": "\u003c",
"version_name": "7.4.x",
"version_value": "7.4.3"
},
{
"version_affected": "\u003c",
"version_name": "7.2.x",
"version_value": "7.2.28"
}
]
}
}
]
},
"vendor_name": "PHP Group"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "file_uploads=1\nsession.upload_progress.enabled=1\nsession.upload_progress.cleanup=0"
}
],
"credit": [
{
"lang": "eng",
"value": "Reported by ryat@php.net"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.php.net/bug.php?id=79221",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=79221"
},
{
"name": "openSUSE-SU-2020:0341",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html"
},
{
"name": "GLSA-202003-57",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-57"
},
{
"name": "[debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00034.html"
},
{
"name": "USN-4330-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4330-1/"
},
{
"name": "DSA-4717",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4717"
},
{
"name": "DSA-4719",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4719"
},
{
"name": "https://www.tenable.com/security/tns-2021-14",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2021-14"
}
]
},
"source": {
"defect": [
"https://bugs.php.net/bug.php?id=79221"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Disable file uploading, file upload tracking or enable session.upload_progress.cleanup."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"assignerShortName": "php",
"cveId": "CVE-2020-7062",
"datePublished": "2020-02-27T20:25:15.153Z",
"dateReserved": "2020-01-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:24:49.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8569 (GCVE-0-2020-8569)
Vulnerability from cvelistv5 – Published: 2021-01-21 17:09 – Updated: 2024-09-17 01:47
VLAI
Title
Kubernetes CSI snapshot-controller DoS
Summary
Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference any VolumeSnapshotClass. - The snapshot-controller crashes, is automatically restarted by Kubernetes, and processes the same VolumeSnapshot custom resource after the restart, entering an endless crashloop. Only the volume snapshot feature is affected by this vulnerability. When exploited, users can’t take snapshots of their volumes or delete the snapshots. All other Kubernetes functionality is not affected.
Severity
4.3 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://groups.google.com/g/kubernetes-security-a… | x_refsource_MISC |
| https://github.com/kubernetes-csi/external-snapsh… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kubernetes | CSI Snapshotter |
Affected:
snapshot-controller v3.0 , ≤ v3.0.1
(custom)
Affected: snapshot-controller v2.1 , ≤ v2.1.2 (custom) |
Date Public
2020-11-17 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/1EzCr1qUxxU"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kubernetes-csi/external-snapshotter/issues/380"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CSI Snapshotter",
"vendor": "Kubernetes",
"versions": [
{
"lessThanOrEqual": "v3.0.1",
"status": "affected",
"version": "snapshot-controller v3.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "v2.1.2",
"status": "affected",
"version": "snapshot-controller v2.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Qin Ping"
}
],
"datePublic": "2020-11-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference any VolumeSnapshotClass. - The snapshot-controller crashes, is automatically restarted by Kubernetes, and processes the same VolumeSnapshot custom resource after the restart, entering an endless crashloop. Only the volume snapshot feature is affected by this vulnerability. When exploited, users can\u2019t take snapshots of their volumes or delete the snapshots. All other Kubernetes functionality is not affected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-21T17:09:21.000Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/1EzCr1qUxxU"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kubernetes-csi/external-snapshotter/issues/380"
}
],
"source": {
"defect": [
"https://github.com/kubernetes-csi/external-snapshotter/issues/380"
],
"discovery": "INTERNAL"
},
"title": "Kubernetes CSI snapshot-controller DoS",
"workarounds": [
{
"lang": "en",
"value": "Prior to upgrading, this vulnerability can be mitigated by restricting creation of VolumeSnapshot custom resources in API group snapshot.storage.k8s.io only to trusted users."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2020-11-17T21:00:00.000Z",
"ID": "CVE-2020-8569",
"STATE": "PUBLIC",
"TITLE": "Kubernetes CSI snapshot-controller DoS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CSI Snapshotter",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "snapshot-controller v3.0",
"version_value": "v3.0.1"
},
{
"version_affected": "\u003c=",
"version_name": "snapshot-controller v2.1",
"version_value": "v2.1.2"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Qin Ping"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference any VolumeSnapshotClass. - The snapshot-controller crashes, is automatically restarted by Kubernetes, and processes the same VolumeSnapshot custom resource after the restart, entering an endless crashloop. Only the volume snapshot feature is affected by this vulnerability. When exploited, users can\u2019t take snapshots of their volumes or delete the snapshots. All other Kubernetes functionality is not affected."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/g/kubernetes-security-announce/c/1EzCr1qUxxU",
"refsource": "MISC",
"url": "https://groups.google.com/g/kubernetes-security-announce/c/1EzCr1qUxxU"
},
{
"name": "https://github.com/kubernetes-csi/external-snapshotter/issues/380",
"refsource": "MISC",
"url": "https://github.com/kubernetes-csi/external-snapshotter/issues/380"
}
]
},
"source": {
"defect": [
"https://github.com/kubernetes-csi/external-snapshotter/issues/380"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Prior to upgrading, this vulnerability can be mitigated by restricting creation of VolumeSnapshot custom resources in API group snapshot.storage.k8s.io only to trusted users."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2020-8569",
"datePublished": "2021-01-21T17:09:21.567Z",
"dateReserved": "2020-02-03T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:47:07.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8859 (GCVE-0-2020-8859)
Vulnerability from cvelistv5 – Published: 2020-03-23 20:25 – Updated: 2024-08-04 10:12
VLAI
Summary
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of ELOG Electronic Logbook 3.1.4-283534d. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HTTP parameters. A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition. Was ZDI-CAN-10115.
Severity
5.3 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://elog.psi.ch/elogs/Forum/69114 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ELOG | Electronic Logbook |
Affected:
3.1.4-283534d
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:12:10.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-252/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://elog.psi.ch/elogs/Forum/69114"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Electronic Logbook",
"vendor": "ELOG",
"versions": [
{
"status": "affected",
"version": "3.1.4-283534d"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Asif Akbar of Trend Micro Security Research"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of ELOG Electronic Logbook 3.1.4-283534d. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HTTP parameters. A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition. Was ZDI-CAN-10115."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-23T20:25:22.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-252/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://elog.psi.ch/elogs/Forum/69114"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2020-8859",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Electronic Logbook",
"version": {
"version_data": [
{
"version_value": "3.1.4-283534d"
}
]
}
}
]
},
"vendor_name": "ELOG"
}
]
}
},
"credit": "Asif Akbar of Trend Micro Security Research",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of ELOG Electronic Logbook 3.1.4-283534d. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HTTP parameters. A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition. Was ZDI-CAN-10115."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476: NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-252/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-252/"
},
{
"name": "https://elog.psi.ch/elogs/Forum/69114",
"refsource": "MISC",
"url": "https://elog.psi.ch/elogs/Forum/69114"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2020-8859",
"datePublished": "2020-03-23T20:25:22.000Z",
"dateReserved": "2020-02-11T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:12:10.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-56
Phase: Implementation
Description:
- For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Phase: Requirements
Description:
- Select a programming language that is not susceptible to these issues.
Mitigation
Phase: Implementation
Description:
- Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Phase: Architecture and Design
Description:
- Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Phase: Implementation
Description:
- Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.