CWE-476
NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
CVE-2022-0890 (GCVE-0-2022-0890)
Vulnerability from cvelistv5 – Published: 2022-03-10 01:10 – Updated: 2024-08-02 23:47
VLAI
Title
NULL Pointer Dereference in mruby/mruby
Summary
NULL Pointer Dereference in GitHub repository mruby/mruby prior to 3.2.
Severity
5.5 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/68e09ec1-6cc7-48b8-981… | x_refsource_CONFIRM |
| https://github.com/mruby/mruby/commit/da48e7dbb20… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mruby | mruby/mruby |
Affected:
unspecified , < 3.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/68e09ec1-6cc7-48b8-981d-30f478c70276"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mruby/mruby/commit/da48e7dbb20024c198493b8724adae1b842083aa"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mruby/mruby",
"vendor": "mruby",
"versions": [
{
"lessThan": "3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL Pointer Dereference in GitHub repository mruby/mruby prior to 3.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-10T01:10:09.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/68e09ec1-6cc7-48b8-981d-30f478c70276"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mruby/mruby/commit/da48e7dbb20024c198493b8724adae1b842083aa"
}
],
"source": {
"advisory": "68e09ec1-6cc7-48b8-981d-30f478c70276",
"discovery": "EXTERNAL"
},
"title": "NULL Pointer Dereference in mruby/mruby",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0890",
"STATE": "PUBLIC",
"TITLE": "NULL Pointer Dereference in mruby/mruby"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mruby/mruby",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.2"
}
]
}
}
]
},
"vendor_name": "mruby"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NULL Pointer Dereference in GitHub repository mruby/mruby prior to 3.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/68e09ec1-6cc7-48b8-981d-30f478c70276",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/68e09ec1-6cc7-48b8-981d-30f478c70276"
},
{
"name": "https://github.com/mruby/mruby/commit/da48e7dbb20024c198493b8724adae1b842083aa",
"refsource": "MISC",
"url": "https://github.com/mruby/mruby/commit/da48e7dbb20024c198493b8724adae1b842083aa"
}
]
},
"source": {
"advisory": "68e09ec1-6cc7-48b8-981d-30f478c70276",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0890",
"datePublished": "2022-03-10T01:10:09.000Z",
"dateReserved": "2022-03-09T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:47:42.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1035 (GCVE-0-2022-1035)
Vulnerability from cvelistv5 – Published: 2022-03-21 00:00 – Updated: 2024-08-02 23:47
VLAI
Title
Segmentation Fault caused by MP4Box -lsr in gpac/gpac
Summary
Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpac prior to 2.1.0-DEV.
Severity
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
3 references
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/851942a4-1d64-4553-8fdc-9fccd167864b"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/gpac/gpac/commit/3718d583c6ade191dc7979c64f48c001ca6f0243"
},
{
"name": "DSA-5411",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5411"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gpac/gpac",
"vendor": "gpac",
"versions": [
{
"lessThan": "2.1.0-DEV",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpac prior to 2.1.0-DEV."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-27T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/851942a4-1d64-4553-8fdc-9fccd167864b"
},
{
"url": "https://github.com/gpac/gpac/commit/3718d583c6ade191dc7979c64f48c001ca6f0243"
},
{
"name": "DSA-5411",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5411"
}
],
"source": {
"advisory": "851942a4-1d64-4553-8fdc-9fccd167864b",
"discovery": "EXTERNAL"
},
"title": "Segmentation Fault caused by MP4Box -lsr in gpac/gpac"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1035",
"datePublished": "2022-03-21T00:00:00.000Z",
"dateReserved": "2022-03-21T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:47:43.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1172 (GCVE-0-2022-1172)
Vulnerability from cvelistv5 – Published: 2022-03-30 09:30 – Updated: 2024-08-02 23:55
VLAI
Title
Null Pointer Dereference Caused Segmentation Fault in gpac/gpac
Summary
Null Pointer Dereference Caused Segmentation Fault in GitHub repository gpac/gpac prior to 2.1.0-DEV.
Severity
5.6 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/a26cb79c-9257-4fbf-98c… | x_refsource_CONFIRM |
| https://github.com/gpac/gpac/commit/55a183e6b8602… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/a26cb79c-9257-4fbf-98c5-a5a331efa264"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gpac/gpac/commit/55a183e6b8602369c04ea3836e05436a79fbc7f8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gpac/gpac",
"vendor": "gpac",
"versions": [
{
"lessThan": "2.1.0-DEV",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Null Pointer Dereference Caused Segmentation Fault in GitHub repository gpac/gpac prior to 2.1.0-DEV."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-30T09:30:16.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/a26cb79c-9257-4fbf-98c5-a5a331efa264"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gpac/gpac/commit/55a183e6b8602369c04ea3836e05436a79fbc7f8"
}
],
"source": {
"advisory": "a26cb79c-9257-4fbf-98c5-a5a331efa264",
"discovery": "EXTERNAL"
},
"title": "Null Pointer Dereference Caused Segmentation Fault in gpac/gpac",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1172",
"STATE": "PUBLIC",
"TITLE": "Null Pointer Dereference Caused Segmentation Fault in gpac/gpac"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gpac/gpac",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.0-DEV"
}
]
}
}
]
},
"vendor_name": "gpac"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Null Pointer Dereference Caused Segmentation Fault in GitHub repository gpac/gpac prior to 2.1.0-DEV."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/a26cb79c-9257-4fbf-98c5-a5a331efa264",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/a26cb79c-9257-4fbf-98c5-a5a331efa264"
},
{
"name": "https://github.com/gpac/gpac/commit/55a183e6b8602369c04ea3836e05436a79fbc7f8",
"refsource": "MISC",
"url": "https://github.com/gpac/gpac/commit/55a183e6b8602369c04ea3836e05436a79fbc7f8"
}
]
},
"source": {
"advisory": "a26cb79c-9257-4fbf-98c5-a5a331efa264",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1172",
"datePublished": "2022-03-30T09:30:16.000Z",
"dateReserved": "2022-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:55:24.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1201 (GCVE-0-2022-1201)
Vulnerability from cvelistv5 – Published: 2022-04-02 07:45 – Updated: 2024-08-02 23:55
VLAI
Title
NULL Pointer Dereference in mrb_vm_exec with super in mruby/mruby
Summary
NULL Pointer Dereference in mrb_vm_exec with super in GitHub repository mruby/mruby prior to 3.2. This vulnerability is capable of making the mruby interpreter crash, thus affecting the availability of the system.
Severity
7.1 (High)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/6f930add-c9d8-4870-ae5… | x_refsource_CONFIRM |
| https://github.com/mruby/mruby/commit/00acae117da… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mruby | mruby/mruby |
Affected:
unspecified , < 3.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/6f930add-c9d8-4870-ae56-d4bd8354703b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mruby/mruby/commit/00acae117da1b45b318dc36531a7b0021b8097ae"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mruby/mruby",
"vendor": "mruby",
"versions": [
{
"lessThan": "3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL Pointer Dereference in mrb_vm_exec with super in GitHub repository mruby/mruby prior to 3.2. This vulnerability is capable of making the mruby interpreter crash, thus affecting the availability of the system."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-02T07:45:34.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/6f930add-c9d8-4870-ae56-d4bd8354703b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mruby/mruby/commit/00acae117da1b45b318dc36531a7b0021b8097ae"
}
],
"source": {
"advisory": "6f930add-c9d8-4870-ae56-d4bd8354703b",
"discovery": "EXTERNAL"
},
"title": "NULL Pointer Dereference in mrb_vm_exec with super in mruby/mruby",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1201",
"STATE": "PUBLIC",
"TITLE": "NULL Pointer Dereference in mrb_vm_exec with super in mruby/mruby"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mruby/mruby",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.2"
}
]
}
}
]
},
"vendor_name": "mruby"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NULL Pointer Dereference in mrb_vm_exec with super in GitHub repository mruby/mruby prior to 3.2. This vulnerability is capable of making the mruby interpreter crash, thus affecting the availability of the system."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/6f930add-c9d8-4870-ae56-d4bd8354703b",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/6f930add-c9d8-4870-ae56-d4bd8354703b"
},
{
"name": "https://github.com/mruby/mruby/commit/00acae117da1b45b318dc36531a7b0021b8097ae",
"refsource": "MISC",
"url": "https://github.com/mruby/mruby/commit/00acae117da1b45b318dc36531a7b0021b8097ae"
}
]
},
"source": {
"advisory": "6f930add-c9d8-4870-ae56-d4bd8354703b",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1201",
"datePublished": "2022-04-02T07:45:34.000Z",
"dateReserved": "2022-04-01T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:55:24.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1249 (GCVE-0-2022-1249)
Vulnerability from cvelistv5 – Published: 2022-04-29 15:43 – Updated: 2024-08-02 23:55
VLAI
Summary
A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an explicit NULL dereference and crash on all attempts to daemonize pesign.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2065771 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065771"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pesign",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "pesign 115"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference flaw was found in pesign\u0027s cms_set_pw_data() function of the cms_common.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an explicit NULL dereference and crash on all attempts to daemonize pesign."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-29T15:43:10.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065771"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2022-1249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pesign",
"version": {
"version_data": [
{
"version_value": "pesign 115"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A NULL pointer dereference flaw was found in pesign\u0027s cms_set_pw_data() function of the cms_common.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an explicit NULL dereference and crash on all attempts to daemonize pesign."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2065771",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065771"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-1249",
"datePublished": "2022-04-29T15:43:10.000Z",
"dateReserved": "2022-04-06T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:55:24.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1263 (GCVE-0-2022-1263)
Vulnerability from cvelistv5 – Published: 2022-08-31 15:33 – Updated: 2024-08-02 23:55
VLAI
Summary
A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.
Severity
No CVSS data available.
CWE
- CWE-476 - - NULL Pointer Dereference.
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2072698 | x_refsource_MISC |
| https://www.openwall.com/lists/oss-security/2022/… | x_refsource_MISC |
| https://github.com/torvalds/linux/commit/5593473a… | x_refsource_MISC |
| https://access.redhat.com/security/cve/CVE-2022-1263 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Kernel:KVM |
Affected:
Fixed in kernel v5.18-rc3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072698"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2022/04/07/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/5593473a1e6c743764b08e3b6071cb43b5cfa6c4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-1263"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kernel:KVM",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in kernel v5.18-rc3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 - NULL Pointer Dereference.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-31T15:33:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072698"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2022/04/07/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/5593473a1e6c743764b08e3b6071cb43b5cfa6c4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-1263"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2022-1263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kernel:KVM",
"version": {
"version_data": [
{
"version_value": "Fixed in kernel v5.18-rc3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 - NULL Pointer Dereference."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2072698",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072698"
},
{
"name": "https://www.openwall.com/lists/oss-security/2022/04/07/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2022/04/07/1"
},
{
"name": "https://github.com/torvalds/linux/commit/5593473a1e6c743764b08e3b6071cb43b5cfa6c4",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/5593473a1e6c743764b08e3b6071cb43b5cfa6c4"
},
{
"name": "https://access.redhat.com/security/cve/CVE-2022-1263",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/CVE-2022-1263"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-1263",
"datePublished": "2022-08-31T15:33:00.000Z",
"dateReserved": "2022-04-06T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:55:24.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1283 (GCVE-0-2022-1283)
Vulnerability from cvelistv5 – Published: 2022-04-08 17:55 – Updated: 2024-08-02 23:55
VLAI
Title
NULL Pointer Dereference in r_bin_ne_get_entrypoints function in radareorg/radare2
Summary
NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to cause a denial of service (application crash).
Severity
6.6 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/bfeb8fb8-644d-4587-80d… | x_refsource_CONFIRM |
| https://github.com/radareorg/radare2/commit/18d1d… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| radareorg | radareorg/radare2 |
Affected:
unspecified , < 5.6.8
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.530Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/bfeb8fb8-644d-4587-80d4-cb704c404013"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/radareorg/radare2/commit/18d1d064bf599a255d55f09fca3104776fc34a67"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "radareorg/radare2",
"vendor": "radareorg",
"versions": [
{
"lessThan": "5.6.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to cause a denial of service (application crash)."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-08T17:55:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/bfeb8fb8-644d-4587-80d4-cb704c404013"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/radareorg/radare2/commit/18d1d064bf599a255d55f09fca3104776fc34a67"
}
],
"source": {
"advisory": "bfeb8fb8-644d-4587-80d4-cb704c404013",
"discovery": "EXTERNAL"
},
"title": "NULL Pointer Dereference in r_bin_ne_get_entrypoints function in radareorg/radare2",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1283",
"STATE": "PUBLIC",
"TITLE": "NULL Pointer Dereference in r_bin_ne_get_entrypoints function in radareorg/radare2"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "radareorg/radare2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.6.8"
}
]
}
}
]
},
"vendor_name": "radareorg"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to cause a denial of service (application crash)."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/bfeb8fb8-644d-4587-80d4-cb704c404013",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/bfeb8fb8-644d-4587-80d4-cb704c404013"
},
{
"name": "https://github.com/radareorg/radare2/commit/18d1d064bf599a255d55f09fca3104776fc34a67",
"refsource": "MISC",
"url": "https://github.com/radareorg/radare2/commit/18d1d064bf599a255d55f09fca3104776fc34a67"
}
]
},
"source": {
"advisory": "bfeb8fb8-644d-4587-80d4-cb704c404013",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1283",
"datePublished": "2022-04-08T17:55:10.000Z",
"dateReserved": "2022-04-08T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:55:24.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1341 (GCVE-0-2022-1341)
Vulnerability from cvelistv5 – Published: 2022-04-18 16:20 – Updated: 2024-08-03 00:03
VLAI
Summary
An issue was discovered in in bwm-ng v0.6.2. An arbitrary null write exists in get_cmdln_options() function in src/options.c.
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/vgropp/bwm-ng/issues/26 | x_refsource_MISC |
| https://github.com/vgropp/bwm-ng/commit/9774f23bf… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vgropp/bwm-ng/issues/26"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vgropp/bwm-ng/commit/9774f23bf78a6e6d3ae4cfe3d73bad34f2fdcd17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "bwm-ng",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "bwm-ng v0.6.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in in bwm-ng v0.6.2. An arbitrary null write exists in get_cmdln_options() function in src/options.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-18T16:20:34.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vgropp/bwm-ng/issues/26"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vgropp/bwm-ng/commit/9774f23bf78a6e6d3ae4cfe3d73bad34f2fdcd17"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-1341",
"datePublished": "2022-04-18T16:20:34.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:06.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1382 (GCVE-0-2022-1382)
Vulnerability from cvelistv5 – Published: 2022-04-16 22:45 – Updated: 2024-08-03 00:03
VLAI
Title
NULL Pointer Dereference in radareorg/radare2
Summary
NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of making the radare2 crash, thus affecting the availability of the system.
Severity
5.3 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/d8b6d239-6d7b-4783-b26… | x_refsource_CONFIRM |
| https://github.com/radareorg/radare2/commit/48f0e… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| radareorg | radareorg/radare2 |
Affected:
unspecified , < 5.6.8
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/d8b6d239-6d7b-4783-b26b-5be848c01aa1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/radareorg/radare2/commit/48f0ea79f99174fb0a62cb2354e13496ce5b7c44"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "radareorg/radare2",
"vendor": "radareorg",
"versions": [
{
"lessThan": "5.6.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of making the radare2 crash, thus affecting the availability of the system."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-16T22:45:17.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/d8b6d239-6d7b-4783-b26b-5be848c01aa1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/radareorg/radare2/commit/48f0ea79f99174fb0a62cb2354e13496ce5b7c44"
}
],
"source": {
"advisory": "d8b6d239-6d7b-4783-b26b-5be848c01aa1",
"discovery": "EXTERNAL"
},
"title": "NULL Pointer Dereference in radareorg/radare2",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1382",
"STATE": "PUBLIC",
"TITLE": "NULL Pointer Dereference in radareorg/radare2"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "radareorg/radare2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.6.8"
}
]
}
}
]
},
"vendor_name": "radareorg"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of making the radare2 crash, thus affecting the availability of the system."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/d8b6d239-6d7b-4783-b26b-5be848c01aa1",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/d8b6d239-6d7b-4783-b26b-5be848c01aa1"
},
{
"name": "https://github.com/radareorg/radare2/commit/48f0ea79f99174fb0a62cb2354e13496ce5b7c44",
"refsource": "MISC",
"url": "https://github.com/radareorg/radare2/commit/48f0ea79f99174fb0a62cb2354e13496ce5b7c44"
}
]
},
"source": {
"advisory": "d8b6d239-6d7b-4783-b26b-5be848c01aa1",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1382",
"datePublished": "2022-04-16T22:45:18.000Z",
"dateReserved": "2022-04-16T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:06.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1507 (GCVE-0-2022-1507)
Vulnerability from cvelistv5 – Published: 2022-04-27 16:55 – Updated: 2024-08-03 00:03
VLAI
Title
chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. in hpjansson/chafa
Summary
chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. in GitHub repository hpjansson/chafa prior to 1.10.2. chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file.
Severity
5.5 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/104d8c5d-cac5-4baa-9ac… | x_refsource_CONFIRM |
| https://github.com/hpjansson/chafa/commit/e4b777c… | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| hpjansson | hpjansson/chafa |
Affected:
unspecified , < 1.10.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/104d8c5d-cac5-4baa-9ac9-291ea0bcab95"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/hpjansson/chafa/commit/e4b777c7b7c144cd16a0ea96108267b1004fe6c9"
},
{
"name": "FEDORA-2022-e72698d659",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L54UEP5S254VP5FZWGFPHLTPMFJVOGYT/"
},
{
"name": "FEDORA-2022-4bdf35a1b5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIOAZPITFL2Y7Y6KHCZ4OIK7P7KWFN22/"
},
{
"name": "FEDORA-2022-0aab67e874",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3PLHKTQYK6AO3M5NAVM3CDVQTZZS6MCO/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "hpjansson/chafa",
"vendor": "hpjansson",
"versions": [
{
"lessThan": "1.10.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. in GitHub repository hpjansson/chafa prior to 1.10.2. chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-16T03:06:17.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/104d8c5d-cac5-4baa-9ac9-291ea0bcab95"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/hpjansson/chafa/commit/e4b777c7b7c144cd16a0ea96108267b1004fe6c9"
},
{
"name": "FEDORA-2022-e72698d659",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L54UEP5S254VP5FZWGFPHLTPMFJVOGYT/"
},
{
"name": "FEDORA-2022-4bdf35a1b5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIOAZPITFL2Y7Y6KHCZ4OIK7P7KWFN22/"
},
{
"name": "FEDORA-2022-0aab67e874",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3PLHKTQYK6AO3M5NAVM3CDVQTZZS6MCO/"
}
],
"source": {
"advisory": "104d8c5d-cac5-4baa-9ac9-291ea0bcab95",
"discovery": "EXTERNAL"
},
"title": "chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. in hpjansson/chafa",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1507",
"STATE": "PUBLIC",
"TITLE": "chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. in hpjansson/chafa"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "hpjansson/chafa",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.10.2"
}
]
}
}
]
},
"vendor_name": "hpjansson"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. in GitHub repository hpjansson/chafa prior to 1.10.2. chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/104d8c5d-cac5-4baa-9ac9-291ea0bcab95",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/104d8c5d-cac5-4baa-9ac9-291ea0bcab95"
},
{
"name": "https://github.com/hpjansson/chafa/commit/e4b777c7b7c144cd16a0ea96108267b1004fe6c9",
"refsource": "MISC",
"url": "https://github.com/hpjansson/chafa/commit/e4b777c7b7c144cd16a0ea96108267b1004fe6c9"
},
{
"name": "FEDORA-2022-e72698d659",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L54UEP5S254VP5FZWGFPHLTPMFJVOGYT/"
},
{
"name": "FEDORA-2022-4bdf35a1b5",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DIOAZPITFL2Y7Y6KHCZ4OIK7P7KWFN22/"
},
{
"name": "FEDORA-2022-0aab67e874",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3PLHKTQYK6AO3M5NAVM3CDVQTZZS6MCO/"
}
]
},
"source": {
"advisory": "104d8c5d-cac5-4baa-9ac9-291ea0bcab95",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1507",
"datePublished": "2022-04-27T16:55:10.000Z",
"dateReserved": "2022-04-27T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:06.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-56
Phase: Implementation
Description:
- For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Phase: Requirements
Description:
- Select a programming language that is not susceptible to these issues.
Mitigation
Phase: Implementation
Description:
- Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Phase: Architecture and Design
Description:
- Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Phase: Implementation
Description:
- Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.