CWE-476
NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
CVE-2022-3116 (GCVE-0-2022-3116)
Vulnerability from cvelistv5 – Published: 2023-03-27 00:00 – Updated: 2025-02-24 19:11
VLAI
Summary
The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash.
Severity
7.5 (High)
CWE
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Heimdal Software Kerberos |
Affected:
Heimdal Software Kerberos 5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/730793"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230505-0010/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-3116",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-24T19:11:22.523448Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-24T19:11:43.894Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Heimdal Software Kerberos",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Heimdal Software Kerberos 5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-05T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/730793"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230505-0010/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-3116",
"datePublished": "2023-03-27T00:00:00.000Z",
"dateReserved": "2022-09-02T00:00:00.000Z",
"dateUpdated": "2025-02-24T19:11:43.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3153 (GCVE-0-2022-3153)
Vulnerability from cvelistv5 – Published: 2022-09-08 00:00 – Updated: 2024-08-03 01:00
VLAI
Title
NULL Pointer Dereference in vim/vim
Summary
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.
Severity
6.1 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
3 references
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/1540d334a04d874c2aa9d26b82dbbcd4bc5a78de"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0404",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a"
},
{
"url": "https://github.com/vim/vim/commit/1540d334a04d874c2aa9d26b82dbbcd4bc5a78de"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "68331124-620d-48bc-a8fa-cd947b26270a",
"discovery": "EXTERNAL"
},
"title": "NULL Pointer Dereference in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3153",
"datePublished": "2022-09-08T00:00:00.000Z",
"dateReserved": "2022-09-07T00:00:00.000Z",
"dateUpdated": "2024-08-03T01:00:10.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31613 (GCVE-0-2022-31613)
Vulnerability from cvelistv5 – Published: 2022-11-18 00:00 – Updated: 2025-04-29 14:29
VLAI
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where any local user can cause a null-pointer dereference, which may lead to a kernel panic.
Severity
7.1 (High)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NVIDIA | NVIDIA Cloud Gaming (guest driver) |
Affected:
All versions prior to the August 2022 release
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31613",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T14:29:16.633314Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T14:29:39.165Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NVIDIA Cloud Gaming (guest driver)",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to the August 2022 release"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where any local user can cause a null-pointer dereference, which may lead to a kernel panic."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-18T00:00:00.000Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2022-31613",
"datePublished": "2022-11-18T00:00:00.000Z",
"dateReserved": "2022-05-24T00:00:00.000Z",
"dateUpdated": "2025-04-29T14:29:39.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31615 (GCVE-0-2022-31615)
Vulnerability from cvelistv5 – Published: 2022-11-18 00:00 – Updated: 2025-04-29 14:28
VLAI
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service.
Severity
5.5 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_… | |
| https://security.gentoo.org/glsa/202310-02 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NVIDIA | GeForce, Workstation, Compute |
Affected:
All versions prior to the August 2022 release
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383"
},
{
"name": "GLSA-202310-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202310-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31615",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T14:27:57.595382Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T14:28:18.412Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "GeForce, Workstation, Compute",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to the August 2022 release"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-03T14:06:49.627Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383"
},
{
"name": "GLSA-202310-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202310-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2022-31615",
"datePublished": "2022-11-18T00:00:00.000Z",
"dateReserved": "2022-05-24T00:00:00.000Z",
"dateUpdated": "2025-04-29T14:28:18.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31618 (GCVE-0-2022-31618)
Vulnerability from cvelistv5 – Published: 2022-08-05 20:30 – Updated: 2024-08-03 07:25
VLAI
Summary
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a null pointer, which may lead to denial of service.
Severity
5.5 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NVIDIA | NVIDIA Virtual GPU Software and NVIDIA Cloud Gaming |
Affected:
vGPU version 14.x (prior to 14.2), version 13.x (prior to 13.4) and version 11.x (prior 11.9).
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:25:59.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NVIDIA Virtual GPU Software and NVIDIA Cloud Gaming",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "vGPU version 14.x (prior to 14.2), version 13.x (prior to 13.4) and version 11.x (prior 11.9)."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a null pointer, which may lead to denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T20:30:47.000Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2022-31618",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NVIDIA Virtual GPU Software and NVIDIA Cloud Gaming",
"version": {
"version_data": [
{
"version_value": "vGPU version 14.x (prior to 14.2), version 13.x (prior to 13.4) and version 11.x (prior 11.9)."
}
]
}
}
]
},
"vendor_name": "NVIDIA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a null pointer, which may lead to denial of service."
}
]
},
"impact": {
"cvss": {
"baseScore": 5.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383",
"refsource": "MISC",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2022-31618",
"datePublished": "2022-08-05T20:30:47.000Z",
"dateReserved": "2022-05-24T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:25:59.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3202 (GCVE-0-2022-3202)
Vulnerability from cvelistv5 – Published: 2022-09-14 00:00 – Updated: 2024-08-03 01:00
VLAI
Summary
A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information.
Severity
No CVSS data available.
CWE
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/a53046291020ec41e09181396c1e829287b48d47"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221228-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Linux Kernel version prior to kernel 5.18 rc1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-28T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://github.com/torvalds/linux/commit/a53046291020ec41e09181396c1e829287b48d47"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221228-0007/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-3202",
"datePublished": "2022-09-14T00:00:00.000Z",
"dateReserved": "2022-09-13T00:00:00.000Z",
"dateUpdated": "2024-08-03T01:00:10.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32230 (GCVE-0-2022-32230)
Vulnerability from cvelistv5 – Published: 2022-06-14 21:40 – Updated: 2024-09-16 23:36
VLAI
Title
SMBv3 FileNormalizedNameInformation NULL Pointer Dereference
Summary
Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death (BSOD) crash of the Windows kernel. For most systems, this attack requires authentication, except in the special case of Windows Domain Controllers, where unauthenticated users can always open named pipes as long as they can establish an SMB session. Typically, after the BSOD, the victim SMBv3 server will reboot.
Severity
7.5 (High)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.rapid7.com/blog/post/2022/06/14/cve-2… | x_refsource_MISC |
| https://msrc.microsoft.com/update-guide/vulnerabi… | x_refsource_CONFIRM |
| https://github.com/zeroSteiner/metasploit-framewo… | x_refsource_MISC |
| https://support.microsoft.com/en-us/topic/may-10-… | x_refsource_MISC |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 10 Version 20H2 |
Affected:
19042.1706 , < 19042.1706
(custom)
Affected: 19043.1706 , < 19043.1706 (custom) Affected: 19044.1706 , < 19043.1706 (custom) |
|
| Microsoft | Windows Server Version 20H2 |
Affected:
19042.1706 , < 19042.1706
(custom)
Affected: 19043.1706 , < 19043.1706 (custom) Affected: 19044.1706 , < 19044.1706 (custom) |
|
| Microsoft | Windows 10 Version 21H1 |
Affected:
19042.1706 , < 19042.1706
(custom)
Affected: 19043.1706 , < 19043.1706 (custom) Affected: 19044.1706 , < 19044.1706 (custom) |
|
| Microsoft | Windows 10 Version 21H2 |
Affected:
19042.1706 , < 19042.1706
(custom)
Affected: 19043.1706 , < 19043.1706 (custom) Affected: 19044.1706 , < 19044.1706 (custom) |
Date Public
2022-06-14 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:39:50.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rapid7.com/blog/post/2022/06/14/cve-2022-32230-windows-smb-denial-of-service-vulnerability-fixed/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-32230"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zeroSteiner/metasploit-framework/blob/feat/mod/cve-2022-32230/modules/auxiliary/dos/smb/smb_filenormalizednameinformation.rb"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.microsoft.com/en-us/topic/may-10-2022-kb5013942-os-builds-19042-1706-19043-1706-and-19044-1706-60b51119-85be-4a34-9e21-8954f6749504"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Windows 10 Version 20H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "19042.1706",
"status": "affected",
"version": "19042.1706",
"versionType": "custom"
},
{
"lessThan": "19043.1706",
"status": "affected",
"version": "19043.1706",
"versionType": "custom"
},
{
"lessThan": "19043.1706",
"status": "affected",
"version": "19044.1706",
"versionType": "custom"
}
]
},
{
"product": "Windows Server Version 20H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "19042.1706",
"status": "affected",
"version": "19042.1706",
"versionType": "custom"
},
{
"lessThan": "19043.1706",
"status": "affected",
"version": "19043.1706",
"versionType": "custom"
},
{
"lessThan": "19044.1706",
"status": "affected",
"version": "19044.1706",
"versionType": "custom"
}
]
},
{
"product": "Windows 10 Version 21H1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "19042.1706",
"status": "affected",
"version": "19042.1706",
"versionType": "custom"
},
{
"lessThan": "19043.1706",
"status": "affected",
"version": "19043.1706",
"versionType": "custom"
},
{
"lessThan": "19044.1706",
"status": "affected",
"version": "19044.1706",
"versionType": "custom"
}
]
},
{
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "19042.1706",
"status": "affected",
"version": "19042.1706",
"versionType": "custom"
},
{
"lessThan": "19043.1706",
"status": "affected",
"version": "19043.1706",
"versionType": "custom"
},
{
"lessThan": "19044.1706",
"status": "affected",
"version": "19044.1706",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Spencer McIntyre of Rapid7"
}
],
"datePublic": "2022-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death (BSOD) crash of the Windows kernel. For most systems, this attack requires authentication, except in the special case of Windows Domain Controllers, where unauthenticated users can always open named pipes as long as they can establish an SMB session. Typically, after the BSOD, the victim SMBv3 server will reboot."
}
],
"exploits": [
{
"lang": "en",
"value": "Metasploit module: https://github.com/zeroSteiner/metasploit-framework/blob/feat/mod/cve-2022-32230/modules/auxiliary/dos/smb/smb_filenormalizednameinformation.rb"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T21:40:12.000Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rapid7.com/blog/post/2022/06/14/cve-2022-32230-windows-smb-denial-of-service-vulnerability-fixed/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-32230"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zeroSteiner/metasploit-framework/blob/feat/mod/cve-2022-32230/modules/auxiliary/dos/smb/smb_filenormalizednameinformation.rb"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.microsoft.com/en-us/topic/may-10-2022-kb5013942-os-builds-19042-1706-19043-1706-and-19044-1706-60b51119-85be-4a34-9e21-8954f6749504"
}
],
"solutions": [
{
"lang": "en",
"value": "This was fixed as a stability issue in the April, 2022 Patch Tuesday set from Microsoft."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SMBv3 FileNormalizedNameInformation NULL Pointer Dereference",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2022-06-14T17:00:00.000Z",
"ID": "CVE-2022-32230",
"STATE": "PUBLIC",
"TITLE": "SMBv3 FileNormalizedNameInformation NULL Pointer Dereference"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows 10 Version 20H2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "19042.1706",
"version_value": "19042.1706"
},
{
"version_affected": "\u003c",
"version_name": "19043.1706",
"version_value": "19043.1706"
},
{
"version_affected": "\u003c",
"version_name": "19044.1706",
"version_value": "19043.1706"
}
]
}
},
{
"product_name": "Windows Server Version 20H2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "19042.1706",
"version_value": "19042.1706"
},
{
"version_affected": "\u003c",
"version_name": "19043.1706",
"version_value": "19043.1706"
},
{
"version_affected": "\u003c",
"version_name": "19044.1706",
"version_value": "19044.1706"
}
]
}
},
{
"product_name": "Windows 10 Version 21H1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "19042.1706",
"version_value": "19042.1706"
},
{
"version_affected": "\u003c",
"version_name": "19043.1706",
"version_value": "19043.1706"
},
{
"version_affected": "\u003c",
"version_name": "19044.1706",
"version_value": "19044.1706"
}
]
}
},
{
"product_name": "Windows 10 Version 21H2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "19042.1706",
"version_value": "19042.1706"
},
{
"version_affected": "\u003c",
"version_name": "19043.1706",
"version_value": "19043.1706"
},
{
"version_affected": "\u003c",
"version_name": "19044.1706",
"version_value": "19044.1706"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Spencer McIntyre of Rapid7"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death (BSOD) crash of the Windows kernel. For most systems, this attack requires authentication, except in the special case of Windows Domain Controllers, where unauthenticated users can always open named pipes as long as they can establish an SMB session. Typically, after the BSOD, the victim SMBv3 server will reboot."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Metasploit module: https://github.com/zeroSteiner/metasploit-framework/blob/feat/mod/cve-2022-32230/modules/auxiliary/dos/smb/smb_filenormalizednameinformation.rb"
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": "7.7",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.rapid7.com/blog/post/2022/06/14/cve-2022-32230-windows-smb-denial-of-service-vulnerability-fixed/",
"refsource": "MISC",
"url": "https://www.rapid7.com/blog/post/2022/06/14/cve-2022-32230-windows-smb-denial-of-service-vulnerability-fixed/"
},
{
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-32230",
"refsource": "CONFIRM",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-32230"
},
{
"name": "https://github.com/zeroSteiner/metasploit-framework/blob/feat/mod/cve-2022-32230/modules/auxiliary/dos/smb/smb_filenormalizednameinformation.rb",
"refsource": "MISC",
"url": "https://github.com/zeroSteiner/metasploit-framework/blob/feat/mod/cve-2022-32230/modules/auxiliary/dos/smb/smb_filenormalizednameinformation.rb"
},
{
"name": "https://support.microsoft.com/en-us/topic/may-10-2022-kb5013942-os-builds-19042-1706-19043-1706-and-19044-1706-60b51119-85be-4a34-9e21-8954f6749504",
"refsource": "MISC",
"url": "https://support.microsoft.com/en-us/topic/may-10-2022-kb5013942-os-builds-19042-1706-19043-1706-and-19044-1706-60b51119-85be-4a34-9e21-8954f6749504"
}
]
},
"solution": [
{
"lang": "en",
"value": "This was fixed as a stability issue in the April, 2022 Patch Tuesday set from Microsoft."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2022-32230",
"datePublished": "2022-06-14T21:40:12.731Z",
"dateReserved": "2022-06-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:36:08.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3278 (GCVE-0-2022-3278)
Vulnerability from cvelistv5 – Published: 2022-09-23 00:00 – Updated: 2025-05-22 18:28
VLAI
Title
NULL Pointer Dereference in vim/vim
Summary
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552.
Severity
6.8 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba1… | |
| https://github.com/vim/vim/commit/69082916c8b5d32… | |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://security.gentoo.org/glsa/202305-16 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:05.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/69082916c8b5d321545d60b9f5facad0a2dd5a4e"
},
{
"name": "FEDORA-2022-40161673a3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/"
},
{
"name": "FEDORA-2022-fff548cfab",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/"
},
{
"name": "FEDORA-2022-4bc60c32a2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3278",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T15:56:59.284170Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T18:28:37.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.0552",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612"
},
{
"url": "https://github.com/vim/vim/commit/69082916c8b5d321545d60b9f5facad0a2dd5a4e"
},
{
"name": "FEDORA-2022-40161673a3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/"
},
{
"name": "FEDORA-2022-fff548cfab",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/"
},
{
"name": "FEDORA-2022-4bc60c32a2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/"
},
{
"name": "GLSA-202305-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"source": {
"advisory": "a9fad77e-f245-4ce9-ba15-c7d4c86c4612",
"discovery": "EXTERNAL"
},
"title": "NULL Pointer Dereference in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3278",
"datePublished": "2022-09-23T00:00:00.000Z",
"dateReserved": "2022-09-22T00:00:00.000Z",
"dateUpdated": "2025-05-22T18:28:37.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-33223 (GCVE-0-2022-33223)
Vulnerability from cvelistv5 – Published: 2023-04-04 04:46 – Updated: 2024-08-03 08:01
VLAI
Title
Null pointer dereference in Modem
Summary
Transient DOS in Modem due to null pointer dereference while processing the incoming packet with http chunked encoding.
Severity
7.5 (High)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Affected:
9205 LTE Modem
Affected: 9206 LTE Modem Affected: 9207 LTE Modem Affected: MDM8207 Affected: QCA4004 Affected: QTS110 Affected: Snapdragon 1100 Wearable Platform Affected: Snapdragon 1200 Wearable Platform Affected: Snapdragon Wear 1300 Platform Affected: Snapdragon X5 LTE Modem Affected: WCD9306 Affected: WCD9330 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:01:20.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Industrial IOT"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "9205 LTE Modem"
},
{
"status": "affected",
"version": "9206 LTE Modem"
},
{
"status": "affected",
"version": "9207 LTE Modem"
},
{
"status": "affected",
"version": "MDM8207"
},
{
"status": "affected",
"version": "QCA4004"
},
{
"status": "affected",
"version": "QTS110"
},
{
"status": "affected",
"version": "Snapdragon 1100 Wearable Platform"
},
{
"status": "affected",
"version": "Snapdragon 1200 Wearable Platform"
},
{
"status": "affected",
"version": "Snapdragon Wear 1300 Platform"
},
{
"status": "affected",
"version": "Snapdragon X5 LTE Modem"
},
{
"status": "affected",
"version": "WCD9306"
},
{
"status": "affected",
"version": "WCD9330"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Transient DOS in Modem due to null pointer dereference while processing the incoming packet with http chunked encoding."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-12T16:28:46.066Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
}
],
"title": "Null pointer dereference in Modem"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2022-33223",
"datePublished": "2023-04-04T04:46:26.078Z",
"dateReserved": "2022-06-14T10:44:39.577Z",
"dateUpdated": "2024-08-03T08:01:20.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-33294 (GCVE-0-2022-33294)
Vulnerability from cvelistv5 – Published: 2023-04-04 04:46 – Updated: 2024-08-03 08:01
VLAI
Title
NULL pointer dereference in Modem
Summary
Transient DOS in Modem due to NULL pointer dereference while receiving response of lwm2m registration/update/bootstrap request message.
Severity
7.5 (High)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Affected:
9205 LTE Modem
Affected: 9206 LTE Modem Affected: 9207 LTE Modem Affected: MDM8207 Affected: QCA4004 Affected: QTS110 Affected: Snapdragon 1100 Wearable Platform Affected: Snapdragon 1200 Wearable Platform Affected: Snapdragon Wear 1300 Platform Affected: Snapdragon X5 LTE Modem Affected: WCD9306 Affected: WCD9330 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:01:20.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Industrial IOT"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "9205 LTE Modem"
},
{
"status": "affected",
"version": "9206 LTE Modem"
},
{
"status": "affected",
"version": "9207 LTE Modem"
},
{
"status": "affected",
"version": "MDM8207"
},
{
"status": "affected",
"version": "QCA4004"
},
{
"status": "affected",
"version": "QTS110"
},
{
"status": "affected",
"version": "Snapdragon 1100 Wearable Platform"
},
{
"status": "affected",
"version": "Snapdragon 1200 Wearable Platform"
},
{
"status": "affected",
"version": "Snapdragon Wear 1300 Platform"
},
{
"status": "affected",
"version": "Snapdragon X5 LTE Modem"
},
{
"status": "affected",
"version": "WCD9306"
},
{
"status": "affected",
"version": "WCD9330"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Transient DOS in Modem due to NULL pointer dereference while receiving response of lwm2m registration/update/bootstrap request message."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-12T16:29:28.086Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
}
],
"title": "NULL pointer dereference in Modem"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2022-33294",
"datePublished": "2023-04-04T04:46:43.701Z",
"dateReserved": "2022-06-14T10:44:39.611Z",
"dateUpdated": "2024-08-03T08:01:20.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-56
Phase: Implementation
Description:
- For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Phase: Requirements
Description:
- Select a programming language that is not susceptible to these issues.
Mitigation
Phase: Implementation
Description:
- Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Phase: Architecture and Design
Description:
- Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Phase: Implementation
Description:
- Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.