CWE-158
AllowedImproper Neutralization of Null Byte or NUL Character
Abstraction: Variant · Status: Incomplete
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes NUL characters or null bytes when they are sent to a downstream component.
44 vulnerabilities reference this CWE, most recent first.
CVE-2022-20812 (GCVE-0-2022-20812)
Vulnerability from cvelistv5 – Published: 2022-07-06 20:30 – Updated: 2024-11-06 16:11| URL | Tags |
|---|---|
| https://tools.cisco.com/security/center/content/C… | vendor-advisory |
| https://tools.cisco.com/security/center/content/C… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco TelePresence Video Communication Server (VCS) Expressway |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:24:49.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20220706 Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-overwrite-3buqW8LH"
},
{
"name": "20221005 Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-sqpsSfY6"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20812",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T16:00:05.599729Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T16:11:48.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco TelePresence Video Communication Server (VCS) Expressway",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-07-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco Expressway Series refers to the Expressway Control (Expressway-C) device and the Expressway Edge (Expressway-E) device. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-158",
"description": "CWE-158",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-06T00:00:00.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20220706 Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-overwrite-3buqW8LH"
},
{
"name": "20221005 Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-sqpsSfY6"
}
],
"source": {
"advisory": "cisco-sa-expressway-overwrite-3buqW8LH",
"defect": [
[
"CSCwa01080",
"CSCwa01085"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20812",
"datePublished": "2022-07-06T20:30:40.411Z",
"dateReserved": "2021-11-02T00:00:00.000Z",
"dateUpdated": "2024-11-06T16:11:48.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14500 (GCVE-0-2020-14500)
Vulnerability from cvelistv5 – Published: 2020-08-25 13:12 – Updated: 2024-09-17 03:34- CWE-158 - IMPROPER NEUTRALIZATION OF NULL BYTE OR NUL CHARACTER CWE-158
| URL | Tags |
|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-210-01 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Secomea GateManager all versions prior to 9.2c | Secomea GateManager all versions prior to 9.2c |
Affected:
all , < 9.2c
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Secomea GateManager all versions prior to 9.2c",
"vendor": "Secomea GateManager all versions prior to 9.2c",
"versions": [
{
"lessThan": "9.2c",
"status": "affected",
"version": "all",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-07-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-158",
"description": "IMPROPER NEUTRALIZATION OF NULL BYTE OR NUL CHARACTER CWE-158",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-25T13:12:30.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IMPROPER NEUTRALIZATION OF NULL BYTE OR NUL CHARACTER CWE-158",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2020-07-28T00:00:00.000Z",
"ID": "CVE-2020-14500",
"STATE": "PUBLIC",
"TITLE": "IMPROPER NEUTRALIZATION OF NULL BYTE OR NUL CHARACTER CWE-158"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Secomea GateManager all versions prior to 9.2c",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "all",
"version_value": "9.2c"
}
]
}
}
]
},
"vendor_name": "Secomea GateManager all versions prior to 9.2c"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF NULL BYTE OR NUL CHARACTER CWE-158"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-01"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-14500",
"datePublished": "2020-08-25T13:12:30.705Z",
"dateReserved": "2020-06-19T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:34:07.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7928 (GCVE-0-2020-7928)
Vulnerability from cvelistv5 – Published: 2020-11-23 16:35 – Updated: 2024-09-17 00:20- CWE-158 - Improper Neutralization of Null Byte or NUL Character
| URL | Tags |
|---|---|
| https://jira.mongodb.org/browse/SERVER-49404 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| MongoDB Inc. | MongoDB Server |
Affected:
4.4 , < 4.4.1
(custom)
Affected: 4.2 , < 4.2.9 (custom) Affected: 4.0 , < 4.0.20 (custom) Affected: 3.6 , < 3.6.20 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:24.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.mongodb.org/browse/SERVER-49404"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MongoDB Server",
"vendor": "MongoDB Inc.",
"versions": [
{
"lessThan": "4.4.1",
"status": "affected",
"version": "4.4",
"versionType": "custom"
},
{
"lessThan": "4.2.9",
"status": "affected",
"version": "4.2",
"versionType": "custom"
},
{
"lessThan": "4.0.20",
"status": "affected",
"version": "4.0",
"versionType": "custom"
},
{
"lessThan": "3.6.20",
"status": "affected",
"version": "3.6",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-11-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries. This issue affects MongoDB Server v4.4 versions prior to 4.4.1; MongoDB Server v4.2 versions prior to 4.2.9; MongoDB Server v4.0 versions prior to 4.0.20 and MongoDB Server v3.6 versions prior to 3.6.20.\u003c/p\u003e"
}
],
"value": "A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries. This issue affects MongoDB Server v4.4 versions prior to 4.4.1; MongoDB Server v4.2 versions prior to 4.2.9; MongoDB Server v4.0 versions prior to 4.0.20 and MongoDB Server v3.6 versions prior to 3.6.20."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-158",
"description": "CWE-158: Improper Neutralization of Null Byte or NUL Character",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T15:46:18.372Z",
"orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
"shortName": "mongodb"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.mongodb.org/browse/SERVER-49404"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Improper neutralization of null byte leads to read overrun",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@mongodb.com",
"DATE_PUBLIC": "2020-11-23T17:20:00.000Z",
"ID": "CVE-2020-7928",
"STATE": "PUBLIC",
"TITLE": "Improper neutralization of null byte leads to read overrun"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MongoDB Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.4",
"version_value": "4.4.1"
},
{
"version_affected": "\u003c",
"version_name": "4.2",
"version_value": "4.2.9"
},
{
"version_affected": "\u003c",
"version_name": "4.0",
"version_value": "4.0.20"
},
{
"version_affected": "\u003c",
"version_name": "3.6",
"version_value": "3.6.20"
}
]
}
}
]
},
"vendor_name": "MongoDB Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.1; v4.2 versions prior to 4.2.9; v4.0 versions prior to 4.0.20; v3.6 versions prior to 3.6.20."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-158: Improper Neutralization of Null Byte or NUL Character"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.mongodb.org/browse/SERVER-49404",
"refsource": "MISC",
"url": "https://jira.mongodb.org/browse/SERVER-49404"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
"assignerShortName": "mongodb",
"cveId": "CVE-2020-7928",
"datePublished": "2020-11-23T16:35:12.958Z",
"dateReserved": "2020-01-23T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:20:37.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5363 (GCVE-0-2020-5363)
Vulnerability from cvelistv5 – Published: 2020-06-10 20:40 – Updated: 2024-09-16 20:53- CWE-158 - Improper Neutralization of Null Byte or NUL Character
| URL | Tags |
|---|---|
| https://www.dell.com/support/article/SLN321604 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | Dell Client Consumer and Commercial platforms |
Affected:
https://www.dell.com/support/article/SLN321604
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:23.893Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/article/SLN321604"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Dell Client Consumer and Commercial platforms",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "https://www.dell.com/support/article/SLN321604"
}
]
}
],
"datePublic": "2020-06-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell\u0027s manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-158",
"description": "CWE-158: Improper Neutralization of Null Byte or NUL Character",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-10T20:40:13.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/article/SLN321604"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-06-02",
"ID": "CVE-2020-5363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Dell Client Consumer and Commercial platforms",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "https://www.dell.com/support/article/SLN321604"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell\u0027s manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.6,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-158: Improper Neutralization of Null Byte or NUL Character"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/article/SLN321604",
"refsource": "MISC",
"url": "https://www.dell.com/support/article/SLN321604"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-5363",
"datePublished": "2020-06-10T20:40:13.376Z",
"dateReserved": "2020-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:53:09.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-2GXG-PVM2-2P6X
Vulnerability from github – Published: 2025-09-29 12:30 – Updated: 2025-09-29 12:30A vulnerability in the CivetWeb library's function mg_handle_form_request allows remote attackers to trigger a denial of service (DoS) condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multiple malicious requests will result in complete CPU exhaustion and render the service unresponsive to further requests.
This issue was fixed in commit 782e189. This issue affects only the library, standalone executable pre-built by vendor is not affected.
{
"affected": [],
"aliases": [
"CVE-2025-9648"
],
"database_specific": {
"cwe_ids": [
"CWE-158"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-29T12:15:49Z",
"severity": "HIGH"
},
"details": "A vulnerability in the CivetWeb library\u0027s function mg_handle_form_request allows remote attackers to trigger a denial of service (DoS) condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multiple malicious requests will result in complete CPU exhaustion and render the service unresponsive to further requests.\n\nThis issue was fixed in commit 782e189. This issue affects only the library, standalone executable pre-built by vendor is not affected.",
"id": "GHSA-2gxg-pvm2-2p6x",
"modified": "2025-09-29T12:30:27Z",
"published": "2025-09-29T12:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9648"
},
{
"type": "WEB",
"url": "https://github.com/civetweb/civetweb/issues/1348"
},
{
"type": "WEB",
"url": "https://github.com/civetweb/civetweb/commit/782e18903515f43bafbf2e668994e82bdfa51133"
},
{
"type": "WEB",
"url": "https://cert.pl/en/posts/2025/09/CVE-2025-9648"
},
{
"type": "WEB",
"url": "https://github.com/civetweb/civetweb"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-3548-98V9-6PQ6
Vulnerability from github – Published: 2026-03-17 21:31 – Updated: 2026-03-17 21:31A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash in applications using the MongoDB C driver.
{
"affected": [],
"aliases": [
"CVE-2026-4359"
],
"database_specific": {
"cwe_ids": [
"CWE-158"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-17T20:16:15Z",
"severity": "LOW"
},
"details": "A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash in applications using the MongoDB C driver.",
"id": "GHSA-3548-98v9-6pq6",
"modified": "2026-03-17T21:31:46Z",
"published": "2026-03-17T21:31:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4359"
},
{
"type": "WEB",
"url": "https://jira.mongodb.org/browse/CDRIVER-6251"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-5MWC-RP6J-MW6R
Vulnerability from github – Published: 2022-05-24 17:34 – Updated: 2024-01-23 18:31A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries. This issue affects: MongoDB Inc. MongoDB Server v4.5 versions prior to 4.5.1; v4.4 versions prior to 4.4.1; v4.2 versions prior to 4.2.9; v4.0 versions prior to 4.0.20; v3.6 versions prior to 3.6.20.
{
"affected": [],
"aliases": [
"CVE-2020-7928"
],
"database_specific": {
"cwe_ids": [
"CWE-158"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-11-23T17:15:00Z",
"severity": "MODERATE"
},
"details": "A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries. This issue affects: MongoDB Inc. MongoDB Server v4.5 versions prior to 4.5.1; v4.4 versions prior to 4.4.1; v4.2 versions prior to 4.2.9; v4.0 versions prior to 4.0.20; v3.6 versions prior to 3.6.20.",
"id": "GHSA-5mwc-rp6j-mw6r",
"modified": "2024-01-23T18:31:08Z",
"published": "2022-05-24T17:34:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7928"
},
{
"type": "WEB",
"url": "https://jira.mongodb.org/browse/SERVER-49404"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7346-P858-4R4C
Vulnerability from github – Published: 2023-11-06 21:31 – Updated: 2023-11-06 21:31The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that passwords entered via the Crimson system web server do not suffer from this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2023-5719"
],
"database_specific": {
"cwe_ids": [
"CWE-158"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-06T20:15:07Z",
"severity": "HIGH"
},
"details": "\nThe Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that passwords entered via the Crimson system web server do not suffer from this vulnerability.\n\n",
"id": "GHSA-7346-p858-4r4c",
"modified": "2023-11-06T21:31:08Z",
"published": "2023-11-06T21:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5719"
},
{
"type": "WEB",
"url": "https://support.redlion.net/hc/en-us/categories/360002087671-Security-Advisories"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-75GP-7GP7-RQPF
Vulnerability from github – Published: 2026-05-01 18:31 – Updated: 2026-05-01 18:31An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents with embedded NUL bytes in the filename to be shown in the application as one type of file but run as an executable when opened. We have not seen evidence of exploitation in the wild.
{
"affected": [],
"aliases": [
"CVE-2026-23863"
],
"database_specific": {
"cwe_ids": [
"CWE-158"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-01T16:16:29Z",
"severity": "MODERATE"
},
"details": "An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents with embedded NUL bytes in the filename to be shown in the application as one type of file but run as an executable when opened. We have not seen evidence of exploitation in the wild.",
"id": "GHSA-75gp-7gp7-rqpf",
"modified": "2026-05-01T18:31:24Z",
"published": "2026-05-01T18:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23863"
},
{
"type": "WEB",
"url": "https://www.facebook.com/security/advisories/cve-2026-23863"
},
{
"type": "WEB",
"url": "https://www.whatsapp.com/security/advisories/2026"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8GMF-R74V-362P
Vulnerability from github – Published: 2025-10-06 21:30 – Updated: 2026-07-14 15:31ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.
{
"affected": [],
"aliases": [
"CVE-2025-61985"
],
"database_specific": {
"cwe_ids": [
"CWE-158"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-06T19:15:36Z",
"severity": "LOW"
},
"details": "ssh in OpenSSH before 10.1 allows the \u0027\\0\u0027 character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.",
"id": "GHSA-8gmf-r74v-362p",
"modified": "2026-07-14T15:31:27Z",
"published": "2025-10-06T21:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61985"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
},
{
"type": "WEB",
"url": "https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2"
},
{
"type": "WEB",
"url": "https://www.openssh.com/releasenotes.html#10.1p1"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2025/10/06/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Developers should anticipate that null characters or null bytes will be injected/removed/manipulated in the input vectors of their product. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system.
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation MIT-20
Strategy: Input Validation
Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
CAPEC-52: Embedding NULL Bytes
An adversary embeds one or more null bytes in input to the target software. This attack relies on the usage of a null-valued byte as a string terminator in many environments. The goal is for certain components of the target software to stop processing the input when it encounters the null byte(s).
CAPEC-53: Postfix, Null Terminate, and Backslash
If a string is passed through a filter of some kind, then a terminal NULL may not be valid. Using alternate representation of NULL allows an adversary to embed the NULL mid-string while postfixing the proper data so that the filter is avoided. One example is a filter that looks for a trailing slash character. If a string insertion is possible, but the slash must exist, an alternate encoding of NULL in mid-string may be used.