Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6305 vulnerabilities reference this CWE, most recent first.

GHSA-G223-XXPM-2VV4

Vulnerability from github – Published: 2024-08-17 12:30 – Updated: 2025-11-04 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()

If IORESOURCE_MEM is not provided in Device Tree due to any error, resource_list_first_type() will return NULL and pci_parse_request_of_pci_ranges() will just emit a warning.

This will cause a NULL pointer dereference. Fix this bug by adding NULL return check.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-43823"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-17T10:15:08Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()\n\nIf IORESOURCE_MEM is not provided in Device Tree due to\nany error, resource_list_first_type() will return NULL and\npci_parse_request_of_pci_ranges() will just emit a warning.\n\nThis will cause a NULL pointer dereference. Fix this bug by adding NULL\nreturn check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
  "id": "GHSA-g223-xxpm-2vv4",
  "modified": "2025-11-04T00:31:15Z",
  "published": "2024-08-17T12:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43823"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0a6f1b5fe8ef8268aaa069035639968ceeea0a23"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a231707a91f323af1e5d9f1722055ec2fc1c7775"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bbba48ad67c53feea05936ea1e029dcca8057506"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dbcdd1863ba2ec9b76ec131df25d797709e05597"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G22C-3RRR-VFP7

Vulnerability from github – Published: 2022-05-14 02:03 – Updated: 2022-05-14 02:03
VLAI
Details

realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-18199"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-02-24T06:29:00Z",
    "severity": "MODERATE"
  },
  "details": "realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file.",
  "id": "GHSA-g22c-3rrr-vfp7",
  "modified": "2022-05-14T02:03:26Z",
  "published": "2022-05-14T02:03:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18199"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3246"
    },
    {
      "type": "WEB",
      "url": "https://savannah.gnu.org/bugs/?52264"
    },
    {
      "type": "WEB",
      "url": "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/103202"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G23V-56PX-8CQM

Vulnerability from github – Published: 2024-04-19 03:31 – Updated: 2024-04-19 03:31
VLAI
Details

A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-27978"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-19T02:15:10Z",
    "severity": "MODERATE"
  },
  "details": "A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks.",
  "id": "GHSA-g23v-56px-8cqm",
  "modified": "2024-04-19T03:31:03Z",
  "published": "2024-04-19T03:31:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27978"
    },
    {
      "type": "WEB",
      "url": "https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-and-CVEs-addressed?language=en_US"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G23W-MCM2-H6C5

Vulnerability from github – Published: 2022-04-21 01:57 – Updated: 2024-02-28 01:08
VLAI
Details

xpdf allows remote attackers to cause a denial of service (NULL pointer dereference and crash) in the way it processes JBIG2 PDF stream objects.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2010-0206"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-30T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "xpdf allows remote attackers to cause a denial of service (NULL pointer dereference and crash) in the way it processes JBIG2 PDF stream objects.",
  "id": "GHSA-g23w-mcm2-h6c5",
  "modified": "2024-02-28T01:08:53Z",
  "published": "2022-04-21T01:57:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0206"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0206"
    },
    {
      "type": "WEB",
      "url": "https://security-tracker.debian.org/tracker/CVE-2010-0206"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G248-66HQ-4F22

Vulnerability from github – Published: 2024-03-11 18:31 – Updated: 2024-11-06 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

netfs, fscache: Prevent Oops in fscache_put_cache()

This function dereferences "cache" and then checks if it's IS_ERR_OR_NULL(). Check first, then dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26612"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-11T18:15:19Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs, fscache: Prevent Oops in fscache_put_cache()\n\nThis function dereferences \"cache\" and then checks if it\u0027s\nIS_ERR_OR_NULL().  Check first, then dereference.",
  "id": "GHSA-g248-66hq-4f22",
  "modified": "2024-11-06T18:31:03Z",
  "published": "2024-03-11T18:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26612"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1c45256e599061021e2c848952e50f406457e448"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3be0b3ed1d76c6703b9ee482b55f7e01c369cc68"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4200ad3e46ce50f410fdda302745489441bc70f0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/82a9bc343ba019665d3ddc1d9a180bf0e0390cf3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G2FC-VV42-P4PC

Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-12-24 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup

The ixgbe driver currently generates a NULL pointer dereference with some machine (online cpus < 63). This is due to the fact that the maximum value of num_xdp_queues is nr_cpu_ids. Code is in "ixgbe_set_rss_queues"".

Here's how the problem repeats itself: Some machine (online cpus < 63), And user set num_queues to 63 through ethtool. Code is in the "ixgbe_set_channels", adapter->ring_feature[RING_F_FDIR].limit = count;

It becomes 63.

When user use xdp, "ixgbe_set_rss_queues" will set queues num. adapter->num_rx_queues = rss_i; adapter->num_tx_queues = rss_i; adapter->num_xdp_queues = ixgbe_xdp_queues(adapter);

And rss_i's value is from f = &adapter->ring_feature[RING_F_FDIR]; rss_i = f->indices = f->limit;

So "num_rx_queues" > "num_xdp_queues", when run to "ixgbe_xdp_setup", for (i = 0; i < adapter->num_rx_queues; i++) if (adapter->xdp_ring[i]->xsk_umem)

It leads to panic.

Call trace: [exception RIP: ixgbe_xdp+368] RIP: ffffffffc02a76a0 RSP: ffff9fe16202f8d0 RFLAGS: 00010297 RAX: 0000000000000000 RBX: 0000000000000020 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 000000000000001c RDI: ffffffffa94ead90 RBP: ffff92f8f24c0c18 R8: 0000000000000000 R9: 0000000000000000 R10: ffff9fe16202f830 R11: 0000000000000000 R12: ffff92f8f24c0000 R13: ffff9fe16202fc01 R14: 000000000000000a R15: ffffffffc02a7530 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 7 [ffff9fe16202f8f0] dev_xdp_install at ffffffffa89fbbcc 8 [ffff9fe16202f920] dev_change_xdp_fd at ffffffffa8a08808 9 [ffff9fe16202f960] do_setlink at ffffffffa8a20235 10 [ffff9fe16202fa88] rtnl_setlink at ffffffffa8a20384 11 [ffff9fe16202fc78] rtnetlink_rcv_msg at ffffffffa8a1a8dd 12 [ffff9fe16202fcf0] netlink_rcv_skb at ffffffffa8a717eb 13 [ffff9fe16202fd40] netlink_unicast at ffffffffa8a70f88 14 [ffff9fe16202fd80] netlink_sendmsg at ffffffffa8a71319 15 [ffff9fe16202fdf0] sock_sendmsg at ffffffffa89df290 16 [ffff9fe16202fe08] __sys_sendto at ffffffffa89e19c8 17 [ffff9fe16202ff30] __x64_sys_sendto at ffffffffa89e1a64 18 [ffff9fe16202ff38] do_syscall_64 at ffffffffa84042b9 19 [ffff9fe16202ff50] entry_SYSCALL_64_after_hwframe at ffffffffa8c0008c

So I fix ixgbe_max_channels so that it will not allow a setting of queues to be higher than the num_online_cpus(). And when run to ixgbe_xdp_setup, take the smaller value of num_rx_queues and num_xdp_queues.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47399"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T15:15:25Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup\n\nThe ixgbe driver currently generates a NULL pointer dereference with\nsome machine (online cpus \u003c 63). This is due to the fact that the\nmaximum value of num_xdp_queues is nr_cpu_ids. Code is in\n\"ixgbe_set_rss_queues\"\".\n\nHere\u0027s how the problem repeats itself:\nSome machine (online cpus \u003c 63), And user set num_queues to 63 through\nethtool. Code is in the \"ixgbe_set_channels\",\n\tadapter-\u003ering_feature[RING_F_FDIR].limit = count;\n\nIt becomes 63.\n\nWhen user use xdp, \"ixgbe_set_rss_queues\" will set queues num.\n\tadapter-\u003enum_rx_queues = rss_i;\n\tadapter-\u003enum_tx_queues = rss_i;\n\tadapter-\u003enum_xdp_queues = ixgbe_xdp_queues(adapter);\n\nAnd rss_i\u0027s value is from\n\tf = \u0026adapter-\u003ering_feature[RING_F_FDIR];\n\trss_i = f-\u003eindices = f-\u003elimit;\n\nSo \"num_rx_queues\" \u003e \"num_xdp_queues\", when run to \"ixgbe_xdp_setup\",\n\tfor (i = 0; i \u003c adapter-\u003enum_rx_queues; i++)\n\t\tif (adapter-\u003exdp_ring[i]-\u003exsk_umem)\n\nIt leads to panic.\n\nCall trace:\n[exception RIP: ixgbe_xdp+368]\nRIP: ffffffffc02a76a0  RSP: ffff9fe16202f8d0  RFLAGS: 00010297\nRAX: 0000000000000000  RBX: 0000000000000020  RCX: 0000000000000000\nRDX: 0000000000000000  RSI: 000000000000001c  RDI: ffffffffa94ead90\nRBP: ffff92f8f24c0c18   R8: 0000000000000000   R9: 0000000000000000\nR10: ffff9fe16202f830  R11: 0000000000000000  R12: ffff92f8f24c0000\nR13: ffff9fe16202fc01  R14: 000000000000000a  R15: ffffffffc02a7530\nORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018\n 7 [ffff9fe16202f8f0] dev_xdp_install at ffffffffa89fbbcc\n 8 [ffff9fe16202f920] dev_change_xdp_fd at ffffffffa8a08808\n 9 [ffff9fe16202f960] do_setlink at ffffffffa8a20235\n10 [ffff9fe16202fa88] rtnl_setlink at ffffffffa8a20384\n11 [ffff9fe16202fc78] rtnetlink_rcv_msg at ffffffffa8a1a8dd\n12 [ffff9fe16202fcf0] netlink_rcv_skb at ffffffffa8a717eb\n13 [ffff9fe16202fd40] netlink_unicast at ffffffffa8a70f88\n14 [ffff9fe16202fd80] netlink_sendmsg at ffffffffa8a71319\n15 [ffff9fe16202fdf0] sock_sendmsg at ffffffffa89df290\n16 [ffff9fe16202fe08] __sys_sendto at ffffffffa89e19c8\n17 [ffff9fe16202ff30] __x64_sys_sendto at ffffffffa89e1a64\n18 [ffff9fe16202ff38] do_syscall_64 at ffffffffa84042b9\n19 [ffff9fe16202ff50] entry_SYSCALL_64_after_hwframe at ffffffffa8c0008c\n\nSo I fix ixgbe_max_channels so that it will not allow a setting of queues\nto be higher than the num_online_cpus(). And when run to ixgbe_xdp_setup,\ntake the smaller value of num_rx_queues and num_xdp_queues.",
  "id": "GHSA-g2fc-vv42-p4pc",
  "modified": "2024-12-24T18:30:48Z",
  "published": "2024-05-21T15:31:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47399"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/20f6c4a31a525edd9ea6243712b868ba0e4e331e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2744341dd52e935344ca1b4bf189ba0d182a3e8e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/513e605d7a9ce136886cb42ebb2c40e9a6eb6333"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G2FG-H3FH-WPJ6

Vulnerability from github – Published: 2026-02-14 18:30 – Updated: 2026-03-19 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer

The curr_xfer field is read by the IRQ handler without holding the lock to check if a transfer is in progress. When clearing curr_xfer in the combined sequence transfer loop, protect it with the spinlock to prevent a race with the interrupt handler.

Protect the curr_xfer clearing at the exit path of tegra_qspi_combined_seq_xfer() with the spinlock to prevent a race with the interrupt handler that reads this field.

Without this protection, the IRQ handler could read a partially updated curr_xfer value, leading to NULL pointer dereference or use-after-free.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23202"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-14T17:15:58Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer\n\nThe curr_xfer field is read by the IRQ handler without holding the lock\nto check if a transfer is in progress. When clearing curr_xfer in the\ncombined sequence transfer loop, protect it with the spinlock to prevent\na race with the interrupt handler.\n\nProtect the curr_xfer clearing at the exit path of\ntegra_qspi_combined_seq_xfer() with the spinlock to prevent a race\nwith the interrupt handler that reads this field.\n\nWithout this protection, the IRQ handler could read a partially updated\ncurr_xfer value, leading to NULL pointer dereference or use-after-free.",
  "id": "GHSA-g2fg-h3fh-wpj6",
  "modified": "2026-03-19T18:31:14Z",
  "published": "2026-02-14T18:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23202"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3bc293d5b56502068481478842f57b3d96e432c7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6fd446178a610a48e80e5c5b487b0707cd01daac"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/712cde8d916889e282727cdf304a43683adf899e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/762e2ce71c8f0238e9eaf05d14da803d9a24422f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9fa4262a80f751d14a6a39d2c03f57db68da2618"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bf4528ab28e2bf112c3a2cdef44fd13f007781cd"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G2MR-F5HM-6X69

Vulnerability from github – Published: 2024-12-16 18:31 – Updated: 2024-12-16 18:31
VLAI
Details

A vulnerability has been found in IObit Advanced SystemCare Utimate up to 17.0.0 and classified as problematic. This vulnerability affects the function 0x8001E000 in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-12657"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-404",
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-16T17:15:09Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been found in IObit Advanced SystemCare Utimate up to 17.0.0 and classified as problematic. This vulnerability affects the function 0x8001E000 in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-g2mr-f5hm-6x69",
  "modified": "2024-12-16T18:31:09Z",
  "published": "2024-12-16T18:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12657"
    },
    {
      "type": "WEB",
      "url": "https://shareforall.notion.site/IOBit-Advanced-SystemCare-Utimate-AscRegistryFilter-0x8001E000-NPD-DOS-15160437bb1e8068a470ca1611fd7317"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.288526"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.288526"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.456035"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-G2RM-3545-J3GR

Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2022-05-13 01:36
VLAI
Details

A null pointer dereference vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to crash.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-2586"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-27T18:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A null pointer dereference vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to crash.",
  "id": "GHSA-g2rm-3545-j3gr",
  "modified": "2022-05-13T01:36:55Z",
  "published": "2022-05-13T01:36:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2586"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2586"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/96708"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G2V4-8532-C83R

Vulnerability from github – Published: 2024-05-14 18:31 – Updated: 2024-05-14 18:31
VLAI
Details

Win32k Elevation of Privilege Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-30030"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-14T17:17:02Z",
    "severity": "HIGH"
  },
  "details": "Win32k Elevation of Privilege Vulnerability",
  "id": "GHSA-g2v4-8532-c83r",
  "modified": "2024-05-14T18:31:04Z",
  "published": "2024-05-14T18:31:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30030"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30030"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.