Common Weakness Enumeration

CWE-690

Discouraged

Unchecked Return Value to NULL Pointer Dereference

Abstraction: Compound · Status: Draft

The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference.

53 vulnerabilities reference this CWE, most recent first.

GHSA-RJG6-J4Q2-2V5V

Vulnerability from github – Published: 2024-09-18 15:30 – Updated: 2024-09-20 21:31
VLAI
Details

Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::ActionList::unpack10.

This issue affects libfluid: 0.1.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-31196"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476",
      "CWE-690"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-18T14:15:19Z",
    "severity": "MODERATE"
  },
  "details": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::ActionList::unpack10.\n\nThis issue affects libfluid: 0.1.0.",
  "id": "GHSA-rjg6-j4q2-2v5v",
  "modified": "2024-09-20T21:31:39Z",
  "published": "2024-09-18T15:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31196"
    },
    {
      "type": "WEB",
      "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31196"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RV5G-P7P6-MPXP

Vulnerability from github – Published: 2024-09-18 15:30 – Updated: 2024-09-20 21:31
VLAI
Details

Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::SetFieldAction::unpack.

This issue affects libfluid: 0.1.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-31165"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476",
      "CWE-690"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-18T14:15:13Z",
    "severity": "MODERATE"
  },
  "details": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of13::SetFieldAction::unpack.\n\nThis issue affects libfluid: 0.1.0.",
  "id": "GHSA-rv5g-p7p6-mpxp",
  "modified": "2024-09-20T21:31:38Z",
  "published": "2024-09-18T15:30:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31165"
    },
    {
      "type": "WEB",
      "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31165"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VFMV-3FMR-WR8P

Vulnerability from github – Published: 2024-04-10 21:30 – Updated: 2024-07-08 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

tipc: check for null after calling kmemdup

kmemdup can return a null pointer so need to check for it, otherwise the null key will be dereferenced later in tipc_crypto_key_xmit as can be seen in the trace [1].

[1] https://syzkaller.appspot.com/bug?id=bca180abb29567b189efdbdb34cbf7ba851c2a58

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47186"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-690"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-10T19:15:47Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: check for null after calling kmemdup\n\nkmemdup can return a null pointer so need to check for it, otherwise\nthe null key will be dereferenced later in tipc_crypto_key_xmit as\ncan be seen in the trace [1].\n\n\n[1] https://syzkaller.appspot.com/bug?id=bca180abb29567b189efdbdb34cbf7ba851c2a58",
  "id": "GHSA-vfmv-3fmr-wr8p",
  "modified": "2024-07-08T15:31:54Z",
  "published": "2024-04-10T21:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47186"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3e6db079751afd527bf3db32314ae938dc571916"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9404c4145542c23019a80ab1bb2ecf73cd057b10"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a7d91625863d4ffed63b993b5e6dc1298b6430c9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.