CWE-824
AllowedAccess of Uninitialized Pointer
Abstraction: Base · Status: Incomplete
The product accesses or uses a pointer that has not been initialized.
451 vulnerabilities reference this CWE, most recent first.
GHSA-2Q53-R2C4-59VP
Vulnerability from github – Published: 2025-03-13 18:32 – Updated: 2025-03-13 18:32A denial-of-service vulnerability exists in the "GetWebLoginCredentials" function in "Sante PACS Server.exe".
{
"affected": [],
"aliases": [
"CVE-2025-2284"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-13T17:15:39Z",
"severity": "HIGH"
},
"details": "A denial-of-service vulnerability exists in the \"GetWebLoginCredentials\" function in \"Sante PACS Server.exe\".",
"id": "GHSA-2q53-r2c4-59vp",
"modified": "2025-03-13T18:32:23Z",
"published": "2025-03-13T18:32:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2284"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/research/tra-2025-08"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2VG6-3MR6-W5MP
Vulnerability from github – Published: 2022-05-02 03:24 – Updated: 2022-05-02 03:24lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free.
{
"affected": [],
"aliases": [
"CVE-2009-1415"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2009-04-30T20:30:00Z",
"severity": "MODERATE"
},
"details": "lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free.",
"id": "GHSA-2vg6-3mr6-w5mp",
"modified": "2022-05-02T03:24:54Z",
"published": "2022-05-02T03:24:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1415"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50257"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50260"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50445"
},
{
"type": "WEB",
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515"
},
{
"type": "WEB",
"url": "http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3502"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/34842"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/35211"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-200905-04.xml"
},
{
"type": "WEB",
"url": "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3488"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:116"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/34783"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1022157"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2009/1218"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-2WMC-XMV6-FHJQ
Vulnerability from github – Published: 2024-05-14 18:30 – Updated: 2024-05-14 18:30NULL pointer access vulnerability in the clock module Impact: Successful exploitation of this vulnerability will affect availability.
{
"affected": [],
"aliases": [
"CVE-2024-32998"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-14T15:37:25Z",
"severity": "MODERATE"
},
"details": "NULL pointer access vulnerability in the clock module\nImpact: Successful exploitation of this vulnerability will affect availability.",
"id": "GHSA-2wmc-xmv6-fhjq",
"modified": "2024-05-14T18:30:48Z",
"published": "2024-05-14T18:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32998"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2024/5"
},
{
"type": "WEB",
"url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-phones-202405-0000001902628049"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-2X3C-49J5-46PJ
Vulnerability from github – Published: 2026-04-30 09:30 – Updated: 2026-04-30 09:30GSM RP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
{
"affected": [],
"aliases": [
"CVE-2026-6870"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-30T07:16:41Z",
"severity": "MODERATE"
},
"details": "GSM RP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service",
"id": "GHSA-2x3c-49j5-46pj",
"modified": "2026-04-30T09:30:25Z",
"published": "2026-04-30T09:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6870"
},
{
"type": "WEB",
"url": "https://gitlab.com/wireshark/wireshark/-/work_items/21189"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2026-43.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2XPJ-F5G2-8P7M
Vulnerability from github – Published: 2021-04-20 16:30 – Updated: 2024-09-12 21:06asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized pointer in the array data decoder.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "asyncpg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.21.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-17446"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": true,
"github_reviewed_at": "2021-04-14T21:35:20Z",
"nvd_published_at": "2020-08-12T16:15:00Z",
"severity": "CRITICAL"
},
"details": "asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized pointer in the array data decoder.",
"id": "GHSA-2xpj-f5g2-8p7m",
"modified": "2024-09-12T21:06:18Z",
"published": "2021-04-20T16:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17446"
},
{
"type": "WEB",
"url": "https://github.com/MagicStack/asyncpg/commit/69bcdf5bf7696b98ee708be5408fd7d854e910d0"
},
{
"type": "PACKAGE",
"url": "https://github.com/MagicStack/asyncpg"
},
{
"type": "WEB",
"url": "https://github.com/MagicStack/asyncpg/releases/tag/v0.21.0"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-2xpj-f5g2-8p7m"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/asyncpg/PYSEC-2020-24.yaml"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00002.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Asyncpg Arbitrary Code Execution Via Access to an Uninitialized Pointer"
}
GHSA-323H-XV5H-R9J9
Vulnerability from github – Published: 2022-07-16 00:00 – Updated: 2022-07-16 00:00Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2022-34228"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-15T16:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-323h-xv5h-r9j9",
"modified": "2022-07-16T00:00:29Z",
"published": "2022-07-16T00:00:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34228"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb22-32.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3325-4GJP-WGF5
Vulnerability from github – Published: 2025-12-11 21:31 – Updated: 2026-06-04 21:31In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Uninitialized Pointer vulnerability can be exploited by an attacker which can lead to arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2025-66588"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-11T21:15:57Z",
"severity": "HIGH"
},
"details": "In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Uninitialized Pointer vulnerability can be exploited by an attacker which can lead to arbitrary code execution.",
"id": "GHSA-3325-4gjp-wgf5",
"modified": "2026-06-04T21:31:18Z",
"published": "2025-12-11T21:31:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66588"
},
{
"type": "WEB",
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-345-03.json"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-34VX-JR58-Q9X4
Vulnerability from github – Published: 2022-05-14 03:40 – Updated: 2022-05-14 03:40A remote code execution vulnerability in HPE intelligent Management Center (iMC) PLAT version Plat 7.3 E0504P4 and earlier was found.
{
"affected": [],
"aliases": [
"CVE-2017-12561"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-02-15T22:29:00Z",
"severity": "CRITICAL"
},
"details": "A remote code execution vulnerability in HPE intelligent Management Center (iMC) PLAT version Plat 7.3 E0504P4 and earlier was found.",
"id": "GHSA-34vx-jr58-q9x4",
"modified": "2022-05-14T03:40:11Z",
"published": "2022-05-14T03:40:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12561"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03781en_us"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039495"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-37HV-5W7W-HHJW
Vulnerability from github – Published: 2022-02-25 00:00 – Updated: 2022-03-19 00:01A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability.
{
"affected": [],
"aliases": [
"CVE-2021-3608"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-24T19:15:00Z",
"severity": "MODERATE"
},
"details": "A flaw was found in the QEMU implementation of VMWare\u0027s paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a \"PVRDMA_REG_DSRHIGH\" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability.",
"id": "GHSA-37hv-5w7w-hhjw",
"modified": "2022-03-19T00:01:43Z",
"published": "2022-02-25T00:00:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3608"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1973383"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
},
{
"type": "WEB",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg07926.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220318-0002"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-38JP-8R92-CQG4
Vulnerability from github – Published: 2024-11-10 21:30 – Updated: 2025-11-04 00:32An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2024-46951"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-10T21:15:14Z",
"severity": "HIGH"
},
"details": "An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution.",
"id": "GHSA-38jp-8r92-cqg4",
"modified": "2025-11-04T00:32:01Z",
"published": "2024-11-10T21:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46951"
},
{
"type": "WEB",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=707991"
},
{
"type": "WEB",
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f49812186baa7d1362880673408a6fbe8719b4f8"
},
{
"type": "WEB",
"url": "https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00023.html"
},
{
"type": "WEB",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243942-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.