Common Weakness Enumeration

CWE-476

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

CVE-2026-47271 (GCVE-0-2026-47271)

Vulnerability from cvelistv5 – Published: 2026-05-27 20:08 – Updated: 2026-05-28 13:38
VLAI
Title
pam_usb: OOM guards removed by -DNDEBUG cause NULL dereference and authentication process crash
Summary
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, src/mem.c implemented out-of-memory guards for xmalloc(), xrealloc(), and xstrdup() using assert(data != NULL). The C standard specifies that all assert() expressions are compiled out when NDEBUG is defined at build time. NDEBUG is commonly defined in release and packaging builds (Debian, Fedora, Arch package flags all define it via -DNDEBUG in CFLAGS). With the guard removed, xmalloc/xrealloc/xstrdup silently return NULL on allocation failure. Every caller in the codebase dereferences the return value without a NULL check -- this is the intended design, as the guard was supposed to abort before the dereference. With the guard gone, any allocation failure causes a NULL pointer dereference, crashing the PAM module. A crash in a PAM module loaded by sudo or login causes authentication to fail for the duration of the crash, creating a local denial-of-service condition. An attacker who can induce memory pressure at authentication time can lock all users out of sudo and login. This vulnerability is fixed in 0.9.0.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
Vendor Product Version
mcdope pam_usb Affected: < 0.9.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-47271",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-28T13:38:36.351091Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-28T13:38:47.997Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "pam_usb",
          "vendor": "mcdope",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.9.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, src/mem.c implemented out-of-memory guards for xmalloc(), xrealloc(), and xstrdup() using assert(data != NULL). The C standard specifies that all assert() expressions are compiled out when NDEBUG is defined at build time. NDEBUG is commonly defined in release and packaging builds (Debian, Fedora, Arch package flags all define it via -DNDEBUG in CFLAGS). With the guard removed, xmalloc/xrealloc/xstrdup silently return NULL on allocation failure. Every caller in the codebase dereferences the return value without a NULL check -- this is the intended design, as the guard was supposed to abort before the dereference. With the guard gone, any allocation failure causes a NULL pointer dereference, crashing the PAM module. A crash in a PAM module loaded by sudo or login causes authentication to fail for the duration of the crash, creating a local denial-of-service condition. An attacker who can induce memory pressure at authentication time can lock all users out of sudo and login. This vulnerability is fixed in 0.9.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476: NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-27T20:08:02.552Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/mcdope/pam_usb/security/advisories/GHSA-7rvx-jcc6-7hqq",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/mcdope/pam_usb/security/advisories/GHSA-7rvx-jcc6-7hqq"
        },
        {
          "name": "https://github.com/mcdope/pam_usb/commit/d003e551b794a9e3774ff4720830fb7aadaa48bd",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/mcdope/pam_usb/commit/d003e551b794a9e3774ff4720830fb7aadaa48bd"
        }
      ],
      "source": {
        "advisory": "GHSA-7rvx-jcc6-7hqq",
        "discovery": "UNKNOWN"
      },
      "title": "pam_usb: OOM guards removed by -DNDEBUG cause NULL dereference and authentication process crash"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-47271",
    "datePublished": "2026-05-27T20:08:02.552Z",
    "dateReserved": "2026-05-18T23:03:37.229Z",
    "dateUpdated": "2026-05-28T13:38:47.997Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-47307 (GCVE-0-2026-47307)

Vulnerability from cvelistv5 – Published: 2026-05-19 02:51 – Updated: 2026-05-19 12:44
VLAI
Summary
NULL pointer dereference vulnerability in Samsung Open Source Walrus allows an attacker to cause a denial of service via a crafted WebAssembly module containing deeply nested instructions. This issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-476 - NULL pointer dereference
References
Impacted products
Vendor Product Version
Samsung Open Source Walrus Affected: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9
Create a notification for this product.
Credits
Sebastián Alba Vives
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-47307",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-19T12:44:44.127057Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-19T12:44:58.520Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Walrus",
          "vendor": "Samsung Open Source",
          "versions": [
            {
              "status": "affected",
              "version": "f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Sebasti\u00e1n Alba Vives"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "NULL pointer dereference vulnerability in Samsung Open Source Walrus allows an attacker to cause a denial of service via a crafted WebAssembly module containing deeply nested instructions.\u003cp\u003eThis issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9.\u003c/p\u003e"
            }
          ],
          "value": "NULL pointer dereference vulnerability in Samsung Open Source Walrus allows an attacker to cause a denial of service via a crafted WebAssembly module containing deeply nested instructions.\n\nThis issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-230",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-230 Serialized Data with Nested Payloads"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL pointer dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-19T02:51:55.651Z",
        "orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
        "shortName": "samsung.tv_appliance"
      },
      "references": [
        {
          "url": "https://github.com/Samsung/walrus/pull/409"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
    "assignerShortName": "samsung.tv_appliance",
    "cveId": "CVE-2026-47307",
    "datePublished": "2026-05-19T02:51:55.651Z",
    "dateReserved": "2026-05-19T02:40:40.159Z",
    "dateUpdated": "2026-05-19T12:44:58.520Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-47308 (GCVE-0-2026-47308)

Vulnerability from cvelistv5 – Published: 2026-05-19 04:17 – Updated: 2026-05-19 12:38
VLAI
Summary
NULL pointer dereference vulnerability in Samsung Open Source Walrus allows Pointer Manipulation. This issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-476 - NULL pointer dereference
References
Impacted products
Vendor Product Version
Samsung Open Source Walrus Affected: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9
Create a notification for this product.
Credits
Sebastián Alba Vives
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-47308",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-19T12:38:22.718886Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-19T12:38:34.943Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Walrus",
          "vendor": "Samsung Open Source",
          "versions": [
            {
              "status": "affected",
              "version": "f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Sebasti\u00e1n Alba Vives"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "NULL pointer dereference vulnerability in Samsung Open Source Walrus allows Pointer Manipulation.\u003cp\u003eThis issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9.\u003c/p\u003e"
            }
          ],
          "value": "NULL pointer dereference vulnerability in Samsung Open Source Walrus allows Pointer Manipulation.\n\nThis issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-129",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-129 Pointer Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL pointer dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-19T04:17:49.970Z",
        "orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
        "shortName": "samsung.tv_appliance"
      },
      "references": [
        {
          "url": "https://github.com/Samsung/walrus/pull/409"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
    "assignerShortName": "samsung.tv_appliance",
    "cveId": "CVE-2026-47308",
    "datePublished": "2026-05-19T04:17:49.970Z",
    "dateReserved": "2026-05-19T02:40:40.159Z",
    "dateUpdated": "2026-05-19T12:38:34.943Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-47327 (GCVE-0-2026-47327)

Vulnerability from cvelistv5 – Published: 2026-05-28 18:27 – Updated: 2026-05-28 19:25
VLAI
Title
NULL pointer dereference in Ubuntu Linux AppArmor notification handling
Summary
Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications. The bug can be triggered by an unprivileged local user. This can lead to a kernel oops.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-476 - NULL pointer dereference
Assigner
References
Impacted products
Vendor Product Version
Canonical Ubuntu Linux Affected: 6.8.0 , < 6.8.0-124.124 (dpkg)
Affected: 6.17.0 , < 6.17.0-35.35 (dpkg)
Affected: 7.0.0 , < 7.0.0-22.22 (dpkg)
Create a notification for this product.
Credits
Tristan Madani (@TristanInSec), Talence Security
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-47327",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-28T19:20:39.267467Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-28T19:25:26.930Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://launchpad.net/ubuntu/+source/",
          "defaultStatus": "unaffected",
          "modules": [
            "AppArmor"
          ],
          "packageName": "linux",
          "product": "Ubuntu Linux",
          "repo": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/",
          "vendor": "Canonical",
          "versions": [
            {
              "lessThan": "6.8.0-124.124",
              "status": "affected",
              "version": "6.8.0",
              "versionType": "dpkg"
            },
            {
              "lessThan": "6.17.0-35.35",
              "status": "affected",
              "version": "6.17.0",
              "versionType": "dpkg"
            },
            {
              "lessThan": "7.0.0-22.22",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "dpkg"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Tristan Madani (@TristanInSec), Talence Security"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications. The bug can be triggered by an unprivileged local user. This can lead to a kernel oops."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL pointer dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-28T18:27:20.987Z",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=7f3c4902c39432ce7ea0d384cb70eba282247fac"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "NULL pointer dereference in Ubuntu Linux AppArmor notification handling"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2026-47327",
    "datePublished": "2026-05-28T18:27:20.987Z",
    "dateReserved": "2026-05-19T10:37:36.433Z",
    "dateUpdated": "2026-05-28T19:25:26.930Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-47335 (GCVE-0-2026-47335)

Vulnerability from cvelistv5 – Published: 2026-05-28 18:28 – Updated: 2026-05-28 19:23
VLAI
Title
NULL pointer dereference in Ubuntu Linux AppArmor notification handling
Summary
Ubuntu Linux 6.8 contains SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications. The bug can be triggered by an unprivileged local user. This can lead to a kernel panic.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-476 - NULL pointer dereference
Assigner
References
Impacted products
Vendor Product Version
Canonical Ubuntu Linux Affected: 6.8.0 , < 6.8.0-124.124 (dpkg)
Create a notification for this product.
Credits
Tristan Madani (@TristanInSec), Talence Security
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-47335",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-28T19:21:08.045629Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-28T19:23:36.632Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://launchpad.net/ubuntu/+source/",
          "defaultStatus": "unaffected",
          "modules": [
            "AppArmor"
          ],
          "packageName": "linux",
          "product": "Ubuntu Linux",
          "repo": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/",
          "vendor": "Canonical",
          "versions": [
            {
              "lessThan": "6.8.0-124.124",
              "status": "affected",
              "version": "6.8.0",
              "versionType": "dpkg"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Tristan Madani (@TristanInSec), Talence Security"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Ubuntu Linux 6.8 contains SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications. The bug can be triggered by an unprivileged local user. This can lead to a kernel panic."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL pointer dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-28T18:28:49.870Z",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=406571d530ccdbae6119fe64ce9cf5c74160f20b"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "NULL pointer dereference in Ubuntu Linux AppArmor notification handling"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2026-47335",
    "datePublished": "2026-05-28T18:28:49.870Z",
    "dateReserved": "2026-05-19T10:37:36.434Z",
    "dateUpdated": "2026-05-28T19:23:36.632Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-47337 (GCVE-0-2026-47337)

Vulnerability from cvelistv5 – Published: 2026-05-28 18:29 – Updated: 2026-05-28 19:23
VLAI
Title
NULL pointer dereference in Ubuntu Linux AppArmor IPv4/IPv6 socket mediation
Summary
Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AF_INET/AF_INET6 socket mediation. The bug can be triggered by an unprivileged local user. This can lead to a kernel oops.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-476 - NULL pointer dereference
Assigner
References
Impacted products
Vendor Product Version
Canonical Ubuntu Linux Affected: 6.8.0 , < 6.8.0-124.124 (dpkg)
Affected: 6.17.0 , < 6.17.0-35.35 (dpkg)
Affected: 7.0.0 , < 7.0.0-22.22 (dpkg)
Create a notification for this product.
Credits
Tristan Madani (@TristanInSec), Talence Security Trevor Lawrence, _SiCk, afflicted.sh
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-47337",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-28T19:21:23.610809Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-28T19:23:08.247Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://launchpad.net/ubuntu/+source/",
          "defaultStatus": "unaffected",
          "modules": [
            "AppArmor"
          ],
          "packageName": "linux",
          "product": "Ubuntu Linux",
          "repo": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/",
          "vendor": "Canonical",
          "versions": [
            {
              "lessThan": "6.8.0-124.124",
              "status": "affected",
              "version": "6.8.0",
              "versionType": "dpkg"
            },
            {
              "lessThan": "6.17.0-35.35",
              "status": "affected",
              "version": "6.17.0",
              "versionType": "dpkg"
            },
            {
              "lessThan": "7.0.0-22.22",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "dpkg"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Tristan Madani (@TristanInSec), Talence Security"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Trevor Lawrence, _SiCk, afflicted.sh"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AF_INET/AF_INET6 socket mediation. The bug can be triggered by an unprivileged local user. This can lead to a kernel oops."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL pointer dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-28T18:29:20.805Z",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=9f03f0012a2367efae1edb4798f1c5103aeb6cbc"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "NULL pointer dereference in Ubuntu Linux AppArmor IPv4/IPv6 socket mediation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2026-47337",
    "datePublished": "2026-05-28T18:29:20.805Z",
    "dateReserved": "2026-05-19T10:37:36.434Z",
    "dateUpdated": "2026-05-28T19:23:08.247Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4743 (GCVE-0-2026-4743)

Vulnerability from cvelistv5 – Published: 2026-03-24 03:25 – Updated: 2026-03-24 14:33
VLAI
Title
Null-Pointer Dereference Vulnerability in taurusxin/ncmdump
Summary
NULL Pointer Dereference vulnerability in taurusxin ncmdump (‎src/utils‎ modules). This vulnerability is associated with program files cJSON.Cpp‎. This issue affects ncmdump: before 1.4.0.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
Vendor Product Version
taurusxin ncmdump Affected: 0 , < 1.4.0 (git)
Create a notification for this product.
Credits
TITAN Team (titancaproject@gmail.com)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4743",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-24T14:33:09.110911Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-24T14:33:16.182Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/taurusxin/ncmdump",
          "defaultStatus": "affected",
          "modules": [
            "\u200esrc/utils\u200e"
          ],
          "product": "ncmdump",
          "programFiles": [
            "cJSON.cpp\u200e"
          ],
          "vendor": "taurusxin",
          "versions": [
            {
              "lessThan": "1.4.0",
              "status": "affected",
              "version": "0",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "TITAN Team (titancaproject@gmail.com)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "NULL Pointer Dereference vulnerability in taurusxin ncmdump (\u200esrc/utils\u200e modules).\u003cp\u003e This vulnerability is associated with program files cJSON.Cpp\u200e.\u003c/p\u003e\u003cp\u003eThis issue affects ncmdump: before 1.4.0.\u003c/p\u003e"
            }
          ],
          "value": "NULL Pointer Dereference vulnerability in taurusxin ncmdump (\u200esrc/utils\u200e modules). This vulnerability is associated with program files cJSON.Cpp\u200e.\n\nThis issue affects ncmdump: before 1.4.0."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NEGLIGIBLE",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 5.2,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "PROOF_OF_CONCEPT",
            "privilegesRequired": "NONE",
            "providerUrgency": "GREEN",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/S:N/AU:N/R:U/V:D/RE:L/U:Green",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "LOW"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T03:25:07.207Z",
        "orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
        "shortName": "GovTech CSG"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/taurusxin/ncmdump/pull/52"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Null-Pointer Dereference Vulnerability in taurusxin/ncmdump",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
    "assignerShortName": "GovTech CSG",
    "cveId": "CVE-2026-4743",
    "datePublished": "2026-03-24T03:25:07.207Z",
    "dateReserved": "2026-03-24T03:24:40.510Z",
    "dateUpdated": "2026-03-24T14:33:16.182Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4751 (GCVE-0-2026-4751)

Vulnerability from cvelistv5 – Published: 2026-03-24 05:37 – Updated: 2026-03-24 14:29
VLAI
Title
NULL Pointer Dereference in tmate-io tmate
Summary
NULL Pointer Dereference vulnerability in tmate-io tmate.This issue affects tmate: before 2.4.0.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
Vendor Product Version
tmate-io tmate Affected: 0 , < 2.4.0 (git)
Create a notification for this product.
Credits
TITAN Team (titancaproject@gmail.com)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4751",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-24T14:28:52.686331Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-24T14:29:05.841Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/tmate-io/tmate",
          "defaultStatus": "affected",
          "product": "tmate",
          "vendor": "tmate-io",
          "versions": [
            {
              "lessThan": "2.4.0",
              "status": "affected",
              "version": "0",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "TITAN Team (titancaproject@gmail.com)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "NULL Pointer Dereference vulnerability in tmate-io tmate.\u003cp\u003eThis issue affects tmate: before 2.4.0.\u003c/p\u003e"
            }
          ],
          "value": "NULL Pointer Dereference vulnerability in tmate-io tmate.This issue affects tmate: before 2.4.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T05:37:44.416Z",
        "orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
        "shortName": "GovTech CSG"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/tmate-io/tmate/pull/328"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "NULL Pointer Dereference in tmate-io tmate",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
    "assignerShortName": "GovTech CSG",
    "cveId": "CVE-2026-4751",
    "datePublished": "2026-03-24T05:37:44.416Z",
    "dateReserved": "2026-03-24T05:37:21.386Z",
    "dateUpdated": "2026-03-24T14:29:05.841Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-48066 (GCVE-0-2026-48066)

Vulnerability from cvelistv5 – Published: 2026-05-27 19:57 – Updated: 2026-05-28 12:54
VLAI
Title
pam_usb: Thread-unsafe static pointer in log.c causes data race under concurrent PAM authentication
Summary
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/log.c contains a process-wide static pointer that is written on every PAM invocation with the address of a stack-local variable. This violates the PAM re-entrancy requirement and creates a data race when the PAM stack is invoked concurrently from multiple threads. This vulnerability is fixed in 0.9.1.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
  • CWE-476 - NULL Pointer Dereference
Assigner
Impacted products
Vendor Product Version
mcdope pam_usb Affected: < 0.9.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-48066",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-28T12:54:24.115213Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-28T12:54:38.194Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "pam_usb",
          "vendor": "mcdope",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.9.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/log.c contains a process-wide static pointer that is written on every PAM invocation with the address of a stack-local variable. This violates the PAM re-entrancy requirement and creates a data race when the PAM stack is invoked concurrently from multiple threads. This vulnerability is fixed in 0.9.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476: NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-27T19:59:06.293Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/mcdope/pam_usb/security/advisories/GHSA-qg76-57wq-mpv6",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/mcdope/pam_usb/security/advisories/GHSA-qg76-57wq-mpv6"
        },
        {
          "name": "https://github.com/mcdope/pam_usb/issues/350",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/mcdope/pam_usb/issues/350"
        },
        {
          "name": "https://github.com/mcdope/pam_usb/issues/55",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/mcdope/pam_usb/issues/55"
        }
      ],
      "source": {
        "advisory": "GHSA-qg76-57wq-mpv6",
        "discovery": "UNKNOWN"
      },
      "title": "pam_usb: Thread-unsafe static pointer in log.c causes data race under concurrent PAM authentication"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-48066",
    "datePublished": "2026-05-27T19:57:42.557Z",
    "dateReserved": "2026-05-20T18:25:25.707Z",
    "dateUpdated": "2026-05-28T12:54:38.194Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-48139 (GCVE-0-2026-48139)

Vulnerability from cvelistv5 – Published: 2026-06-19 13:22 – Updated: 2026-06-22 17:31
VLAI
Title
NULL pointer dereference vulnerability in NI grpc-device data moniker service
Summary
There is a NULL pointer dereference vulnerability in NI grpc-device in the data moniker service that may allow an attacker to cause a denial of service by triggering a crash.  Successful exploitation requires an attacker to provide an unknown value to the data moniker service. This affects NI grpc-device 2.17.0 and prior versions.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-476 - NULL pointer dereference
Assigner
NI
Impacted products
Vendor Product Version
NI grpc-device Affected: 0 , ≤ 2.17.0 (semver)
Create a notification for this product.
NI InstrumentStudio Affected: 0 , ≤ 26.3.0 (semver)
Create a notification for this product.
Credits
Sebastián Alba Vives (@Sebasteuo / 0xS4bb1)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-48139",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-22T17:31:14.124099Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-22T17:31:28.080Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "grpc-device",
          "vendor": "NI",
          "versions": [
            {
              "lessThanOrEqual": "2.17.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "InstrumentStudio",
          "vendor": "NI",
          "versions": [
            {
              "lessThanOrEqual": "26.3.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:ni:grpc-device:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "2.17.0",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:ni:instrumentstudio:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "26.3.0",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Sebasti\u00e1n Alba Vives (@Sebasteuo / 0xS4bb1)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThere is a NULL pointer dereference vulnerability in NI grpc-device in the data moniker service that may allow an attacker to cause a denial of service by triggering a crash.\u0026nbsp; Successful exploitation requires an attacker to provide an unknown\u0026nbsp;value to the data moniker service. This affects NI grpc-device 2.17.0 and prior versions. \u0026nbsp;\u003c/p\u003e"
            }
          ],
          "value": "There is a NULL pointer dereference vulnerability in NI grpc-device in the data moniker service that may allow an attacker to cause a denial of service by triggering a crash.\u00a0 Successful exploitation requires an attacker to provide an unknown\u00a0value to the data moniker service. This affects NI grpc-device 2.17.0 and prior versions."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-129",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-129 Pointer Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL pointer dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-19T13:22:32.462Z",
        "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "shortName": "NI"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/multiple-vulnerabilities-in-ni-grpc-device-server.html"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/ni/grpc-device/security/advisories/GHSA-7vg9-5c74-289x"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "NULL pointer dereference vulnerability in NI grpc-device data moniker service",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
    "assignerShortName": "NI",
    "cveId": "CVE-2026-48139",
    "datePublished": "2026-06-19T13:22:32.462Z",
    "dateReserved": "2026-05-20T19:51:56.935Z",
    "dateUpdated": "2026-06-22T17:31:28.080Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation ID: MIT-56

Phase: Implementation

Description:

  • For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation

Phase: Requirements

Description:

  • Select a programming language that is not susceptible to these issues.
Mitigation

Phase: Implementation

Description:

  • Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation

Phase: Architecture and Design

Description:

  • Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation

Phase: Implementation

Description:

  • Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page