Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-19926

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-23 Dec, 2019 | 00:53
Updated At-05 Aug, 2024 | 02:32
Rejected At-
Credits

multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:23 Dec, 2019 | 00:53
Updated At:05 Aug, 2024 | 02:32
Rejected At:
▼CVE Numbering Authority (CNA)

multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20200114-0003/
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html
vendor-advisory
x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html
vendor-advisory
x_refsource_SUSE
https://access.redhat.com/errata/RHSA-2020:0514
vendor-advisory
x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html
vendor-advisory
x_refsource_SUSE
https://www.debian.org/security/2020/dsa-4638
vendor-advisory
x_refsource_DEBIAN
https://usn.ubuntu.com/4298-1/
vendor-advisory
x_refsource_UBUNTU
https://www.oracle.com/security-alerts/cpuapr2020.html
x_refsource_MISC
https://usn.ubuntu.com/4298-2/
vendor-advisory
x_refsource_UBUNTU
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
x_refsource_CONFIRM
Hyperlink: https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089
Resource:
x_refsource_MISC
Hyperlink: https://security.netapp.com/advisory/ntap-20200114-0003/
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://access.redhat.com/errata/RHSA-2020:0514
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://www.debian.org/security/2020/dsa-4638
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://usn.ubuntu.com/4298-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2020.html
Resource:
x_refsource_MISC
Hyperlink: https://usn.ubuntu.com/4298-2/
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089
x_refsource_MISC
x_transferred
https://security.netapp.com/advisory/ntap-20200114-0003/
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://access.redhat.com/errata/RHSA-2020:0514
vendor-advisory
x_refsource_REDHAT
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://www.debian.org/security/2020/dsa-4638
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://usn.ubuntu.com/4298-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://www.oracle.com/security-alerts/cpuapr2020.html
x_refsource_MISC
x_transferred
https://usn.ubuntu.com/4298-2/
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20200114-0003/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2020:0514
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://www.debian.org/security/2020/dsa-4638
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://usn.ubuntu.com/4298-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2020.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://usn.ubuntu.com/4298-2/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:23 Dec, 2019 | 01:15
Updated At:15 Apr, 2022 | 16:17

multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
sqlite
sqlite
>>sqlite>>3.30.1
cpe:2.3:a:sqlite:sqlite:3.30.1:*:*:*:*:*:*:*
Siemens AG
siemens
>>sinec_infrastructure_network_services>>Versions before 1.0.1.1(exclusive)
cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql_workbench>>Versions up to 8.0.19(inclusive)
cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_desktop>>6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server>>6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_workstation>>6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
openSUSE
opensuse
>>backports_sle>>15.0
cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
openSUSE
opensuse
>>leap>>15.1
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
SUSE
suse
>>package_hub>>-
cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*
SUSE
suse
>>linux_enterprise>>12.0
cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>cloud_backup>>-
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-476Primarynvd@nist.gov
CWE ID: CWE-476
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.htmlcve@mitre.org
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.htmlcve@mitre.org
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.htmlcve@mitre.org
Mailing List
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0514cve@mitre.org
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfcve@mitre.org
Patch
Third Party Advisory
https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089cve@mitre.org
Patch
Third Party Advisory
https://security.netapp.com/advisory/ntap-20200114-0003/cve@mitre.org
Third Party Advisory
https://usn.ubuntu.com/4298-1/cve@mitre.org
Broken Link
https://usn.ubuntu.com/4298-2/cve@mitre.org
Broken Link
https://www.debian.org/security/2020/dsa-4638cve@mitre.org
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.htmlcve@mitre.org
Patch
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2020:0514
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
Hyperlink: https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20200114-0003/
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://usn.ubuntu.com/4298-1/
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: https://usn.ubuntu.com/4298-2/
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: https://www.debian.org/security/2020/dsa-4638
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2020.html
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

3203Records found
CVE-2014-3581
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.94% / 85.90%
||
7 Day CHG~0.00%
Published-10 Oct, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.

Action-Not Available
Vendor-n/aThe Apache Software FoundationRed Hat, Inc.Oracle CorporationCanonical Ltd.
Product-enterprise_linux_serverenterprise_linux_server_ausenterprise_linux_eusenterprise_manager_ops_centerubuntu_linuxenterprise_linux_desktophttp_serverenterprise_linux_server_tuslinuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-1000179
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.56% / 67.41%
||
7 Day CHG~0.00%
Published-08 May, 2018 | 15:00
Updated-05 Aug, 2024 | 12:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login &msg) coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service.

Action-Not Available
Vendor-quassel-ircn/aDebian GNU/Linux
Product-quasseldebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-1000121
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.38% / 84.34%
||
7 Day CHG~0.00%
Published-14 Mar, 2018 | 18:00
Updated-05 Aug, 2024 | 12:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service

Action-Not Available
Vendor-n/aDebian GNU/LinuxOracle CorporationCanonical Ltd.Red Hat, Inc.CURL
Product-enterprise_linux_serverubuntu_linuxcommunications_webrtc_session_controllerdebian_linuxpeoplesoft_enterprise_peopletoolsenterprise_linux_workstationcurlenterprise_linux_desktopenterprise_manager_ops_centern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-1199
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.13% / 33.37%
||
7 Day CHG~0.00%
Published-29 Aug, 2022 | 00:00
Updated-23 Apr, 2025 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncNetApp, Inc.Red Hat, Inc.
Product-linux_kernelh500sh410s_firmwareenterprise_linuxactive_iq_unified_managerh300s_firmwareh500s_firmwareh700s_firmwareh410c_firmwareh410sh410ch300sh700sKernel
CWE ID-CWE-416
Use After Free
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-20024
Matching Score-10
Assigner-Kaspersky
ShareView Details
Matching Score-10
Assigner-Kaspersky
CVSS Score-7.5||HIGH
EPSS-2.82% / 85.60%
||
7 Day CHG~0.00%
Published-19 Dec, 2018 | 16:00
Updated-05 Aug, 2024 | 11:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains null pointer dereference in VNC client code that can result DoS.

Action-Not Available
Vendor-libvnc_projectn/aCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxlibvncserverdebian_linuxLibVNC
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-1000027
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-33.73% / 96.80%
||
7 Day CHG~0.00%
Published-09 Feb, 2018 | 23:00
Updated-05 Aug, 2024 | 12:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.

Action-Not Available
Vendor-n/aSquid CacheCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxsquidn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2002-0401
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.82% / 90.17%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause Ethereal to dereference a NULL pointer.

Action-Not Available
Vendor-etherealn/aDebian GNU/Linux
Product-etherealdebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-9468
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.36% / 79.39%
||
7 Day CHG~0.00%
Published-07 Jun, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC servers can cause a crash.

Action-Not Available
Vendor-irssin/aDebian GNU/Linux
Product-debian_linuxirssin/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-9214
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.08% / 89.39%
||
7 Day CHG~0.00%
Published-28 Feb, 2019 | 04:00
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissector could crash. This was addressed in epan/dissectors/packet-rpcap.c by avoiding an attempted dereference of a NULL conversation.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-9772
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.44% / 84.56%
||
7 Day CHG~0.00%
Published-14 Mar, 2019 | 07:00
Updated-04 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LEADER at dwg.spec.

Action-Not Available
Vendor-n/aGNUopenSUSE
Product-libredwgbackports_sleleapn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-9923
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.37% / 57.89%
||
7 Day CHG~0.00%
Published-22 Mar, 2019 | 07:06
Updated-06 Aug, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.

Action-Not Available
Vendor-n/aopenSUSEGNU
Product-leaptarn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-9937
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.08% / 88.09%
||
7 Day CHG~0.00%
Published-22 Mar, 2019 | 07:07
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.

Action-Not Available
Vendor-sqliten/a
Product-sqliten/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-9776
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.44% / 84.56%
||
7 Day CHG~0.00%
Published-14 Mar, 2019 | 07:00
Updated-04 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (later than CVE-2019-9779).

Action-Not Available
Vendor-n/aGNUopenSUSE
Product-libredwgbackports_sleleapn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-39928
Matching Score-10
Assigner-GitLab Inc.
ShareView Details
Matching Score-10
Assigner-GitLab Inc.
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.15%
||
7 Day CHG~0.00%
Published-18 Nov, 2021 | 00:00
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file

Action-Not Available
Vendor-Wireshark FoundationDebian GNU/LinuxFedora Project
Product-wiresharkdebian_linuxfedoraWireshark
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-9771
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.52% / 84.82%
||
7 Day CHG~0.00%
Published-14 Mar, 2019 | 07:00
Updated-04 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function bit_convert_TU at bits.c.

Action-Not Available
Vendor-n/aGNUopenSUSE
Product-libredwgbackports_sleleapn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-0490
Matching Score-10
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-10
Assigner-Debian GNU/Linux
CVSS Score-7.5||HIGH
EPSS-1.03% / 76.45%
||
7 Day CHG~0.00%
Published-05 Mar, 2018 | 15:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. The directory-authority protocol-list subprotocol implementation allows remote attackers to cause a denial of service (NULL pointer dereference and directory-authority crash) via a misformatted relay descriptor that is mishandled during voting.

Action-Not Available
Vendor-torprojectn/aDebian GNU/Linux
Product-tordebian_linuxTor
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-9208
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.38% / 88.54%
||
7 Day CHG~0.00%
Published-28 Feb, 2019 | 04:00
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-8936
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-8.16% / 91.83%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 15:37
Updated-04 Aug, 2024 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NTP through 4.2.8p12 has a NULL Pointer Dereference.

Action-Not Available
Vendor-ntpn/aopenSUSENetApp, Inc.Fedora ProjectHewlett Packard Enterprise (HPE)
Product-clustered_data_ontapntpdata_ontapfedorahpux-ntpleapn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2013-4118
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.90% / 82.48%
||
7 Day CHG~0.00%
Published-03 Oct, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FreeRDP before 1.1.0-beta1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.

Action-Not Available
Vendor-n/aopenSUSEFreeRDP
Product-leapopensusefreerdpn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-8820
Matching Score-10
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-10
Assigner-Debian GNU/Linux
CVSS Score-7.5||HIGH
EPSS-0.82% / 73.33%
||
7 Day CHG~0.00%
Published-03 Dec, 2017 | 07:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer dereference and application crash) against directory authorities via a malformed descriptor, aka TROVE-2017-010.

Action-Not Available
Vendor-tor_projectn/aDebian GNU/Linux
Product-tordebian_linuxTor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2013-2765
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.33% / 88.46%
||
7 Day CHG~0.00%
Published-15 Jul, 2013 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.

Action-Not Available
Vendor-trustwaven/aThe Apache Software FoundationopenSUSE
Product-http_serveropensusemodsecurityn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-39028
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.43% / 61.76%
||
7 Day CHG+0.15%
Published-30 Aug, 2022 | 00:00
Updated-03 Aug, 2024 | 11:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.

Action-Not Available
Vendor-netkit-telnet_projectn/aDebian GNU/LinuxGNUMIT (Massachusetts Institute of Technology)
Product-kerberos_5inetutilsnetkit-telnetdebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-7655
Matching Score-10
Assigner-Eclipse Foundation
ShareView Details
Matching Score-10
Assigner-Eclipse Foundation
CVSS Score-7.5||HIGH
EPSS-0.65% / 69.97%
||
7 Day CHG~0.00%
Published-27 Mar, 2019 | 19:20
Updated-05 Aug, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library.

Action-Not Available
Vendor-Debian GNU/LinuxEclipse Foundation AISBL
Product-mosquittodebian_linuxEclipse Mosquitto
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-36222
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.58% / 89.92%
||
7 Day CHG~0.00%
Published-22 Jul, 2021 | 17:28
Updated-04 Aug, 2024 | 00:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.

Action-Not Available
Vendor-n/aOracle CorporationDebian GNU/LinuxMIT (Massachusetts Institute of Technology)NetApp, Inc.
Product-debian_linuxoncommand_insightactive_iq_unified_manageroncommand_workflow_automationkerberos_5snapcentermysql_servern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-34798
Matching Score-10
Assigner-Apache Software Foundation
ShareView Details
Matching Score-10
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-10.97% / 93.14%
||
7 Day CHG~0.00%
Published-16 Sep, 2021 | 14:40
Updated-04 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL pointer dereference in httpd core

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.

Action-Not Available
Vendor-NetApp, Inc.Debian GNU/LinuxThe Apache Software FoundationOracle CorporationTenable, Inc.Broadcom Inc.Siemens AGFedora Project
Product-peoplesoft_enterprise_peopletoolscommunications_cloud_native_core_network_function_cloud_native_environmentcloud_backuptenable.scstoragegridsinema_serverruggedcom_nmshttp_serverclustered_data_ontapdebian_linuxsinec_nmssinema_remote_connect_serverinstantis_enterprisetrackfedorazfs_storage_appliance_kitenterprise_manager_base_platformbrocade_fabric_operating_system_firmwareApache HTTP Server
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2014-3469
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-6.24% / 90.51%
||
7 Day CHG~0.00%
Published-05 Jun, 2014 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.

Action-Not Available
Vendor-n/aGNUSUSERed Hat, Inc.Debian GNU/Linux
Product-gnutlsdebian_linuxenterprise_linux_serverenterprise_linux_server_auslinux_enterprise_high_availability_extensionlinux_enterprise_serverenterprise_linux_eusenterprise_linux_desktopenterprise_linux_server_tusenterprise_linux_workstationlinux_enterprise_desktoplibtasn1virtualizationlinux_enterprise_software_development_kitn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-5991
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-19.34% / 95.14%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 06:11
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. Versions 1.11 and later are unaffected.

Action-Not Available
Vendor-n/aArtifex Software Inc.Debian GNU/Linux
Product-debian_linuxmupdfn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-15723
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.11% / 77.28%
||
7 Day CHG~0.00%
Published-22 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Irssi before 1.0.5, overlong nicks or targets may result in a NULL pointer dereference while splitting the message.

Action-Not Available
Vendor-irssin/aDebian GNU/Linux
Product-debian_linuxirssin/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-14493
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.61% / 68.65%
||
7 Day CHG~0.00%
Published-01 Aug, 2019 | 16:05
Updated-05 Aug, 2024 | 00:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp.

Action-Not Available
Vendor-opencvn/aDebian GNU/Linux
Product-debian_linuxopencvn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-3730
Matching Score-10
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-10
Assigner-OpenSSL Software Foundation
CVSS Score-7.5||HIGH
EPSS-42.31% / 97.35%
||
7 Day CHG-12.78%
Published-04 May, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bad (EC)DHE parameters cause a client crash

In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.

Action-Not Available
Vendor-OpenSSLOracle Corporation
Product-opensslcommunications_application_session_controllercommunications_operations_monitorcommunications_eagle_lnp_application_processorjd_edwards_world_securityjd_edwards_enterpriseone_toolsagile_engineering_data_managementOpenSSL
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-12482
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.55% / 67.03%
||
7 Day CHG~0.00%
Published-30 May, 2019 | 22:40
Updated-14 Mar, 2025 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function gf_isom_get_original_format_type at isomedia/drm_sample.c in libgpac.a, as demonstrated by MP4Box.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGPAC
Product-debian_linuxgpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-5193
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.88% / 82.37%
||
7 Day CHG~0.00%
Published-03 Mar, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nickcmp function in Irssi before 0.8.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a message without a nick.

Action-Not Available
Vendor-irssin/aDebian GNU/Linux
Product-debian_linuxirssin/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-41524
Matching Score-10
Assigner-Apache Software Foundation
ShareView Details
Matching Score-10
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-8.62% / 92.05%
||
7 Day CHG+2.03%
Published-05 Oct, 2021 | 08:40
Updated-04 Aug, 2024 | 03:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
null pointer dereference in h2 fuzzing

While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project.

Action-Not Available
Vendor-The Apache Software FoundationNetApp, Inc.Fedora ProjectOracle Corporation
Product-http_serverinstantis_enterprisetrackfedoracloud_backupApache HTTP Server
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-39921
Matching Score-10
Assigner-GitLab Inc.
ShareView Details
Matching Score-10
Assigner-GitLab Inc.
CVSS Score-7.5||HIGH
EPSS-0.13% / 33.76%
||
7 Day CHG~0.00%
Published-19 Nov, 2021 | 00:00
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file

Action-Not Available
Vendor-Wireshark FoundationDebian GNU/LinuxFedora Project
Product-wiresharkdebian_linuxfedoraWireshark
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-6535
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 10.36%
||
7 Day CHG~0.00%
Published-07 Feb, 2024 | 21:04
Updated-04 Aug, 2025 | 05:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel: null pointer dereference in nvmet_tcp_execute_request

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.

Action-Not Available
Vendor-Red Hat, Inc.Linux Kernel Organization, Inc
Product-enterprise_linux_for_arm_64_eusenterprise_linux_server_ausenterprise_linuxvirtualization_hostcodeready_linux_builder_for_ibm_z_systems_eusenterprise_linux_for_real_time_for_nfvlinux_kernelcodeready_linux_builder_eus_for_power_little_endian_eusenterprise_linux_eusenterprise_linux_for_power_little_endian_euscodeready_linux_builder_for_arm64_eusenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsenterprise_linux_server_tusenterprise_linux_for_ibm_z_systems_eusenterprise_linux_for_real_timecodeready_linux_builder_eusRed Hat Enterprise Linux 7RHOL-5.8-RHEL-9Red Hat Virtualization 4 for Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Extended Update SupportRed Hat Enterprise Linux 9.2 Extended Update Support
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-6536
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 7.27%
||
7 Day CHG-0.00%
Published-07 Feb, 2024 | 21:05
Updated-04 Aug, 2025 | 05:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel: null pointer dereference in __nvmet_req_complete

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Linux Kernel Organization, Inc
Product-enterprise_linux_for_arm_64_eusenterprise_linux_server_ausenterprise_linuxvirtualization_hostcodeready_linux_builder_for_ibm_z_systems_eusenterprise_linux_for_real_time_for_nfvdebian_linuxlinux_kernelcodeready_linux_builder_eus_for_power_little_endian_eusenterprise_linux_eusenterprise_linux_for_power_little_endian_euscodeready_linux_builder_for_arm64_eusenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsenterprise_linux_server_tusenterprise_linux_for_ibm_z_systems_eusenterprise_linux_for_real_timecodeready_linux_builder_eusRed Hat Enterprise Linux 7RHOL-5.8-RHEL-9Red Hat Virtualization 4 for Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Extended Update SupportRed Hat Enterprise Linux 9.2 Extended Update Support
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-6356
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 7.10%
||
7 Day CHG-0.00%
Published-07 Feb, 2024 | 21:04
Updated-04 Aug, 2025 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel: null pointer dereference in nvmet_tcp_build_iovec

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Linux Kernel Organization, Inc
Product-enterprise_linux_for_arm_64_eusenterprise_linux_server_ausenterprise_linuxvirtualization_hostcodeready_linux_builder_for_ibm_z_systems_eusenterprise_linux_for_real_time_for_nfvdebian_linuxlinux_kernelcodeready_linux_builder_eus_for_power_little_endian_eusenterprise_linux_eusenterprise_linux_for_power_little_endian_euscodeready_linux_builder_for_arm64_eusenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsenterprise_linux_server_tusenterprise_linux_for_ibm_z_systems_eusenterprise_linux_for_real_timecodeready_linux_builder_eusRed Hat Enterprise Linux 7RHOL-5.8-RHEL-9Red Hat Virtualization 4 for Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Extended Update SupportRed Hat Enterprise Linux 9.2 Extended Update Support
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-9779
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.44% / 84.56%
||
7 Day CHG~0.00%
Published-14 Mar, 2019 | 07:00
Updated-04 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (earlier than CVE-2019-9776).

Action-Not Available
Vendor-n/aGNUopenSUSE
Product-libredwgbackports_sleleapn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2013-4412
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.94% / 75.26%
||
7 Day CHG~0.00%
Published-04 Nov, 2019 | 12:44
Updated-06 Aug, 2024 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

slim has NULL pointer dereference when using crypt() method from glibc 2.17

Action-Not Available
Vendor-berliosslimDebian GNU/LinuxGNU
Product-glibcslimdebian_linuxslim
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-38604
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.07% / 22.03%
||
7 Day CHG~0.00%
Published-12 Aug, 2021 | 15:43
Updated-30 May, 2025 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.

Action-Not Available
Vendor-n/aOracle CorporationFedora ProjectGNU
Product-communications_cloud_native_core_security_edge_protection_proxyenterprise_operations_monitorfedoracommunications_cloud_native_core_binding_support_functioncommunications_cloud_native_core_network_function_cloud_native_environmentglibccommunications_cloud_native_core_network_repository_functioncommunications_cloud_native_core_unified_data_repositoryn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2006-2661
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-10.35% / 92.89%
||
7 Day CHG~0.00%
Published-30 May, 2006 | 19:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference.

Action-Not Available
Vendor-freetypen/aDebian GNU/LinuxCanonical Ltd.
Product-freetypedebian_linuxubuntu_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2013-1415
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.59% / 80.88%
||
7 Day CHG~0.00%
Published-03 Mar, 2013 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)openSUSE
Product-kerberos_5opensusen/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-52696
Matching Score-10
Assigner-kernel.org
ShareView Details
Matching Score-10
Assigner-kernel.org
CVSS Score-7.5||HIGH
EPSS-0.33% / 55.55%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 14:27
Updated-04 May, 2025 | 07:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
powerpc/powernv: Add a null pointer check in opal_powercap_init()

In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check in opal_powercap_init() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure.

Action-Not Available
Vendor-Linux Kernel Organization, IncDebian GNU/Linux
Product-linux_kerneldebian_linuxLinuxlinux_kernel
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2005-2459
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-5.31% / 89.65%
||
7 Day CHG~0.00%
Published-22 Aug, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The huft_build function in inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 returns the wrong value, which allows remote attackers to cause a denial of service (kernel crash) via a certain compressed file that leads to a null pointer dereference, a different vulnerability than CVE-2005-2458.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, Inc
Product-linux_kerneldebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-6095
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.27%
||
7 Day CHG~0.00%
Published-27 Mar, 2020 | 19:20
Updated-04 Aug, 2024 | 08:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.

Action-Not Available
Vendor-gstreamer_projectn/aopenSUSE
Product-gst-rtsp-serverbackports_sleleapGStreamer
CWE ID-CWE-690
Unchecked Return Value to NULL Pointer Dereference
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-46838
Matching Score-10
Assigner-Xen Project
ShareView Details
Matching Score-10
Assigner-Xen Project
CVSS Score-7.5||HIGH
EPSS-0.09% / 26.89%
||
7 Day CHG~0.00%
Published-29 Jan, 2024 | 10:18
Updated-02 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linux: netback processing of zero-length transmit fragment

Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts are directly translated into what Linux calls SKB fragments. Such converted request parts can, when for a particular SKB they are all of length zero, lead to a de-reference of NULL in core networking code.

Action-Not Available
Vendor-Linux Kernel Organization, IncDebian GNU/LinuxFedora Project
Product-linux_kerneldebian_linuxfedoraLinux
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2004-0079
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.27% / 83.98%
||
7 Day CHG~0.00%
Published-18 Mar, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

Action-Not Available
Vendor-litebluecoatneoterisstonesoftscotarantella4dsecurecomputingn/aAvaya LLCNovellSun Microsystems (Oracle Corporation)Symantec CorporationCisco Systems, Inc.Apple Inc.HP Inc.Check Point Software Technologies Ltd.Silicon Graphics, Inc.OpenBSDRed Hat, Inc.Dell Inc.FreeBSD FoundationOpenSSLVMware (Broadcom Inc.)
Product-wbemfirewall_services_moduleapplication_and_content_networking_softwareaaa_servers8700okena_stormwatchmac_os_xthreat_responseapache-based_web_serverpix_firewallpropacks8500provider-1call_managerciscoworks_common_management_foundationclientless_vpn_gateway_4400secure_content_acceleratorvsus8300stonebeat_fullclustergsx_serverfirewall-1access_registrarstonebeat_securityclustergss_4480_global_site_selectortarantella_enterprisestonegate_vpn_clientproxysgvpn-1mac_os_x_serverenterprise_linux_desktopmds_9000enterprise_linuxwebstaropenserverbsafe_ssl-jioswebnssg203css11000_content_services_switchopenssllinuxintuity_audixserverclustersg5openbsdsg208sg200cacheos_ca_sastonegateciscoworks_common_servicesgss_4490_global_site_selectorimanagerinstant_virtual_extranetedirectorysidewinderhp-uxconverged_communications_serverstonebeat_webclustercrypto_accelerator_4000speed_technologies_litespeed_web_serverfreebsdpix_firewall_softwarecontent_services_switch_11500css_secure_content_acceleratorn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2004-0458
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.15% / 83.57%
||
7 Day CHG~0.00%
Published-19 Aug, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mah-jong before 1.6.2 allows remote attackers to cause a denial of service (server crash) via a missing argument, which triggers a null pointer dereference.

Action-Not Available
Vendor-nicolas_boullisn/aDebian GNU/Linux
Product-mah-jongdebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-18189
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.46% / 80.03%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 10:00
Updated-05 Aug, 2024 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service.

Action-Not Available
Vendor-n/aSoX - Sound eXchangeDebian GNU/Linux
Product-debian_linuxsound_exchangen/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-17997
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.70% / 71.09%
||
7 Day CHG~0.00%
Published-30 Dec, 2017 | 07:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-debian_linuxwiresharkn/a
CWE ID-CWE-476
NULL Pointer Dereference
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 64
  • 65
  • Next
Details not found