Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-38786

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-19 Jan, 2022 | 11:53
Updated At-04 Aug, 2024 | 01:51
Rejected At-
Credits

There is a NULL pointer dereference in media/libcedarc/vdecoder of Allwinner R818 SoC Android Q SDK V1.0, which could cause a media crash (denial of service).

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:19 Jan, 2022 | 11:53
Updated At:04 Aug, 2024 | 01:51
Rejected At:
▼CVE Numbering Authority (CNA)

There is a NULL pointer dereference in media/libcedarc/vdecoder of Allwinner R818 SoC Android Q SDK V1.0, which could cause a media crash (denial of service).

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.allwinnertech.com/index.php?c=product&a=index&id=92
x_refsource_MISC
https://github.com/pokerfacett/MY_CVE_CREDIT/blob/master/Allwinner%20R818%20SoC%EF%BC%9AMedia%20vdecoder%20has%20Null%20Pointer%20Dereference%20Vulnerability.md
x_refsource_MISC
https://www.cnvd.org.cn/flaw/show/CNVD-2021-49173
x_refsource_MISC
https://vul.wangan.com/a/CNVD-2021-49173
x_refsource_MISC
Hyperlink: https://www.allwinnertech.com/index.php?c=product&a=index&id=92
Resource:
x_refsource_MISC
Hyperlink: https://github.com/pokerfacett/MY_CVE_CREDIT/blob/master/Allwinner%20R818%20SoC%EF%BC%9AMedia%20vdecoder%20has%20Null%20Pointer%20Dereference%20Vulnerability.md
Resource:
x_refsource_MISC
Hyperlink: https://www.cnvd.org.cn/flaw/show/CNVD-2021-49173
Resource:
x_refsource_MISC
Hyperlink: https://vul.wangan.com/a/CNVD-2021-49173
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.allwinnertech.com/index.php?c=product&a=index&id=92
x_refsource_MISC
x_transferred
https://github.com/pokerfacett/MY_CVE_CREDIT/blob/master/Allwinner%20R818%20SoC%EF%BC%9AMedia%20vdecoder%20has%20Null%20Pointer%20Dereference%20Vulnerability.md
x_refsource_MISC
x_transferred
https://www.cnvd.org.cn/flaw/show/CNVD-2021-49173
x_refsource_MISC
x_transferred
https://vul.wangan.com/a/CNVD-2021-49173
x_refsource_MISC
x_transferred
Hyperlink: https://www.allwinnertech.com/index.php?c=product&a=index&id=92
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/pokerfacett/MY_CVE_CREDIT/blob/master/Allwinner%20R818%20SoC%EF%BC%9AMedia%20vdecoder%20has%20Null%20Pointer%20Dereference%20Vulnerability.md
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.cnvd.org.cn/flaw/show/CNVD-2021-49173
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://vul.wangan.com/a/CNVD-2021-49173
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:19 Jan, 2022 | 12:15
Updated At:26 Jan, 2022 | 17:32

There is a NULL pointer dereference in media/libcedarc/vdecoder of Allwinner R818 SoC Android Q SDK V1.0, which could cause a media crash (denial of service).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
allwinnertech
allwinnertech
>>r818>>*
cpe:2.3:h:allwinnertech:r818:*:*:*:*:*:*:*:*
allwinnertech
allwinnertech
>>android_q_sdk>>1.0
cpe:2.3:a:allwinnertech:android_q_sdk:1.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-476Primarynvd@nist.gov
CWE ID: CWE-476
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/pokerfacett/MY_CVE_CREDIT/blob/master/Allwinner%20R818%20SoC%EF%BC%9AMedia%20vdecoder%20has%20Null%20Pointer%20Dereference%20Vulnerability.mdcve@mitre.org
Broken Link
Third Party Advisory
https://vul.wangan.com/a/CNVD-2021-49173cve@mitre.org
Third Party Advisory
https://www.allwinnertech.com/index.php?c=product&a=index&id=92cve@mitre.org
Product
Vendor Advisory
https://www.cnvd.org.cn/flaw/show/CNVD-2021-49173cve@mitre.org
Third Party Advisory
Hyperlink: https://github.com/pokerfacett/MY_CVE_CREDIT/blob/master/Allwinner%20R818%20SoC%EF%BC%9AMedia%20vdecoder%20has%20Null%20Pointer%20Dereference%20Vulnerability.md
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: https://vul.wangan.com/a/CNVD-2021-49173
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://www.allwinnertech.com/index.php?c=product&a=index&id=92
Source: cve@mitre.org
Resource:
Product
Vendor Advisory
Hyperlink: https://www.cnvd.org.cn/flaw/show/CNVD-2021-49173
Source: cve@mitre.org
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

920Records found
CVE-2019-9430
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.50% / 65.50%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Bluetooth, there is a possible null pointer dereference due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109838296

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-11185
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.71% / 71.79%
||
7 Day CHG~0.00%
Published-18 Aug, 2017 | 17:00
Updated-04 Dec, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature.

Action-Not Available
Vendor-strongswann/a
Product-strongswann/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-9208
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.24% / 88.55%
||
7 Day CHG~0.00%
Published-28 Feb, 2019 | 04:00
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-9771
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.31% / 84.47%
||
7 Day CHG~0.00%
Published-14 Mar, 2019 | 07:00
Updated-04 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function bit_convert_TU at bits.c.

Action-Not Available
Vendor-n/aGNUopenSUSE
Product-libredwgbackports_sleleapn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-10790
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.83%
||
7 Day CHG~0.00%
Published-02 Jul, 2017 | 03:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.

Action-Not Available
Vendor-n/aGNU
Product-libtasn1n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-11113
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 50.97%
||
7 Day CHG~0.00%
Published-08 Jul, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.

Action-Not Available
Vendor-n/aGNU
Product-ncursesn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-24847
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.33%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 05:00
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL pointer Dereference in Modem

Transient DOS in Modem while allocating DSM items.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qdx1010_firmwaresnapdragon_x20_lte_modemsd865_5gsnapdragon_xr1_platformipq6028_firmwareimmersive_home_214_platformqca8081_firmwaresm7250-absnapdragon_x50_5g_modem-rf_systemwcd9340_firmwarewcd9395_firmwareqcn6024qcc710_firmwareqca6426sc8180x-abfastconnect_6700qcn5124_firmwaresm7325-ae_firmwarewsa8832_firmwareqca8337qca6426_firmwarewcd9395qcn7605snapdragon_460_mobile_platformqca6574au_firmwareqcn7606_firmwareipq8078a_firmwarewcd9341snapdragon_x12_lte_modemwsa8810_firmwaresd730_firmwarewsa8845h_firmwaresnapdragon_835_mobile_pc_platform_firmwarefastconnect_6800_firmwaresm8150-acfsm10055sd835_firmwaresnapdragon_4_gen_2_mobile_platform_firmwaresm7150-acsnapdragon_4_gen_1_mobile_platform_firmwarevideo_collaboration_vc1_platform_firmwareqcn9000sm7250-aa_firmwaresnapdragon_695_5g_mobile_platform_firmwaresc8180xp-acvideo_collaboration_vc1_platformwcd9385_firmwareqca6421qca6310snapdragon_630_mobile_platformipq8074a_firmwareipq8076awcd9360snapdragon_8_gen_1_mobile_platform_firmwaresa6155psm7150-ac_firmwareqca6564au_firmwareqca8075sa6155p_firmwaresd835qca6436_firmwaresnapdragon_8\+_gen_1_mobile_platformipq8070a_firmwareqcn5021_firmwareqcn9070sc8180x-afsnapdragon_8_gen_2_mobile_platformsnapdragon_7c\+_gen_3_compute_firmwaresm4125_firmwaresm8250-ac_firmwareqca6420wcn3910csrb31024snapdragon_x70_modem-rf_system_firmwaresnapdragon_845_mobile_platformmdm9250_firmwaresnapdragon_x55_5g_modem-rf_system_firmwaresnapdragon_660_mobile_platformqca6574asm7325-aeqca6174awcd9340snapdragon_630_mobile_platform_firmwareqcm2290qdu1210sm6150-acsc8180xp-aa_firmwareqcn5154_firmwaresm8150-ac_firmwaresm8550p_firmwareqcm8550snapdragon_x20_lte_modem_firmwarewcn3988qcn5122_firmwarepmp8074qcn9024snapdragon_460_mobile_platform_firmwareqca6574sm7325-afsnapdragon_x75_5g_modem-rf_systemsdx57msc8180xp-ac_firmwareqcs410qcm2290_firmwaresa8155pqca8072_firmwarewsa8830sm8550psa6145psnapdragon_8\+_gen_1_mobile_platform_firmwareipq8071awcn3950_firmwaresnapdragon_8_gen_1_mobile_platformsc7180-acfastconnect_6200snapdragon_710_mobile_platformsm7325p_firmwaresd460wcd9360_firmwareqdx1011smart_audio_400_platformvideo_collaboration_vc3_platform_firmwareqcn6023_firmwareqcn5164_firmwaresd670_firmwaresnapdragon_750g_5g_mobile_platformqcn9072sm7150-aaqcn6224_firmwareqca6431sd660_firmwaresdx57m_firmwaresxr2130_firmwarear8035_firmwaresnapdragon_888_5g_mobile_platformsnapdragon_w5\+_gen_1_wearable_platform_firmwareqca6320qca4024_firmwaresd888_firmwaresnapdragon_712_mobile_platformsnapdragon_662_mobile_platform_firmwareqcs6125_firmwareipq8070qcn9074wsa8815_firmwaresm8250-abqca8337_firmwaresnapdragon_x12_lte_modem_firmwareipq8173sm8350-ac_firmwaresm7250p_firmwarewcn3999ipq6010_firmwarewcn3950snapdragon_x65_5g_modem-rf_system_firmwareqcn9070_firmwaresnapdragon_780g_5g_mobile_platformsnapdragon_710_mobile_platform_firmwaresd_675_firmwaresnapdragon_720g_mobile_platformqca9984ipq5010_firmwareqcn9022_firmwaresm7250pcsrb31024_firmwareipq6018sa8155sd_8cx_firmwaresm7150-aa_firmwaresnapdragon_845_mobile_platform_firmwaresd888fsm10055_firmwareqru1062_firmwaresd460_firmwaresnapdragon_4_gen_2_mobile_platformqru1062qca6310_firmwarefastconnect_6800sm8250-acwcd9371fastconnect_6900_firmwaresc8180xp-aasnapdragon_xr2_5g_platform_firmwareqca8075_firmwarevision_intelligence_300_platform_firmwaresnapdragon_835_mobile_pc_platformvideo_collaboration_vc3_platformsnapdragon_865_5g_mobile_platform_firmwareqca6431_firmwareqca6698aq_firmwareqcs2290qcn7606qcs2290_firmwarewcn3999_firmwareqcn7605_firmwaresnapdragon_720g_mobile_platform_firmwarewcd9390_firmwareimmersive_home_318_platform_firmwaresc8180xp-abqcn5024snapdragon_690_5g_mobile_platformqca6430qdx1011_firmwaresc8180xp-ad_firmwaresnapdragon_auto_5g_modem-rfsm7250-ab_firmwareqru1052csra6640_firmwareqca6420_firmwareqcs6490_firmwaresnapdragon_x65_5g_modem-rf_systemipq8076_firmwaresd855_firmwarewcd9335_firmwarewcn3980_firmwareqca6436snapdragon_x24_lte_modem_firmwarewsa8835qca6391_firmwarewsa8840_firmwareqdu1010_firmwareqcs4290_firmwaresnapdragon_865_5g_mobile_platformcsra6620qca8081sd660wsa8815qca9377qcm4325_firmwareqcm4290_firmwareqca9888_firmwareqca9889qcn5024_firmwareipq5010smart_audio_400_platform_firmwaresnapdragon_778g_5g_mobile_platform_firmwaresg4150p_firmwaresnapdragon_480_5g_mobile_platformqru1052_firmwaresnapdragon_670_mobile_platformcsra6620_firmwaresc8180xp-af_firmwareqcs8550sd865_5g_firmwarepmp8074_firmwaresc7180-ad_firmwarewcd9375qca9889_firmwaresa8145psd_675immersive_home_316_platformsm4350-ac_firmwarecsr8811sc7180-ac_firmwaresm7250-ac_firmwareqdx1010qcm8550_firmwareqcs410_firmwaresa6150p_firmwaresw5100psxr1120qcn9000_firmwarevision_intelligence_300_platformqcn9022qcs610_firmwarewcd9335wcd9370qca8072qca6696wcd9341_firmwareipq8076wcn6740_firmwareipq6018_firmwareqca9984_firmwareqcn6023immersive_home_216_platformqdu1110snapdragon_auto_4g_modemipq8078aqca6574auwcd9390csra6640sc8180x-af_firmwareqcn9100_firmwareqcn5122sd730qcn6024_firmwaresnapdragon_695_5g_mobile_platformqcm6125_firmwarec-v2x_9150qcc710snapdragon_850_mobile_compute_platformsxr1120_firmwareqcn5054robotics_rb3_platform315_5g_iot_modem_firmwarefastconnect_6900qru1032_firmwareqcn5052qfw7114315_5g_iot_modemsnapdragon_x55_5g_modem-rf_systemsa8155_firmwaresm7150-abqcn5164snapdragon_888_5g_mobile_platform_firmwareqca6335qcs4490sc7180-adsc8180xp-afmdm9250snapdragon_8\+_gen_2_mobile_platform_firmwarewsa8845qca6421_firmwareqcm6125sc8180x-adcsr8811_firmwarewsa8810qcn5021qdu1000_firmwaresnapdragon_8\+_gen_2_mobile_platformsm8350-acqca6595ausm7315_firmwareqdu1010wcd9326_firmwarewsa8840qcs8550_firmwareqdu1210_firmwareqfw7124_firmwareqcn9012wcd9371_firmwareqcs4490_firmwarewcn3910_firmwarewcd9370_firmwaresnapdragon_750g_5g_mobile_platform_firmwareqdu1110_firmwareqdu1000sa8195pqca6335_firmwareqcm6490immersive_home_316_platform_firmwareipq8076a_firmwaresd675_firmwareqca6430_firmwaresc8180x-aaqcn9024_firmwarewsa8845hsa6150psm7250-aawcd9326sa8155p_firmwareqca6564asnapdragon_675_mobile_platformsnapdragon_662_mobile_platformqcn9074_firmwarevision_intelligence_400_platform_firmwareipq8174sc8180x\+sdx55_firmwareipq8174_firmwaresnapdragon_665_mobile_platformar8035ipq8072asa6155qcm4325qcn6224sc8180x\+sdx55qca6698aqsm6250sm7250-acsc8180x-aa_firmwaresd670sa8145p_firmwaresa8150p_firmwaresnapdragon_w5\+_gen_1_wearable_platformfastconnect_6700_firmwaresnapdragon_636_mobile_platform_firmwarewcn3990snapdragon_680_4g_mobile_platform_firmwareipq8078qcs6490snapdragon_712_mobile_platform_firmwarefastconnect_6200_firmwarear8031_firmwarewsa8830_firmwaresnapdragon_850_mobile_compute_platform_firmwarewsa8845_firmwarewsa8832snapdragon_auto_4g_modem_firmwaresnapdragon_675_mobile_platform_firmwareqcn5022_firmwaresm8250-ab_firmwareqca6564ausc8180xp-adsm6250p_firmwareimmersive_home_214_platform_firmwaresm7325-af_firmwaresa8195p_firmwareqcm4290qcn5054_firmwareqca9888snapdragon_680_4g_mobile_platformsd_455_firmwarear8031sg8275p_firmwareqca9377_firmwareqcm6490_firmwareipq8072a_firmwaresm4125qcm4490_firmwaresnapdragon_855_mobile_platformqru1032robotics_rb3_platform_firmwaresnapdragon_xr2_5g_platformqcs6125snapdragon_7c\+_gen_3_computesnapdragon_670_mobile_platform_firmwaresd_455sm6250_firmwaresc8180x-ad_firmwaresnapdragon_780g_5g_mobile_platform_firmwareqcn6274_firmwareqca6320_firmwaresw5100_firmwarewcn6740sm6225-ad_firmwareqfw7114_firmwareqca4024fastconnect_7800_firmwareimmersive_home_216_platform_firmwareipq8070awcd9380sa6145p_firmwaresa6155_firmwaresnapdragon_4_gen_1_mobile_platformsa8150psnapdragon_778g_5g_mobile_platformsnapdragon_665_mobile_platform_firmwaresnapdragon_x24_lte_modemqcn5052_firmwaresnapdragon_auto_5g_modem-rf_firmwaresm6225-adsd662_firmwaresm4350-acipq6010sw5100aqt1000c-v2x_9150_firmwaresd855sc8180x-ab_firmwarewcn3990_firmwaresm7315qca6564a_firmwarewcd9385sc8180xp-ab_firmwaresd662qcs4290sg8275psm6250psdx55_firmwareipq8071a_firmwaresxr2130ipq6028qcm4490snapdragon_636_mobile_platformqcn9100sm7150-ab_firmwareqca6174a_firmwaresm7325psnapdragon_855_mobile_platform_firmwareaqt1000_firmwaresm6150-ac_firmwareqcn5152_firmwaresc8180x-acqcn6274snapdragon_480_5g_mobile_platform_firmwareqfw7124qca6595au_firmwaresc8180x-ac_firmwaresw5100p_firmwareqca6696_firmwarewcd9380_firmwareqca6574_firmwaresg4150pqcn5124qcn5152vision_intelligence_400_platformqca6574a_firmwaresdx55qcn9072_firmwareipq8074aimmersive_home_318_platformsd675wcd9375_firmwareqca6391snapdragon_x70_modem-rf_systemipq8173_firmwareqcn9012_firmwaresnapdragon_8_gen_2_mobile_platform_firmwaresnapdragon_xr1_platform_firmwaresnapdragon_x50_5g_modem-rf_system_firmwarefastconnect_7800ipq8078_firmwarewcn3988_firmwareipq8070_firmwareqcn5154sd_8cxwsa8835_firmwareqcn5022snapdragon_660_mobile_platform_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewcn3980snapdragon_690_5g_mobile_platform_firmwareqcs610Snapdragonqcn5024_firmwareqca9377_firmwaresnapdragon_850_mobile_compute_platform_firmwaresnapdragon_662_mobile_platform_firmwaresa6150p_firmwaresm6250p_firmwaresa8145p_firmware315_5g_iot_modem_firmwareqcs2290_firmwaresnapdragon_x24_lte_modem_firmwaresg8275p_firmwareipq8173_firmwareqca6431_firmwarewcd9360_firmwarefsm10055_firmwareqcn6224_firmwareqca4024_firmwaresnapdragon_x20_lte_modem_firmwareimmersive_home_318_platform_firmwarewcn3950_firmwaresnapdragon_888_5g_mobile_platform_firmwaresa8150p_firmwareqca6420_firmwareqca6595au_firmwaresd730_firmwaresnapdragon_auto_4g_modem_firmwaresd_455_firmwarecsra6620_firmwaresd_675_firmwaresd675_firmwarecsra6640_firmwareqcn5152_firmwareqcs6125_firmwaresnapdragon_460_mobile_platform_firmwaresnapdragon_480_5g_mobile_platform_firmwarewcn3990_firmwareqcn9000_firmwareqca9984_firmwarequalcomm_video_collaboration_vc3_platform_firmwaresd_8cx_firmwarewcd9371_firmwarewcd9385_firmwareqcn6024_firmwarewcd9326_firmwareimmersive_home_316_platform_firmwaresnapdragon_660_mobile_platform_firmwareqcn5124_firmwaresd460_firmwaresm7315_firmwareqca6320_firmwaresnapdragon_695_5g_mobile_platform_firmwareqca6574au_firmwareqcn5122_firmwareqcn5164_firmwaresdx55_firmwaresnapdragon_835_mobile_pc_platform_firmwareqca8081_firmwareqcn6023_firmwaresa6155_firmwaresm7250p_firmwarewcd9375_firmwarewcn3999_firmwarewsa8845h_firmwareqca6436_firmwaresnapdragon_680_4g_mobile_platform_firmwareqca6564au_firmwaresnapdragon_auto_5g_modem-rf_firmwareipq8070_firmwaresa6155p_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqcm8550_firmwareipq8078a_firmwaresmart_audio_400_platform_firmwaresnapdragon_x70_modem-rf_system_firmwarewsa8840_firmwaresa8155_firmwarerobotics_rb3_platform_firmwareqcs8550_firmwaresd662_firmwarevision_intelligence_300_platform_firmwarewcn3988_firmwareqru1062_firmwaresa6145p_firmwarefastconnect_6700_firmwarewsa8810_firmwarewcd9395_firmwareqdu1000_firmwareqca6698aq_firmwareqca6174a_firmwareipq8071a_firmwaremdm9250_firmwareqcs4290_firmwareqca9888_firmwaresxr2130_firmwareqca6696_firmwareqcs6490_firmwaresnapdragon_x12_lte_modem_firmwareqcn5154_firmwaresnapdragon_665_mobile_platform_firmwareqru1052_firmwarewcn3910_firmwaresnapdragon_855_mobile_platform_firmwaresm6250_firmwareqcc710_firmwareqcn9100_firmwaresnapdragon_712_mobile_platform_firmwarevision_intelligence_400_platform_firmwarewsa8830_firmwaresd855_firmwaresd865_5g_firmwareipq5010_firmwareipq8074a_firmwarewsa8815_firmwarewsa8835_firmwaresd660_firmwaresnapdragon_636_mobile_platform_firmwaresnapdragon_780g_5g_mobile_platform_firmwaresa8195p_firmwaresnapdragon_865_5g_mobile_platform_firmwarefastconnect_6800_firmwareqcn5022_firmwareqcn7606_firmwaresxr1120_firmwareimmersive_home_216_platform_firmwaresg4150p_firmwaresnapdragon_8_gen_2_mobile_platform_firmwaresnapdragon_750g_5g_mobile_platform_firmwareqcm6125_firmwaresnapdragon_675_mobile_platform_firmwareqcm2290_firmwarequalcomm_video_collaboration_vc1_platform_firmwareqca8337_firmwarewcd9380_firmwaresnapdragon_778g_5g_mobile_platform_firmwareipq8076a_firmwareqdu1010_firmwaresnapdragon_670_mobile_platform_firmwaresd670_firmwareqdu1110_firmwarecsr8811_firmwareqcn5054_firmwaresnapdragon_4_gen_1_mobile_platform_firmwareqca8075_firmwaresnapdragon_4_gen_2_mobile_platform_firmwarec-v2x_9150_firmwareqca6310_firmwareqca8072_firmwareqca6430_firmwareqcn5052_firmwareqcn9012_firmwareqfw7114_firmwareipq8070a_firmwarewcd9335_firmwareqca6335_firmwareipq6018_firmwareipq8076_firmwareqcm4325_firmwareqca6574_firmwarewcd9340_firmwaresm4125_firmwaresm7325p_firmwarepmp8074_firmwaresdx57m_firmwareqru1032_firmwaresnapdragon_630_mobile_platform_firmwaresnapdragon_xr2_5g_platform_firmwarewsa8845_firmwareqca6426_firmwareqca6574a_firmwarefastconnect_6200_firmwarewcn3980_firmwaresnapdragon_x55_5g_modem-rf_system_firmwaresnapdragon_x50_5g_modem-rf_system_firmwareqca6421_firmwareaqt1000_firmwarewcn6740_firmwareqcm4490_firmwaresnapdragon_690_5g_mobile_platform_firmwaresnapdragon_845_mobile_platform_firmwareqcn6274_firmwareqcs4490_firmwarear8031_firmwarecsrb31024_firmwareqcm6490_firmwareipq8078_firmwarewsa8832_firmwareqcn9070_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarefastconnect_6900_firmwareipq6028_firmwareipq8072a_firmwareqca9889_firmwaresa8155p_firmwareqdx1011_firmwareqca6564a_firmwareipq8174_firmwareqcn9024_firmwarewcd9341_firmwarefastconnect_7800_firmwareqcm4290_firmwareqcn7605_firmwareqdx1010_firmwaresw5100p_firmwareqcs610_firmwaresnapdragon_8_gen_1_mobile_platform_firmwaresd835_firmwareipq6010_firmwaresnapdragon_720g_mobile_platform_firmwareqca6391_firmwaresnapdragon_710_mobile_platform_firmwareimmersive_home_214_platform_firmwarewcd9370_firmwaresm8550p_firmwaresd888_firmwareqcn9022_firmwareqcn5021_firmwarewcd9390_firmwareqcn9072_firmwaresw5100_firmwareqcn9074_firmwareqcs410_firmwareqfw7124_firmwareqdu1210_firmwarear8035_firmwaresnapdragon_xr1_platform_firmware
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-9400
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.50% / 65.50%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Bluetooth, there is a possible null pointer dereference due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115509589

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-25676
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.77%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 23:10
Updated-19 Feb, 2025 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TensorFlow has null dereference on ParallelConcat with XLA

TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.ParallelConcat` segfaults with a nullptr dereference when given a parameter `shape` with rank that is not greater than zero. A fix is available in TensorFlow 2.12.0 and 2.11.1.

Action-Not Available
Vendor-TensorFlowGoogle LLC
Product-tensorflowtensorflow
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-1000200
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.37% / 58.16%
||
7 Day CHG~0.00%
Published-17 Nov, 2017 | 02:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service

Action-Not Available
Vendor-tcmu-runner_projectn/a
Product-tcmu-runnern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-1000360
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.39% / 59.32%
||
7 Day CHG~0.00%
Published-24 Apr, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

StreamCorruptedException and NullPointerException in OpenDaylight odl-mdsal-xsql. Controller launches exceptions in the console. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0.

Action-Not Available
Vendor-opendaylightn/a
Product-opendaylightn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-9031
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.43% / 62.37%
||
7 Day CHG~0.00%
Published-23 Feb, 2019 | 12:00
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a NULL pointer dereference in the function Mat_VarFree() in mat.c.

Action-Not Available
Vendor-matio_projectn/a
Product-mation/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-25670
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.77%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 23:32
Updated-19 Feb, 2025 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TensorFlow has Null Pointer Error in QuantizedMatMulWithBiasAndDequantize

TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

Action-Not Available
Vendor-TensorFlowGoogle LLC
Product-tensorflowtensorflow
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-1000050
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.60% / 81.44%
||
7 Day CHG~0.00%
Published-13 Jul, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.

Action-Not Available
Vendor-n/aCanonical Ltd.JasPerRed Hat, Inc.Fedora Project
Product-enterprise_linux_desktopjasperenterprise_linux_workstationfedoraenterprise_linux_serverubuntu_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-23948
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 4.19%
||
7 Day CHG-0.02%
Published-09 Feb, 2026 | 18:12
Updated-10 Feb, 2026 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2()

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in rdp_write_logon_info_v2() allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0. This vulnerability is fixed in 3.22.0.

Action-Not Available
Vendor-FreeRDP
Product-freerdpFreeRDP
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-25665
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.75%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 23:39
Updated-19 Feb, 2025 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TensorFlow has Null Pointer Error in SparseSparseMaximum

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `SparseSparseMaximum` is given invalid sparse tensors as inputs, it can give a null pointer error. A fix is included in TensorFlow version 2.12 and version 2.11.1.

Action-Not Available
Vendor-TensorFlowGoogle LLC
Product-tensorflowtensorflow
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-9934
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-11.58% / 93.49%
||
7 Day CHG~0.00%
Published-04 Jan, 2017 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-24818
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.37% / 58.15%
||
7 Day CHG+0.02%
Published-24 Apr, 2023 | 14:23
Updated-04 Feb, 2025 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RIOT-OS vulnerable to null pointer dereference during fragment forwarding

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference. During forwarding of a fragment an uninitialized entry in the reassembly buffer is used. The NULL pointer dereference triggers a hard fault exception resulting in denial of service. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually.

Action-Not Available
Vendor-riot-osRIOT-OS
Product-riotRIOT
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-9296
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.15% / 83.92%
||
7 Day CHG~0.00%
Published-12 Nov, 2016 | 02:19
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams in CPP/7zip/Archive/7z/7zIn.cpp, as used in the 7z.so library and in 7z applications, will cause a crash and a denial of service when decoding malformed 7z files.

Action-Not Available
Vendor-7-zipn/a
Product-p7zipn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-9937
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.00% / 88.19%
||
7 Day CHG~0.00%
Published-22 Mar, 2019 | 07:07
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.

Action-Not Available
Vendor-sqliten/a
Product-sqliten/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-9570
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.54%
||
7 Day CHG~0.00%
Published-12 Feb, 2018 | 18:00
Updated-06 Aug, 2024 | 02:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cb.exe in Carbon Black 5.1.1.60603 allows attackers to cause a denial of service (out-of-bounds read, invalid pointer dereference, and application crash) by leveraging access to the NetMon named pipe.

Action-Not Available
Vendor-carbonblackn/a
Product-carbon_blackn/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-25660
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.77%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 23:44
Updated-19 Feb, 2025 | 20:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TensorFlow vulnerable to seg fault in `tf.raw_ops.Print`

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when the parameter `summarize` of `tf.raw_ops.Print` is zero, the new method `SummarizeArray<bool>` will reference to a nullptr, leading to a seg fault. A fix is included in TensorFlow version 2.12 and version 2.11.1.

Action-Not Available
Vendor-TensorFlowGoogle LLC
Product-tensorflowtensorflow
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-29241
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.41% / 60.64%
||
7 Day CHG-0.16%
Published-03 May, 2021 | 13:17
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).

Action-Not Available
Vendor-n/aCODESYS GmbH
Product-development_systemcontrol_for_pfc200_slcontrol_for_pfc100_slcontrol_runtime_system_toolkitcontrol_for_iot2000_slcontrol_for_raspberry_pi_slcontrol_for_beaglebone_slcontrol_for_empc-a\/imx6_slgatewaycontrol_for_linux_sledge_gatewayn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-9294
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.49% / 65.09%
||
7 Day CHG~0.00%
Published-12 Nov, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Artifex Software, Inc. MuJS before 5008105780c0b0182ea6eda83ad5598f225be3ee allows context-dependent attackers to conduct "denial of service (application crash)" attacks by using the "malformed labeled break/continue in JavaScript" approach, related to a "NULL pointer dereference" issue affecting the jscompile.c component.

Action-Not Available
Vendor-n/aArtifex Software Inc.
Product-mujsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-1976
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.08% / 22.91%
||
7 Day CHG~0.00%
Published-06 Feb, 2026 | 03:02
Updated-09 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Free5GC SMF SessionDeletionResponse null pointer dereference

A weakness has been identified in Free5GC up to 4.1.0. Affected is the function SessionDeletionResponse of the component SMF. This manipulation causes null pointer dereference. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. It is suggested to install a patch to address this issue.

Action-Not Available
Vendor-free5gcn/a
Product-free5gcFree5GC
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-2062
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.09% / 26.25%
||
7 Day CHG~0.00%
Published-06 Feb, 2026 | 18:32
Updated-11 Feb, 2026 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open5GS PGW S5U Address sgwc_sxa_handle_session_modification_response null pointer dereference

A vulnerability was identified in Open5GS up to 2.7.6. This affects the function sgwc_s5c_handle_modify_bearer_response/sgwc_sxa_handle_session_modification_response of the component PGW S5U Address Handler. The manipulation leads to null pointer dereference. The attack can be initiated remotely. The exploit is publicly available and might be used. The identifier of the patch is f1bbd7b57f831e2a070780a7d8d5d4c73babdb59. Applying a patch is the recommended action to fix this issue.

Action-Not Available
Vendor-open5gsn/a
Product-open5gsOpen5GS
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-9562
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.17% / 78.38%
||
7 Day CHG~0.00%
Published-23 Nov, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835.

Action-Not Available
Vendor-n/aSAP SE
Product-netweaver_application_server_javan/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-1975
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.08% / 22.91%
||
7 Day CHG~0.00%
Published-06 Feb, 2026 | 02:32
Updated-09 Feb, 2026 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Free5GC pfcp_reports.go identityTriggerType null pointer dereference

A security flaw has been discovered in Free5GC up to 4.1.0. This impacts the function identityTriggerType of the file pfcp_reports.go. The manipulation results in null pointer dereference. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Applying a patch is advised to resolve this issue.

Action-Not Available
Vendor-free5gcn/a
Product-free5gcFree5GC
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-9448
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.08% / 83.67%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting the tags TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII to values that access 0-byte arrays. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9297.

Action-Not Available
Vendor-n/aopenSUSELibTIFF
Product-opensuselibtiffn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-9114
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.48% / 64.50%
||
7 Day CHG~0.00%
Published-30 Oct, 2016 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service.

Action-Not Available
Vendor-uclouvainn/a
Product-openjpegn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-9772
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.23% / 84.24%
||
7 Day CHG~0.00%
Published-14 Mar, 2019 | 07:00
Updated-04 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LEADER at dwg.spec.

Action-Not Available
Vendor-n/aGNUopenSUSE
Product-libredwgbackports_sleleapn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-24832
Matching Score-4
Assigner-Meta Platforms, Inc.
ShareView Details
Matching Score-4
Assigner-Meta Platforms, Inc.
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.97%
||
7 Day CHG~0.00%
Published-18 May, 2023 | 21:24
Updated-21 Jan, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A null pointer dereference bug in Hermes prior to commit 5cae9f72975cf0e5a62b27fdd8b01f103e198708 could have been used by an attacker to crash an Hermes runtime where the EnableHermesInternal config option was set to true. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.

Action-Not Available
Vendor-Facebook
Product-hermesHermes
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-8723
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-0.45% / 63.07%
||
7 Day CHG~0.00%
Published-13 Apr, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an '/' will cause a segmentation fault in the web server. An attacker can send any of a multitude of potentially unexpected HTTP get requests to trigger this vulnerability.

Action-Not Available
Vendor-Moxa Inc.
Product-awk-3131aawk-3131a_firmwareAWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-25663
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.05%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 23:40
Updated-19 Feb, 2025 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TensorFlow has Null Pointer Error in TensorArrayConcatV2

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `ctx->step_containter()` is a null ptr, the Lookup function will be executed with a null pointer. A fix is included in TensorFlow 2.12.0 and 2.11.1.

Action-Not Available
Vendor-TensorFlowGoogle LLC
Product-tensorflowtensorflow
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-9113
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.45% / 63.10%
||
7 Day CHG~0.00%
Published-30 Oct, 2016 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service.

Action-Not Available
Vendor-uclouvainn/a
Product-openjpegn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-9049
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-1.40% / 80.14%
||
7 Day CHG~0.00%
Published-21 Feb, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server process to dereference a null pointer. An attacker can simply connect to a TCP port in order to trigger this vulnerability.

Action-Not Available
Vendor-Aerospike Inc.
Product-database_serverDatabase Server
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-28361
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.54% / 67.06%
||
7 Day CHG~0.00%
Published-13 Mar, 2021 | 19:00
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Storage Performance Development Kit (SPDK) before 20.01.01. If a PDU is sent to the iSCSI target with a zero length (but data is expected), the iSCSI target can crash with a NULL pointer dereference.

Action-Not Available
Vendor-spdkn/a
Product-storage_performance_development_kitn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-28307
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 55.96%
||
7 Day CHG~0.00%
Published-12 Mar, 2021 | 08:15
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the fltk crate before 0.15.3 for Rust. There is a NULL pointer dereference during attempted use of a non-raster image for a window icon.

Action-Not Available
Vendor-fltk_projectn/a
Product-fltkn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-28838
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.04% / 77.13%
||
7 Day CHG~0.00%
Published-10 Aug, 2021 | 17:23
Updated-03 Aug, 2024 | 21:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null pointer dereference vulnerability in D-Link DAP-2310 2,10RC039, DAP-2330 1.10RC036 BETA, DAP-2360 2.10RC055, DAP-2553 3.10rc039 BETA, DAP-2660 1.15rc131b, DAP-2690 3.20RC115 BETA, DAP-2695 1.20RC093, DAP-3320 1.05RC027 BETA and DAP-3662 1.05rc069 in the sbin/httpd binary. The crash happens at the `atoi' operation when a specific network package are sent to the httpd binary.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dap-2690_firmwaredap-3662_firmwaredap-2360dap-2690dap-2695_firmwaredap-2330dap-2660dap-2360_firmwaredap-2330_firmwaredap-2310_firmwaredap-3320dap-2695dap-3320_firmwaredap-2310dap-2660_firmwaredap-2553_firmwaredap-2553dap-3662n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-27631
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-7.5||HIGH
EPSS-0.32% / 55.00%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 00:00
Updated-03 Aug, 2024 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

Action-Not Available
Vendor-SAP SE
Product-netweaver_as_abapSAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server)
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-7997
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.15% / 78.14%
||
7 Day CHG~0.00%
Published-18 Jan, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer.

Action-Not Available
Vendor-n/aGraphicsMagick
Product-graphicsmagickn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-21680
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 14.01%
||
7 Day CHG+0.01%
Published-07 Jan, 2026 | 17:50
Updated-09 Jan, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
iccDEV has Null Pointer Dereference in CIccProfile::CheckTagTypes()

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a NULL pointer dereference vulnerability. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.

Action-Not Available
Vendor-InternationalColorConsortiumInternational Color Consortium (ICC)
Product-iccdeviccDEV
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-8726
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-0.45% / 63.07%
||
7 Day CHG~0.00%
Published-13 Apr, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable null pointer dereference vulnerability exists in the Web Application /forms/web_runScript iw_filename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web server.

Action-Not Available
Vendor-Moxa Inc.
Product-awk-3131aawk-3131a_firmwareAWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-28236
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.43% / 62.39%
||
7 Day CHG~0.00%
Published-02 Dec, 2021 | 21:47
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference via out_dxfb.c.

Action-Not Available
Vendor-n/aGNU
Product-libredwgn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-28845
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 55.96%
||
7 Day CHG~0.00%
Published-10 Aug, 2021 | 19:13
Updated-03 Aug, 2024 | 21:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service by sending the POST request to apply_cgi via the lang action without a language key.

Action-Not Available
Vendor-n/aTRENDnet, Inc.
Product-tew-821dap2kactew-825dap_firmwaretew-755ap2kactew-755ap_firmwaretew-755ap2kac_firmwaretew-825daptew-821dap2kac_firmwaretew-755apn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-28840
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.04% / 77.13%
||
7 Day CHG~0.00%
Published-10 Aug, 2021 | 17:32
Updated-03 Aug, 2024 | 21:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695 1.17.RC063, DAP-3320 1.01.RC014 and DAP-3662 1.01.RC022 in the upload_config function of sbin/httpd binary. When the binary handle the specific HTTP GET request, the content in upload_file variable is NULL in the upload_config function then the strncasecmp would take NULL as first argument, and incur the NULL pointer dereference vulnerability.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dap-2690_firmwaredap-3662_firmwaredap-2360dap-2690dap-2695_firmwaredap-2330dap-2660dap-2360_firmwaredap-2330_firmwaredap-2310_firmwaredap-3320dap-2695dap-3320_firmwaredap-2310dap-2660_firmwaredap-2553_firmwaredap-2553dap-3662n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2014-3581
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-4.88% / 89.36%
||
7 Day CHG~0.00%
Published-10 Oct, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.

Action-Not Available
Vendor-n/aThe Apache Software FoundationRed Hat, Inc.Oracle CorporationCanonical Ltd.
Product-enterprise_linux_serverenterprise_linux_server_ausenterprise_linux_eusenterprise_manager_ops_centerubuntu_linuxenterprise_linux_desktophttp_serverenterprise_linux_server_tuslinuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-27607
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-7.5||HIGH
EPSS-0.32% / 55.00%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 00:00
Updated-03 Aug, 2024 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThSncIn() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

Action-Not Available
Vendor-SAP SE
Product-netweaver_as_abapSAP NetWeaver ABAP Server and ABAP Platform (Dispatcher)
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-28543
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-0.92% / 75.56%
||
7 Day CHG~0.00%
Published-16 Mar, 2021 | 14:43
Updated-03 Aug, 2024 | 21:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Varnish varnish-modules before 0.17.1 allows remote attackers to cause a denial of service (daemon restart) in some configurations. This does not affect organizations that only install the Varnish Cache product; however, it is common to install both Varnish Cache and varnish-modules. Specifically, an assertion failure or NULL pointer dereference can be triggered in Varnish Cache through the varnish-modules header.append() and header.copy() functions. For some Varnish Configuration Language (VCL) files, this gives remote clients an opportunity to cause a Varnish Cache restart. A restart reduces overall availability and performance due to an increased number of cache misses, and may cause higher load on backend servers.

Action-Not Available
Vendor-varnish-cachen/aFedora Project
Product-varnish-modulesfedoravarnish-modules_klarlackn/a
CWE ID-CWE-617
Reachable Assertion
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-9817
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.67%
||
7 Day CHG~0.00%
Published-03 Sep, 2025 | 07:38
Updated-05 Dec, 2025 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer Dereference in Wireshark

SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service

Action-Not Available
Vendor-Wireshark Foundation
Product-wiresharkWireshark
CWE ID-CWE-476
NULL Pointer Dereference
  • Previous
  • 1
  • 2
  • ...
  • 5
  • 6
  • 7
  • ...
  • 18
  • 19
  • Next
Details not found