Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-43167

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-08 Aug, 2024 | 20:24
Updated At-03 Nov, 2025 | 22:04
Rejected At-
Credits

Unbound: null pointer dereference in unbound

DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red Hat products. NLnet Labs has no further information about the claim, and suggests that affected Red Hat customers refer to available Red Hat documentation or support channels. ORIGINAL DESCRIPTION: A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:08 Aug, 2024 | 20:24
Updated At:03 Nov, 2025 | 22:04
Rejected At:
▼CVE Numbering Authority (CNA)
Unbound: null pointer dereference in unbound

DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red Hat products. NLnet Labs has no further information about the claim, and suggests that affected Red Hat customers refer to available Red Hat documentation or support channels. ORIGINAL DESCRIPTION: A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.

Affected Products
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
unbound
CPEs
  • cpe:/o:redhat:enterprise_linux:6
Default Status
unknown
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
unbound
CPEs
  • cpe:/o:redhat:enterprise_linux:7
Default Status
unknown
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
unbound
CPEs
  • cpe:/o:redhat:enterprise_linux:8
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
unbound
CPEs
  • cpe:/o:redhat:enterprise_linux:9
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhcos
CPEs
  • cpe:/a:redhat:openshift:4
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenStack Platform 16.2
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
openstack-unbound-container
CPEs
  • cpe:/a:redhat:openstack:16.2
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenStack Platform 17.1
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
openstack-unbound-container
CPEs
  • cpe:/a:redhat:openstack:17.1
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenStack Platform 18.0
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
openstack-unbound-container
CPEs
  • cpe:/a:redhat:openstack:18.0
Default Status
affected
Problem Types
TypeCWE IDDescription
CWECWE-476NULL Pointer Dereference
Type: CWE
CWE ID: CWE-476
Description: NULL Pointer Dereference
Metrics
VersionBase scoreBase severityVector
3.12.8LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
Version: 3.1
Base score: 2.8
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
Metrics Other Info
Red Hat severity rating
value:
Low
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Exploits
Credits
Timeline
EventDate
Reported to Red Hat.2024-05-21 00:00:00
Made public.2024-08-07 02:00:00
Event: Reported to Red Hat.
Date: 2024-05-21 00:00:00
Event: Made public.
Date: 2024-08-07 02:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://access.redhat.com/security/cve/CVE-2024-43167
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2303456
issue-tracking
x_refsource_REDHAT
https://github.com/NLnetLabs/unbound/issues/1072
N/A
https://github.com/NLnetLabs/unbound/pull/1073/files
N/A
Hyperlink: https://access.redhat.com/security/cve/CVE-2024-43167
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2303456
Resource:
issue-tracking
x_refsource_REDHAT
Hyperlink: https://github.com/NLnetLabs/unbound/issues/1072
Resource: N/A
Hyperlink: https://github.com/NLnetLabs/unbound/pull/1073/files
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.openwall.com/lists/oss-security/2024/08/16/6
N/A
https://lists.debian.org/debian-lts-announce/2024/09/msg00046.html
N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2024/08/16/6
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2024/09/msg00046.html
Resource: N/A
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:sep@nlnetlabs.nl
Published At:12 Aug, 2024 | 13:38
Updated At:03 Nov, 2025 | 22:18

DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red Hat products. NLnet Labs has no further information about the claim, and suggests that affected Red Hat customers refer to available Red Hat documentation or support channels. ORIGINAL DESCRIPTION: A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.12.8LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
Type: Secondary
Version: 3.1
Base score: 2.8
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-476Secondarysep@nlnetlabs.nl
CWE ID: CWE-476
Type: Secondary
Source: sep@nlnetlabs.nl
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://access.redhat.com/security/cve/CVE-2024-43167sep@nlnetlabs.nl
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=2303456sep@nlnetlabs.nl
N/A
https://github.com/NLnetLabs/unbound/issues/1072sep@nlnetlabs.nl
N/A
https://github.com/NLnetLabs/unbound/pull/1073/filessep@nlnetlabs.nl
N/A
http://www.openwall.com/lists/oss-security/2024/08/16/6af854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.debian.org/debian-lts-announce/2024/09/msg00046.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://access.redhat.com/security/cve/CVE-2024-43167
Source: sep@nlnetlabs.nl
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2303456
Source: sep@nlnetlabs.nl
Resource: N/A
Hyperlink: https://github.com/NLnetLabs/unbound/issues/1072
Source: sep@nlnetlabs.nl
Resource: N/A
Hyperlink: https://github.com/NLnetLabs/unbound/pull/1073/files
Source: sep@nlnetlabs.nl
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2024/08/16/6
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2024/09/msg00046.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

63Records found
CVE-2023-6356
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 5.44%
||
7 Day CHG~0.00%
Published-07 Feb, 2024 | 21:04
Updated-06 Nov, 2025 | 21:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel: null pointer dereference in nvmet_tcp_build_iovec

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service.

Action-Not Available
Vendor-Linux Kernel Organization, IncRed Hat, Inc.Debian GNU/Linux
Product-enterprise_linuxenterprise_linux_euscodeready_linux_builder_for_arm64_euscodeready_linux_builder_for_ibm_z_systems_euscodeready_linux_builder_eusenterprise_linux_for_real_time_for_nfventerprise_linux_for_arm_64_eusvirtualization_hostenterprise_linux_server_ausdebian_linuxcodeready_linux_builder_eus_for_power_little_endian_eusenterprise_linux_for_ibm_z_systems_eusenterprise_linux_for_power_little_endian_eusenterprise_linux_server_tuslinux_kernelenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsenterprise_linux_for_real_timeRed Hat Enterprise Linux 9RHOL-5.8-RHEL-9Red Hat Enterprise Linux 6Red Hat Virtualization 4 for Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Extended Update SupportRed Hat Enterprise Linux 7Red Hat Enterprise Linux 8.8 Extended Update Support
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-6683
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 21.98%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 19:01
Updated-08 Nov, 2025 | 07:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qemu: vnc: null pointer dereference in qemu_clipboard_request()

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and trigger a denial of service.

Action-Not Available
Vendor-QEMURed Hat, Inc.
Product-qemuenterprise_linuxRed Hat Enterprise Linux 9Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8 Advanced VirtualizationRed Hat Enterprise Linux 8Red Hat Enterprise Linux 7
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-10711
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-5.44% / 89.96%
||
7 Day CHG~0.00%
Published-22 May, 2020 | 14:09
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service.

Action-Not Available
Vendor-Canonical Ltd.Red Hat, Inc.Linux Kernel Organization, IncopenSUSEDebian GNU/Linux
Product-3scaleubuntu_linuxdebian_linuxlinux_kernelopenstackvirtualization_hostenterprise_linuxenterprise_linux_ausenterprise_linux_server_tusmessaging_realtime_gridleapKernel
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-32910
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.38% / 59.08%
||
7 Day CHG~0.00%
Published-14 Apr, 2025 | 14:43
Updated-06 Nov, 2025 | 23:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsoup: null pointer deference on libsoup via /auth/soup-auth-digest.c through "soup_auth_digest_authenticate" on client when server omits the "realm" parameter in an unauthorized response with digest authentication

A flaw was found in libsoup, where soup_auth_digest_authenticate() is vulnerable to a NULL pointer dereference. This issue may cause the libsoup client to crash.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 10
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-10914
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-5.77% / 90.27%
||
7 Day CHG~0.00%
Published-04 Sep, 2018 | 14:00
Updated-05 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes.

Action-Not Available
Vendor-glusterDebian GNU/LinuxRed Hat, Inc.openSUSE
Product-enterprise_linux_serverdebian_linuxvirtualization_hostglusterfsleapglusterfs
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-3338
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-11.23% / 93.34%
||
7 Day CHG~0.00%
Published-30 Jun, 2023 | 00:00
Updated-05 Mar, 2025 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Crash due to a null pointer dereference in the dn_nsp_send function

A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. This issue could allow a remote user to crash the system.

Action-Not Available
Vendor-n/aDebian GNU/LinuxNetApp, Inc.Fedora ProjectLinux Kernel Organization, IncRed Hat, Inc.
Product-linux_kerneldebian_linuxactive_iq_unified_managerRed Hat Enterprise Linux 8FedoraRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9kernelRed Hat Enterprise Linux 6
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-32252
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.13% / 33.01%
||
7 Day CHG~0.00%
Published-24 Jul, 2023 | 15:19
Updated-27 Aug, 2024 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Session null pointer dereference denial-of-service vulnerability

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_LOGOFF commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.

Action-Not Available
Vendor-n/aNetApp, Inc.Fedora ProjectLinux Kernel Organization, IncRed Hat, Inc.
Product-linux_kernelh500sh410s_firmwareh700s_firmwareh300s_firmwareh500s_firmwareh410c_firmwareh410sh410ch300sh700sRed Hat Enterprise Linux 9kernelRed Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Fedora
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-31420
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.13%
||
7 Day CHG~0.00%
Published-03 Apr, 2024 | 14:01
Updated-20 Nov, 2025 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cnv: dos through repeatedly calling vm-dump-metrics until virt handler crashes

A NULL pointer dereference flaw was found in KubeVirt. This flaw allows an attacker who has access to a virtual machine guest on a node with DownwardMetrics enabled to cause a denial of service by issuing a high number of calls to vm-dump-metrics --virtio and then deleting the virtual machine.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat OpenShift Virtualization 4
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-14874
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.40% / 60.15%
||
7 Day CHG~0.00%
Published-19 Mar, 2020 | 15:07
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the __i2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _ x[0] will trigger a null pointer dereference bug in case of a memory allocation failure.

Action-Not Available
Vendor-newlib_projectRed Hat, Inc.
Product-newlibnewlib
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-16871
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.52% / 80.94%
||
7 Day CHG~0.00%
Published-30 Jul, 2019 | 16:19
Updated-05 Aug, 2024 | 10:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.

Action-Not Available
Vendor-NetApp, Inc.Linux Kernel Organization, IncRed Hat, Inc.
Product-enterprise_linux_serverh300eenterprise_linux_server_eush500scloud_backupenterprise_linux_server_ausenterprise_linuxh410c_firmwareh300s_firmwareh410sh300sh300e_firmwaredeveloper_toolslinux_kernelh500emrg_realtimeenterprise_linux_workstationh410s_firmwareh500s_firmwareh500e_firmwareh700s_firmwareenterprise_linux_eush700eh410centerprise_linux_server_tush700e_firmwareh700senterprise_linux_desktopkernel:
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-8235
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.10% / 27.88%
||
7 Day CHG~0.00%
Published-30 Aug, 2024 | 16:16
Updated-08 Nov, 2025 | 07:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libvirt: crash of virtinterfaced via virconnectlistinterfaces()

A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon.

Action-Not Available
Vendor-Red Hat, Inc.
Product-enterprise_linuxlibvirtRed Hat Enterprise Linux 9Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8 Advanced VirtualizationRed Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 10
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-3603
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-3.1||LOW
EPSS-0.12% / 30.98%
||
7 Day CHG~0.00%
Published-21 Jul, 2023 | 19:09
Updated-26 Sep, 2024 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Processing sftp server read may cause null dereference

A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was not being checked for failure. This will likely crash the authenticated user's sftp server connection (if implemented as forking as recommended). For thread-based servers, this might also cause DoS for legitimate users. Given this code is not in any released versions, no security releases have been issued.

Action-Not Available
Vendor-libsshn/aRed Hat, Inc.Fedora Project
Product-libsshlibsshRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Extra Packages for Enterprise Linux 7Fedora
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-1698
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-2.4||LOW
EPSS-0.03% / 6.38%
||
7 Day CHG~0.00%
Published-11 Jun, 2025 | 16:14
Updated-12 Jun, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null pointer exception vulnerabilities were reported in the fingerprint sensor service that could allow a local attacker to cause a denial of service.

Action-Not Available
Vendor-Motorola Mobility LLC. (Lenovo Group Limited)
Product-Edge+ 2023Razr 2023Razr 40Edge 40 ProRazr 40 Ultra
CWE ID-CWE-476
NULL Pointer Dereference
  • Previous
  • 1
  • 2
  • Next
Details not found