Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-6395

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-10 Jul, 2025 | 15:20
Updated At-22 Jan, 2026 | 00:06
Rejected At-
Credits

Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()

A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:10 Jul, 2025 | 15:20
Updated At:22 Jan, 2026 | 00:06
Rejected At:
â–¼CVE Numbering Authority (CNA)
Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()

A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().

Affected Products
Collection URL
https://www.gnutls.org/
Package Name
libgnutls
Default Status
unaffected
Versions
Affected
  • From 0 before 3.8.10 (semver)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 10
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
gnutls
CPEs
  • cpe:/o:redhat:enterprise_linux:10.0
Default Status
affected
Versions
Unaffected
  • From 0:3.8.9-9.el10_0.14 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
gnutls
CPEs
  • cpe:/a:redhat:enterprise_linux:8::appstream
  • cpe:/o:redhat:enterprise_linux:8::baseos
Default Status
affected
Versions
Unaffected
  • From 0:3.6.16-8.el8_10.4 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
gnutls
CPEs
  • cpe:/a:redhat:enterprise_linux:8::appstream
  • cpe:/o:redhat:enterprise_linux:8::baseos
Default Status
affected
Versions
Unaffected
  • From 0:3.6.16-8.el8_10.4 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
gnutls
CPEs
  • cpe:/o:redhat:enterprise_linux:9::baseos
  • cpe:/a:redhat:enterprise_linux:9::appstream
Default Status
affected
Versions
Unaffected
  • From 0:3.8.3-6.el9_6.2 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
gnutls
CPEs
  • cpe:/o:redhat:enterprise_linux:9::baseos
  • cpe:/a:redhat:enterprise_linux:9::appstream
Default Status
affected
Versions
Unaffected
  • From 0:3.8.3-6.el9_6.2 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
gnutls
CPEs
  • cpe:/o:redhat:rhel_e4s:9.2::baseos
  • cpe:/a:redhat:rhel_e4s:9.2::appstream
Default Status
affected
Versions
Unaffected
  • From 0:3.7.6-21.el9_2.4 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9.4 Extended Update Support
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
gnutls
CPEs
  • cpe:/o:redhat:rhel_eus:9.4::baseos
  • cpe:/a:redhat:rhel_eus:9.4::appstream
Default Status
affected
Versions
Unaffected
  • From 0:3.8.3-4.el9_4.4 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ceph Storage 7
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
rhceph/rhceph-7-rhel9
CPEs
  • cpe:/a:redhat:ceph_storage:7::el9
Default Status
affected
Versions
Unaffected
  • From sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Discovery 2
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
discovery/discovery-ui-rhel9
CPEs
  • cpe:/a:redhat:discovery:2::el9
Default Status
affected
Versions
Unaffected
  • From sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Insights proxy 1.5
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
insights-proxy/insights-proxy-container-rhel9
CPEs
  • cpe:/a:redhat:insights_proxy:1.5::el9
Default Status
affected
Versions
Unaffected
  • From sha256:8eb6b896e1eac4080a564e146f95c4166e47ca137083b37119027c6a77011207 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
gnutls
CPEs
  • cpe:/o:redhat:enterprise_linux:6
Default Status
unknown
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
gnutls
CPEs
  • cpe:/o:redhat:enterprise_linux:7
Default Status
unknown
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhcos
CPEs
  • cpe:/a:redhat:openshift:4
Default Status
affected
Problem Types
TypeCWE IDDescription
CWECWE-476NULL Pointer Dereference
Type: CWE
CWE ID: CWE-476
Description: NULL Pointer Dereference
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
Metrics Other Info
Red Hat severity rating
value:
Moderate
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Exploits
Credits
Timeline
EventDate
Reported to Red Hat.2025-07-07 09:30:13
Made public.2025-07-10 07:56:53
Event: Reported to Red Hat.
Date: 2025-07-07 09:30:13
Event: Made public.
Date: 2025-07-10 07:56:53
Replaced By
Rejected Reason
References
HyperlinkResource
https://access.redhat.com/errata/RHSA-2025:16115
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:16116
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:17181
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:17348
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:17361
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:17415
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:19088
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:22529
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-6395
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2376755
issue-tracking
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2025:16115
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2025:16116
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2025:17181
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2025:17348
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2025:17361
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2025:17415
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2025:19088
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2025:22529
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/security/cve/CVE-2025-6395
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2376755
Resource:
issue-tracking
x_refsource_REDHAT
â–¼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html
N/A
http://www.openwall.com/lists/oss-security/2025/07/11/3
N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2025/07/11/3
Resource: N/A
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:10 Jul, 2025 | 16:15
Updated At:01 Dec, 2025 | 22:15

A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-476Secondarysecalert@redhat.com
CWE ID: CWE-476
Type: Secondary
Source: secalert@redhat.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://access.redhat.com/errata/RHSA-2025:16115secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2025:16116secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2025:17181secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2025:17348secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2025:17361secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2025:17415secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2025:19088secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2025:22529secalert@redhat.com
N/A
https://access.redhat.com/security/cve/CVE-2025-6395secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=2376755secalert@redhat.com
N/A
http://www.openwall.com/lists/oss-security/2025/07/11/3af854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.debian.org/debian-lts-announce/2025/08/msg00005.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2025:16115
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2025:16116
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2025:17181
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2025:17348
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2025:17361
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2025:17415
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2025:19088
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2025:22529
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/security/cve/CVE-2025-6395
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2376755
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2025/07/11/3
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

62Records found
CVE-2023-6683
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 21.98%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 19:01
Updated-08 Nov, 2025 | 07:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qemu: vnc: null pointer dereference in qemu_clipboard_request()

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and trigger a denial of service.

Action-Not Available
Vendor-QEMURed Hat, Inc.
Product-qemuenterprise_linuxRed Hat Enterprise Linux 9Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8 Advanced VirtualizationRed Hat Enterprise Linux 8Red Hat Enterprise Linux 7
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-10711
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-5.44% / 89.96%
||
7 Day CHG~0.00%
Published-22 May, 2020 | 14:09
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service.

Action-Not Available
Vendor-Canonical Ltd.Red Hat, Inc.Linux Kernel Organization, IncopenSUSEDebian GNU/Linux
Product-3scaleubuntu_linuxdebian_linuxlinux_kernelopenstackvirtualization_hostenterprise_linuxenterprise_linux_ausenterprise_linux_server_tusmessaging_realtime_gridleapKernel
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-32910
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.38% / 59.08%
||
7 Day CHG~0.00%
Published-14 Apr, 2025 | 14:43
Updated-06 Nov, 2025 | 23:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsoup: null pointer deference on libsoup via /auth/soup-auth-digest.c through "soup_auth_digest_authenticate" on client when server omits the "realm" parameter in an unauthorized response with digest authentication

A flaw was found in libsoup, where soup_auth_digest_authenticate() is vulnerable to a NULL pointer dereference. This issue may cause the libsoup client to crash.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 10
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-10914
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-5.77% / 90.27%
||
7 Day CHG~0.00%
Published-04 Sep, 2018 | 14:00
Updated-05 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes.

Action-Not Available
Vendor-glusterDebian GNU/LinuxRed Hat, Inc.openSUSE
Product-enterprise_linux_serverdebian_linuxvirtualization_hostglusterfsleapglusterfs
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-3338
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-11.23% / 93.34%
||
7 Day CHG~0.00%
Published-30 Jun, 2023 | 00:00
Updated-05 Mar, 2025 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Crash due to a null pointer dereference in the dn_nsp_send function

A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. This issue could allow a remote user to crash the system.

Action-Not Available
Vendor-n/aDebian GNU/LinuxNetApp, Inc.Fedora ProjectLinux Kernel Organization, IncRed Hat, Inc.
Product-linux_kerneldebian_linuxactive_iq_unified_managerRed Hat Enterprise Linux 8FedoraRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9kernelRed Hat Enterprise Linux 6
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-32252
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.13% / 33.01%
||
7 Day CHG~0.00%
Published-24 Jul, 2023 | 15:19
Updated-27 Aug, 2024 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Session null pointer dereference denial-of-service vulnerability

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_LOGOFF commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.

Action-Not Available
Vendor-n/aNetApp, Inc.Fedora ProjectLinux Kernel Organization, IncRed Hat, Inc.
Product-linux_kernelh500sh410s_firmwareh700s_firmwareh300s_firmwareh500s_firmwareh410c_firmwareh410sh410ch300sh700sRed Hat Enterprise Linux 9kernelRed Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Fedora
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-31420
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.13%
||
7 Day CHG~0.00%
Published-03 Apr, 2024 | 14:01
Updated-20 Nov, 2025 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cnv: dos through repeatedly calling vm-dump-metrics until virt handler crashes

A NULL pointer dereference flaw was found in KubeVirt. This flaw allows an attacker who has access to a virtual machine guest on a node with DownwardMetrics enabled to cause a denial of service by issuing a high number of calls to vm-dump-metrics --virtio and then deleting the virtual machine.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat OpenShift Virtualization 4
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-14874
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.40% / 60.15%
||
7 Day CHG~0.00%
Published-19 Mar, 2020 | 15:07
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the __i2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _ x[0] will trigger a null pointer dereference bug in case of a memory allocation failure.

Action-Not Available
Vendor-newlib_projectRed Hat, Inc.
Product-newlibnewlib
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-16871
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.52% / 80.94%
||
7 Day CHG~0.00%
Published-30 Jul, 2019 | 16:19
Updated-05 Aug, 2024 | 10:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.

Action-Not Available
Vendor-NetApp, Inc.Linux Kernel Organization, IncRed Hat, Inc.
Product-enterprise_linux_serverh300eenterprise_linux_server_eush500scloud_backupenterprise_linux_server_ausenterprise_linuxh410c_firmwareh300s_firmwareh410sh300sh300e_firmwaredeveloper_toolslinux_kernelh500emrg_realtimeenterprise_linux_workstationh410s_firmwareh500s_firmwareh500e_firmwareh700s_firmwareenterprise_linux_eush700eh410centerprise_linux_server_tush700e_firmwareh700senterprise_linux_desktopkernel:
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-8235
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.10% / 27.88%
||
7 Day CHG~0.00%
Published-30 Aug, 2024 | 16:16
Updated-08 Nov, 2025 | 07:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libvirt: crash of virtinterfaced via virconnectlistinterfaces()

A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon.

Action-Not Available
Vendor-Red Hat, Inc.
Product-enterprise_linuxlibvirtRed Hat Enterprise Linux 9Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8 Advanced VirtualizationRed Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 10
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-3603
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-3.1||LOW
EPSS-0.12% / 30.98%
||
7 Day CHG~0.00%
Published-21 Jul, 2023 | 19:09
Updated-26 Sep, 2024 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Processing sftp server read may cause null dereference

A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was not being checked for failure. This will likely crash the authenticated user's sftp server connection (if implemented as forking as recommended). For thread-based servers, this might also cause DoS for legitimate users. Given this code is not in any released versions, no security releases have been issued.

Action-Not Available
Vendor-libsshn/aRed Hat, Inc.Fedora Project
Product-libsshlibsshRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Extra Packages for Enterprise Linux 7Fedora
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-3319
Matching Score-4
Assigner-Zephyr Project
ShareView Details
Matching Score-4
Assigner-Zephyr Project
CVSS Score-6.5||MEDIUM
EPSS-0.43% / 62.34%
||
7 Day CHG~0.00%
Published-05 Oct, 2021 | 20:50
Updated-16 Sep, 2024 | 22:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses

DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses. Zephyr versions >= > v2.4.0 contain NULL Pointer Dereference (CWE-476), Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364

Action-Not Available
Vendor-Zephyr Project
Product-zephyrzephyr
CWE ID-CWE-588
Attempt to Access Child of a Non-structure Pointer
CWE ID-CWE-476
NULL Pointer Dereference
  • Previous
  • 1
  • 2
  • Next
Details not found