Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-26025

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-24 Feb, 2026 | 00:15
Updated At-26 Feb, 2026 | 14:31
Rejected At-
Credits

free5GC SMF crash (nil pointer dereference) on PFCP SessionReportRequest when ReportType.USAR=1 and UsageReport omits mandatory URRID sub-IE 

free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, SMF panics and terminates when processing a malformed PFCP SessionReportRequest on the PFCP (UDP/8805) interface. No known upstream fix is available, but some workarounds are available. ACL/firewall the PFCP interface so only trusted UPF IPs can reach SMF (reduce spoofing/abuse surface); drop/inspect malformed PFCP SessionReportRequest messages at the network edge where feasible, and/or add recover() around PFCP handler dispatch to avoid whole-process termination (mitigation only).

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:24 Feb, 2026 | 00:15
Updated At:26 Feb, 2026 | 14:31
Rejected At:
▼CVE Numbering Authority (CNA)
free5GC SMF crash (nil pointer dereference) on PFCP SessionReportRequest when ReportType.USAR=1 and UsageReport omits mandatory URRID sub-IE 

free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, SMF panics and terminates when processing a malformed PFCP SessionReportRequest on the PFCP (UDP/8805) interface. No known upstream fix is available, but some workarounds are available. ACL/firewall the PFCP interface so only trusted UPF IPs can reach SMF (reduce spoofing/abuse surface); drop/inspect malformed PFCP SessionReportRequest messages at the network edge where feasible, and/or add recover() around PFCP handler dispatch to avoid whole-process termination (mitigation only).

Affected Products
Vendor
free5gc
Product
smf
Versions
Affected
  • <= 1.4.1
Problem Types
TypeCWE IDDescription
CWECWE-476CWE-476: NULL Pointer Dereference
Type: CWE
CWE ID: CWE-476
Description: CWE-476: NULL Pointer Dereference
Metrics
VersionBase scoreBase severityVector
4.06.6MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
Version: 4.0
Base score: 6.6
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/free5gc/free5gc/security/advisories/GHSA-vw8r-p7h3-g3xh
x_refsource_CONFIRM
https://github.com/free5gc/free5gc/issues/807
x_refsource_MISC
Hyperlink: https://github.com/free5gc/free5gc/security/advisories/GHSA-vw8r-p7h3-g3xh
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/free5gc/free5gc/issues/807
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:24 Feb, 2026 | 01:16
Updated At:25 Feb, 2026 | 16:28

free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, SMF panics and terminates when processing a malformed PFCP SessionReportRequest on the PFCP (UDP/8805) interface. No known upstream fix is available, but some workarounds are available. ACL/firewall the PFCP interface so only trusted UPF IPs can reach SMF (reduce spoofing/abuse surface); drop/inspect malformed PFCP SessionReportRequest messages at the network edge where feasible, and/or add recover() around PFCP handler dispatch to avoid whole-process termination (mitigation only).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.6MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 4.0
Base score: 6.6
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
free5gc
free5gc
>>smf>>Versions up to 1.4.1(inclusive)
cpe:2.3:a:free5gc:smf:*:*:*:*:*:go:*:*
Weaknesses
CWE IDTypeSource
CWE-476Primarysecurity-advisories@github.com
CWE ID: CWE-476
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/free5gc/free5gc/issues/807security-advisories@github.com
Exploit
Issue Tracking
https://github.com/free5gc/free5gc/security/advisories/GHSA-vw8r-p7h3-g3xhsecurity-advisories@github.com
Vendor Advisory
Hyperlink: https://github.com/free5gc/free5gc/issues/807
Source: security-advisories@github.com
Resource:
Exploit
Issue Tracking
Hyperlink: https://github.com/free5gc/free5gc/security/advisories/GHSA-vw8r-p7h3-g3xh
Source: security-advisories@github.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

769Records found
CVE-2023-33973
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.27% / 50.40%
||
7 Day CHG+0.05%
Published-30 May, 2023 | 16:18
Updated-10 Jan, 2025 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RIOT-OS vulnerable to NULL pointer dereference during NHC encoding

RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send a crafted frame which is forwarded by the device. During encoding of the packet a NULL pointer dereference occurs. This crashes the device leading to denial of service. A patch is available at pull request 19678. There are no known workarounds.

Action-Not Available
Vendor-riot-osRIOT-OS
Product-riotRIOT
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-34164
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.10% / 27.02%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 12:35
Updated-19 Nov, 2024 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of incomplete input parameter verification in the communication framework module. Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-34400
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.33% / 55.25%
||
7 Day CHG+0.07%
Published-13 Feb, 2025 | 00:00
Updated-27 Jun, 2025 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. In case of parsing file, service try to define header inside the file and convert it to null-terminated string. If character is missed, will return null pointer.

Action-Not Available
Vendor-mercedes-benzn/a
Product-headunit_ntg6_mercedes-benz_user_experiencen/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-15504
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.42% / 61.25%
||
7 Day CHG~0.00%
Published-18 Aug, 2018 | 00:00
Updated-05 Aug, 2024 | 09:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.

Action-Not Available
Vendor-embedthisn/aJuniper Networks, Inc.
Product-ex4400mx240ex2200-vcex4300-48tafiex3300mx2010mx5ex2300-48mpex2300mex6210mx104junosex9251qfx10000ptx1000ex4300-48tex8200-vcsrx380srx4200mx10008ptx10003_160cex9200ex4300-48mp-sex2300-24mpex4300-24pex4300ex9250ex2300ex9253srx1400mx10000mx204ex4600mx480ex4300-48tdc-afiptx10003_80cptx3000srx5600ex2300-csrx650ex4500-vcptx100016ex4300-32f-ssrx345ptx5000srx5800ex4200-vcsrx110srx4000srx550_hmsrx240h2t1600goaheadptx1000-72qex9204srx5400ex8208t4000mx80ex8200srx210ex4500ex4600-vcex3200ex8216mx150ptx10001-36mrmx10ex4300-48t-dc-afisrx3600ex4300-48mpmx2020ptx10001mx10016mxex4300-48pex4300-48t-afiptx10002ex4300-48p-smx40ptx10004srx4600srx550mmx2008ptx10002-60cex4300-24tappwebex6200ptx10016ex3400srx550ex2200ex4300-48t-sex4300msrx240mex4550-vcex4550\/vcex4300-24t-sex3300-vcex4300-32fex4300-vcex2300-24tptx10008mx10003srx5000ex2200-cex2300-24pex4300-mpptx10003_81cdmx960ex4300-48t-dcex2300-48psrx220t320ex4650t640ptx10003srx100srx3400srx300ex4550srx1500ex4300-48tdcex4200srx340ptx10000srx4100srx240ex2300-48tex9208ex4300-32f-dcex9214srx320ex4300-24p-sn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-34398
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.41%
||
7 Day CHG+0.05%
Published-13 Feb, 2025 | 00:00
Updated-27 Jun, 2025 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Some values of this table are serialized archive according boost library. The boost library contains a vulnerability/null pointer dereference.

Action-Not Available
Vendor-mercedes-benzn/a
Product-headunit_ntg6_mercedes-benz_user_experiencen/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-57613
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.13%
||
7 Day CHG~0.00%
Published-02 Sep, 2025 | 00:00
Updated-10 Sep, 2025 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) A null pointer dereference vulnerability in the input() constructor function allows an attacker to cause a denial of service. The vulnerability is triggered when the avio_alloc_context() call fails and returns NULL, which is then stored and later dereferenced by the Io struct's Drop implementation.

Action-Not Available
Vendor-meh.schizofrenin/a
Product-rust-ffmpegn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-57615
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.13%
||
7 Day CHG~0.00%
Published-02 Sep, 2025 | 00:00
Updated-10 Sep, 2025 | 18:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) An integer overflow vulnerability in the Vector::new constructor function allows an attacker to cause a denial of service via a null pointer dereference. The vulnerability stems from an unchecked cast of a usize parameter to c_int, which can result in a negative value being passed to the underlying C function sws_allocVec().

Action-Not Available
Vendor-meh.schizofrenin/a
Product-rust-ffmpegn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-58120
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-8.7||HIGH
EPSS-0.15% / 36.04%
||
7 Day CHG~0.00%
Published-15 Oct, 2025 | 13:55
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP Next (CNF, SPK, and Kubernetes) vulnerability

When HTTP/2 Ingress is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_next_for_kubernetesbig-ip_next_service_proxy_for_kubernetesbig-ip_next_cloud-native_network_functionsBIG-IP Next CNFBIG-IP Next SPKBIG-IP Next for Kubernetes
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-58144
Matching Score-4
Assigner-Xen Project
ShareView Details
Matching Score-4
Assigner-Xen Project
CVSS Score-7.5||HIGH
EPSS-0.06% / 17.77%
||
7 Day CHG~0.00%
Published-11 Sep, 2025 | 14:05
Updated-04 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arm issues with page refcounting

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are two issues related to the mapping of pages belonging to other domains: For one, an assertion is wrong there, where the case actually needs handling. A NULL pointer de-reference could result on a release build. This is CVE-2025-58144. And then the P2M lock isn't held until a page reference was actually obtained (or the attempt to do so has failed). Otherwise the page can not only change type, but even ownership in between, thus allowing domain boundaries to be violated. This is CVE-2025-58145.

Action-Not Available
Vendor-Xen Project
Product-xenXen
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-33109
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.61%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 05:38
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer Dereference in WLAN Firmware

Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd865_5gqca6595snapdragon_xr1_platformipq6028_firmwareimmersive_home_214_platformqca8081_firmwareqcn9001snapdragon_x50_5g_modem-rf_systemwcd9340_firmwareipq5028_firmwarewcd9395_firmwaresnapdragon_730_mobile_platformqcn6024ar9380qcc710_firmwareqca6426fastconnect_6700snapdragon_768g_5g_mobile_platform_firmwaresa4150pqcn5124_firmwarewsa8832_firmwareqca8337qca6426_firmwarewcd9395qcn7605snapdragon_460_mobile_platformqca6574au_firmwaresnapdragon_8cx_gen_3_compute_platform_firmwareqcn7606_firmwareipq8078a_firmwareqam8295pwcd9341wsa8810_firmwaresd730_firmwarewsa8845h_firmwaresnapdragon_8cx_gen_2_5g_compute_platformqca2064_firmwaresnapdragon_835_mobile_pc_platform_firmwarefastconnect_6800_firmwaresd835_firmwaresnapdragon_4_gen_2_mobile_platform_firmwaresnapdragon_4_gen_1_mobile_platform_firmwarevideo_collaboration_vc1_platform_firmwaresa4155psnapdragon_778g\+_5g_mobile_platformqcn9000snapdragon_8cx_compute_platform_firmwareqca2062_firmwaresnapdragon_480\+_5g_mobile_platform_firmwaresnapdragon_695_5g_mobile_platform_firmwareqsm8250_firmwareqsm8350_firmwaresnapdragon_765g_5g_mobile_platformvideo_collaboration_vc1_platformwcd9385_firmwareqca6421qca6310ipq8074a_firmwareipq8076awcd9360snapdragon_ar2_gen_1_platform_firmwaresnapdragon_8_gen_1_mobile_platform_firmwaresnapdragon_7c_compute_platformimmersive_home_3210_platform_firmwaresnapdragon_685_4g_mobile_platformsa6155pqca6564au_firmwaresnapdragon_768g_5g_mobile_platformqca8075qam8650pvideo_collaboration_vc5_platform_firmwaresa6155p_firmwaresd835snapdragon_870_5g_mobile_platform_firmwareqca6436_firmwaresnapdragon_8\+_gen_1_mobile_platformipq8070a_firmwareqcn5021_firmwareqcn9070snapdragon_7c_compute_platform_firmwaresnapdragon_8_gen_2_mobile_platformsnapdragon_7c\+_gen_3_compute_firmwareqca8084sm4125_firmwareqca6420snapdragon_7c_gen_2_compute_platform_firmwarewcn3910csrb31024snapdragon_845_mobile_platformsnapdragon_x55_5g_modem-rf_system_firmwareqcc2076snapdragon_660_mobile_platformqca6574aqca9898_firmwarewcd9340qcs8250_firmwareqcm2290qcn6122_firmwareqcn5154_firmwareipq8074sm8550p_firmwareqcm8550wcn3988qcn5122_firmwareqcn9024pmp8074snapdragon_460_mobile_platform_firmwareqca6574snapdragon_x75_5g_modem-rf_systemsnapdragon_8cx_compute_platformqca2066_firmwareqca8082qcs410qcm2290_firmwaresa8155pqca8072_firmwarewsa8830sm8550psa6145psnapdragon_8\+_gen_1_mobile_platform_firmwareqcn6122sa8255p_firmwareqcc2073qrb5165m_firmwaresnapdragon_678_mobile_platform_firmwareqca9985ipq8071aqcn6112wcn3950_firmwareqrb5165nsnapdragon_8_gen_1_mobile_platformqca1062_firmwarefastconnect_6200snapdragon_710_mobile_platformsm7325p_firmwaresd460snapdragon_730g_mobile_platformsnapdragon_8cx_gen_2_5g_compute_platform_firmwarewcd9360_firmwaresmart_audio_400_platformsnapdragon_855\+\/860_mobile_platformvideo_collaboration_vc3_platform_firmwareqcn6023_firmwareqcn5164_firmwaresd670_firmwareimmersive_home_326_platform_firmwareqca6438_firmwaresnapdragon_750g_5g_mobile_platformqcn9072qcn6224_firmwareipq4028_firmwareqca6431sd660_firmwareqca8082_firmwaresxr2130_firmwarear8035_firmwaresnapdragon_730_mobile_platform_firmwareqrb5165msnapdragon_888_5g_mobile_platformqca1064qca6320snapdragon_w5\+_gen_1_wearable_platform_firmwareqca4024_firmwareqca0000_firmwaresd888_firmwaresnapdragon_712_mobile_platformsnapdragon_662_mobile_platform_firmwareqcs6125_firmwareqca9992_firmwareqca6428qca9990ipq8070ipq9008_firmwareqcn9074wsa8815_firmwareqca8337_firmwareipq8173snapdragon_8c_compute_platformsm7250p_firmwarewcn3999ipq6010_firmwarewcn3950snapdragon_x65_5g_modem-rf_system_firmwareqca6797aq_firmwaresnapdragon_765g_5g_mobile_platform_firmwareipq5028qca9986qcf8001_firmwareqcn9070_firmwaresnapdragon_780g_5g_mobile_platformsnapdragon_710_mobile_platform_firmwaresa8295p_firmwaresd_675_firmwaresa4155p_firmwareqca9984ipq5010_firmwareqcn9022_firmwaresnapdragon_720g_mobile_platformsm7250pcsrb31024_firmwareipq6018sa8155sd_8cx_firmwaresnapdragon_845_mobile_platform_firmwaresd888sd460_firmwaresnapdragon_4_gen_2_mobile_platformipq8069ipq8065qca6310_firmwarefastconnect_6800qcs7230snapdragon_685_4g_mobile_platform_firmwarewcd9371qcn9001_firmwaresnapdragon_782g_mobile_platform_firmwarefastconnect_6900_firmwaresnapdragon_732g_mobile_platform_firmwaresnapdragon_xr2_5g_platform_firmwareqca8075_firmwarevision_intelligence_300_platform_firmwaresnapdragon_835_mobile_pc_platformsnapdragon_865\+_5g_mobile_platformqca2065_firmwaresdx65m_firmwarevideo_collaboration_vc3_platformsnapdragon_865_5g_mobile_platform_firmwareqca9980_firmwareqca9985_firmwareqca6431_firmwareqca6698aq_firmwareqcs2290qcn7606qcs2290_firmwarewcn3999_firmwareqca8084_firmwareqcn7605_firmwaresnapdragon_678_mobile_platformsa8255pqcs7230_firmwaresnapdragon_720g_mobile_platform_firmwarewcd9390_firmwareimmersive_home_318_platform_firmwareqcn5024snapdragon_690_5g_mobile_platformqca6430snapdragon_auto_5g_modem-rfssg2125pcsra6640_firmwareimmersive_home_326_platformqcn9013_firmwareqam8650p_firmwarevideo_collaboration_vc5_platformqca2062qca6420_firmwareqcs6490_firmwaresnapdragon_x65_5g_modem-rf_systemipq8076_firmwaresd855_firmwarewcd9335_firmwareqrb5165n_firmwareqca6436wcn3980_firmwarewsa8835wsa8840_firmwareqca6391_firmwaresnapdragon_732g_mobile_platformipq8068qcs4290_firmwaresnapdragon_865_5g_mobile_platformcsra6620qca8081sd660wsa8815qam8775pqcm4325_firmwareipq8069_firmwareqcm4290_firmwareqca9888_firmwareqca9889qca1062qcn5024_firmwareqcn9002_firmwareipq5010qcn9274_firmwaresmart_audio_400_platform_firmwaresnapdragon_778g_5g_mobile_platform_firmwaresg4150p_firmwaresnapdragon_480_5g_mobile_platformsnapdragon_670_mobile_platformcsra6620_firmwareqcs8550ipq8068_firmwareqam8775p_firmwaresd865_5g_firmwarepmp8074_firmwarewcd9375qca9889_firmwaresa8145psd_675immersive_home_316_platformsnapdragon_888\+_5g_mobile_platform_firmwareqca2066csr8811qcm8550_firmwareqcs410_firmwaresa6150p_firmwaresw5100psxr1120ipq9574qcn9000_firmwareqcn6102_firmwarevision_intelligence_300_platformqcn9022qcs610_firmwarewcd9335wcd9370qca8072qca6696wcd9341_firmwareqcn9003_firmwareqcc2073_firmwareipq8076wcn6740_firmwareqca1064_firmwareipq6018_firmwareqca9984_firmwareqcn6023immersive_home_216_platformqca9994_firmwareipq6000snapdragon_auto_4g_modemipq8078aqca6574auwcd9390csra6640qcn9100_firmwareqcn5122sd730snapdragon_730g_mobile_platform_firmwareqca6554aqcn6024_firmwareqca9886_firmwaresnapdragon_695_5g_mobile_platformqcm6125_firmwaressg2115pqcc710snapdragon_850_mobile_compute_platformqcn6132_firmwaresxr1120_firmwareqcn5054robotics_rb3_platform315_5g_iot_modem_firmwarefastconnect_6900ipq5332_firmwareqcn5052qca9980qfw7114315_5g_iot_modemipq9574_firmwaresnapdragon_x55_5g_modem-rf_systemqam8255p_firmwareipq8064sa8155_firmwareqcn5164snapdragon_888_5g_mobile_platform_firmwareqca6335qcs4490snapdragon_8\+_gen_2_mobile_platform_firmwarewsa8845qcn6100_firmwareqca6421_firmwareqcm6125csr8811_firmwarewsa8810qcn5021qca8085qsm8250snapdragon_8\+_gen_2_mobile_platformqcn6100qca6595ausm7315_firmwarewcd9326_firmwarewsa8840qcs8550_firmwareqca9986_firmwareqfw7124_firmwareqcn9012wcd9371_firmwareqcs4490_firmwareqcf8001wcn3910_firmwaresnapdragon_855\+\/860_mobile_platform_firmwaresdx65mwcd9370_firmwaresnapdragon_750g_5g_mobile_platform_firmwareipq9570sa8195pqca6335_firmwareqcm6490immersive_home_316_platform_firmwareimmersive_home_3210_platformqcn9274ipq8076a_firmwareipq9570_firmwaresxr2230p_firmwarear9380_firmwaresd675_firmwareqca6430_firmwaresnapdragon_870_5g_mobile_platformipq4029_firmwareqcn9011qcn9024_firmwaresnapdragon_8cx_gen_3_compute_platformwsa8845hsa6150pwcd9326sa8155p_firmwaresnapdragon_675_mobile_platformsnapdragon_662_mobile_platformqcn9074_firmwarevision_intelligence_400_platform_firmwareipq8174sc8180x\+sdx55_firmwaresnapdragon_765_5g_mobile_platformflight_rb5_5g_platform_firmwareipq8174_firmwaresnapdragon_665_mobile_platformar8035ipq8072asa6155qca2065qcm4325robotics_rb5_platformqcn6224sc8180x\+sdx55qca6698aqsnapdragon_7c_gen_2_compute_platformsm6250ssg2125p_firmwaresnapdragon_8c_compute_platform_firmwaresd670sa8145p_firmwaresnapdragon_888\+_5g_mobile_platformsa8150p_firmwaresnapdragon_w5\+_gen_1_wearable_platformfastconnect_6700_firmwarewcn3990qca6428_firmwareqcn9002ipq8078snapdragon_680_4g_mobile_platform_firmwareqcs6490qcs8250ipq9554_firmwaresnapdragon_712_mobile_platform_firmwarefastconnect_6200_firmwarear8031_firmwarewsa8830_firmwareqca6678aq_firmwareqca8386_firmwaresnapdragon_850_mobile_compute_platform_firmwarewsa8845_firmwarewsa8832snapdragon_auto_4g_modem_firmwareqcc2076_firmwareqca6678aqsnapdragon_675_mobile_platform_firmwareqcn5022_firmwareqca9992sa4150p_firmwareqca9898ipq9008ipq9554qca6564ausm6250p_firmwareimmersive_home_214_platform_firmwaresa8195p_firmwareqcm4290qcn5054_firmwareqca9888ipq5332snapdragon_680_4g_mobile_platformqcn9013ar8031qcm6490_firmwareipq8072a_firmwaresm4125qcm4490_firmwaresnapdragon_855_mobile_platformrobotics_rb3_platform_firmwareflight_rb5_5g_platformsnapdragon_xr2_5g_platformqcn6112_firmwareqcs6125snapdragon_7c\+_gen_3_computesnapdragon_xr2\+_gen_1_platform_firmwaresnapdragon_670_mobile_platform_firmwareqca8085_firmwareqca9886qcn6132sm6250_firmwareqcn6102snapdragon_780g_5g_mobile_platform_firmwareqca6584auqca6320_firmwareqcn6274_firmwareqcn9011_firmwaresw5100_firmwaresnapdragon_765_5g_mobile_platform_firmwarewcn6740qfw7114_firmwareqca4024qca6595_firmwarefastconnect_7800_firmwareimmersive_home_216_platform_firmwareipq8070awcd9380ipq4028qam8255psa6145p_firmwaresa6155_firmwaresxr2230pqca9990_firmwaresnapdragon_4_gen_1_mobile_platformsa8150pqcn9003snapdragon_778g_5g_mobile_platformsnapdragon_665_mobile_platform_firmwareqcn5052_firmwaresnapdragon_auto_5g_modem-rf_firmwareqca2064sxr1230psd662_firmwareipq6010sw5100aqt1000qam8295p_firmwaresd855wcn3990_firmwaresm7315wcd9385qca9994qsm8350sd662qcs4290sxr1230p_firmwaresnapdragon_778g\+_5g_mobile_platform_firmwareipq4018snapdragon_865\+_5g_mobile_platform_firmwaresm6250psdx55_firmwareipq8071a_firmwareqca6438qca6554a_firmwaresxr2130ipq6028qcm4490qcn9100snapdragon_xr2\+_gen_1_platformipq4029sm7325psnapdragon_855_mobile_platform_firmwareaqt1000_firmwareipq4018_firmwareqca6584au_firmwareqcn5152_firmwareqcn6274snapdragon_480_5g_mobile_platform_firmwareqfw7124ipq8074_firmwareqca6595au_firmwareqca0000sw5100p_firmwaresnapdragon_ar2_gen_1_platformsnapdragon_782g_mobile_platformqca6696_firmwarewcd9380_firmwareqca6574_firmwaresg4150psd_8_gen1_5gqcn5124ipq8064_firmwareqca6797aqqcn5152ipq8065_firmwarevision_intelligence_400_platformqca6574a_firmwaresdx55qcn9072_firmwaresnapdragon_480\+_5g_mobile_platformipq8074aimmersive_home_318_platformsd675sd_8_gen1_5g_firmwarewcd9375_firmwareqca8386qca6391ipq8173_firmwareqcn9012_firmwaresnapdragon_8_gen_2_mobile_platform_firmwaresa8295psnapdragon_xr1_platform_firmwarerobotics_rb5_platform_firmwaresnapdragon_x50_5g_modem-rf_system_firmwareipq6000_firmwarefastconnect_7800ipq8078_firmwarewcn3988_firmwareipq8070_firmwareqcn5154sd_8cxwsa8835_firmwaressg2115p_firmwareqcn5022snapdragon_660_mobile_platform_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewcn3980snapdragon_690_5g_mobile_platform_firmwareqcs610Snapdragon
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-33089
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.53%
||
7 Day CHG~0.00%
Published-05 Dec, 2023 | 03:04
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer Dereference in WLAN Firmware

Transient DOS when processing a NULL buffer while parsing WLAN vdev.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcm8550_firmwaresa6150p_firmwaresd865_5gipq9574qcn9000_firmwareqcn6102_firmwareqca6595qcn9022ipq6028_firmwareimmersive_home_214_platformqca8081_firmwarewcd9370qcn9001qca8072qca6696wcd9340_firmwarewcd9341_firmwareipq5028_firmwarewcd9395_firmwareqcn6024qcn9003_firmwarear9380snapdragon_sc8180xp-aa_firmwareqcc710_firmwareqcc2073_firmwareqca6426ipq8076wcn6740_firmwarefastconnect_6700qca1064_firmwareipq6018_firmwareqca9984_firmwareqcn6023sa4150pqcn5124_firmwarewsa8832_firmwareimmersive_home_216_platformqca8337qca9994_firmwareqca6426_firmwarewcd9395ipq6000snapdragon_auto_4g_modemqca6574au_firmwareipq8078aipq8078a_firmwareqam8295pwcd9341qca6574auwcd9390wsa8810_firmwarewsa8845h_firmwaresa9000p_firmwareqcn9100_firmwareqca2064_firmwareqcn5122qca6554afastconnect_6800_firmwareqcs5430qcn6024_firmwareqca9886_firmwareqcm5430qcm5430_firmwaresnapdragon_778g\+_5g_mobile_platformsa8770pqcn9000ssg2115pqcc710qcn6132_firmwareqca2062_firmwareqsm8250_firmwareqsm8350_firmwareqcn5054315_5g_iot_modem_firmwarefastconnect_6900ipq5332_firmwareqcn5052qca9980qfw7114wcd9385_firmwareqca6421315_5g_iot_modemipq9574_firmwaresnapdragon_x55_5g_modem-rf_systemqam8255p_firmwareipq8064sa8155_firmwareipq8074a_firmwareipq8076awcd9360qcn5164snapdragon_888_5g_mobile_platform_firmwaresnapdragon_ar2_gen_1_platform_firmwareqcs4490snapdragon_8_gen_1_mobile_platform_firmwareimmersive_home_3210_platform_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwarewsa8845sa6155psnapdragon_sc8180x-aaqcn6100_firmwareqca6421_firmwareqca6564au_firmwarecsr8811_firmwaresnapdragon_sc8180xp-aaqca8075wsa8810qcn5021qam8650psa9000pqca8085qsm8250snapdragon_8\+_gen_2_mobile_platformqcn6100qca6595ausm7315_firmwaresa6155p_firmwarewsa8840qcs8550_firmwareqca9986_firmwaresnapdragon_870_5g_mobile_platform_firmwareqfw7124_firmwareqca6436_firmwareqcn9012snapdragon_sc8180x-adsnapdragon_8\+_gen_1_mobile_platformipq8070a_firmwareqcn5021_firmwareqcn9070qcs4490_firmwaresnapdragon_8_gen_2_mobile_platformqcf8001snapdragon_7c\+_gen_3_compute_firmwareqca8084qca6420sdx65mwcd9370_firmwarecsrb31024snapdragon_x55_5g_modem-rf_system_firmwareqcc2076qca6574aipq9570sa8195pwcd9340snapdragon_auto_5g_modem-rf_gen_2qcm6490immersive_home_316_platform_firmwareqcn6122_firmwareqcn5154_firmwaresm8550p_firmwareimmersive_home_3210_platformqcm8550qcn5122_firmwareqcn9274qcn9024pmp8074ipq8076a_firmwaresa8775pqca6574snapdragon_x75_5g_modem-rf_systemipq9570_firmwaresxr2230p_firmwarear9380_firmwareqca2066_firmwareqca6430_firmwaresnapdragon_870_5g_mobile_platformqcn9011sa8775p_firmwareqcn9024_firmwarewsa8845hqca8082sa6150psa8155p_firmwaresa8155pqca8072_firmwarewsa8830snapdragon_sc8180x-acsm8550pqcf8000_firmwaresa6145psnapdragon_8\+_gen_1_mobile_platform_firmwareqcn9074_firmwareipq8174sc8180x\+sdx55_firmwareqcn6122sa8255p_firmwareflight_rb5_5g_platform_firmwareqcc2073ipq8174_firmwarear8035ipq8072asa6155qrb5165m_firmwareqca2065qca9985robotics_rb5_platformqcn6224ipq8071aqcn6112sc8180x\+sdx55wcn3950_firmwareqca6698aqssg2125p_firmwareqrb5165nsnapdragon_8_gen_1_mobile_platformqca1062_firmwarefastconnect_6200sm7325p_firmwaresa8145p_firmwarewcd9360_firmwaresnapdragon_sc8280xp-ab_firmwaresnapdragon_888\+_5g_mobile_platformsa8150p_firmwarefastconnect_6700_firmwarevideo_collaboration_vc3_platform_firmwareqcn6023_firmwareqcn5164_firmwareqcn9002ipq8078immersive_home_326_platform_firmwareqcs6490ipq9554_firmwarefastconnect_6200_firmwaresnapdragon_sc8180xp-acqcn9072wsa8830_firmwareqcn6224_firmwareqca6431qca6678aq_firmwareqca8386_firmwarewsa8845_firmwarewsa8832qca8082_firmwaresnapdragon_auto_4g_modem_firmwareqcc2076_firmwaresxr2130_firmwareqca6678aqar8035_firmwareqcn5022_firmwareqca9992qrb5165msnapdragon_888_5g_mobile_platformsc8380xpqca1064sa4150p_firmwareqca4024_firmwareqca0000_firmwaresd888_firmwareipq9008ipq9554qca6564auqca9992_firmwareqca9990ipq8070ipq9008_firmwareqcn9074immersive_home_214_platform_firmwarewsa8815_firmwaresa8195p_firmwareqca8337_firmwareqcn5054_firmwareqca9888ipq5332qcn9013sg8275p_firmwareipq8173qcm6490_firmwareipq8072a_firmwareipq6010_firmwareqcm4490_firmwarewcn3950flight_rb5_5g_platformsnapdragon_xr2_5g_platformqcn6112_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqca6797aq_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaresnapdragon_7c\+_gen_3_computesnapdragon_xr2\+_gen_1_platform_firmwareipq5028qca9986qcf8001_firmwareqcn9070_firmwaresnapdragon_780g_5g_mobile_platformqca8085_firmwaresa8295p_firmwareqca9984ipq5010_firmwareqcn9022_firmwareqca9886qcn6132csrb31024_firmwareipq6018sa8155qcn6102snapdragon_780g_5g_mobile_platform_firmwareqca6584ausd888qcn6274_firmwareqcn9011_firmwarewcn6740sc8380xp_firmwareipq8065fastconnect_6800qfw7114_firmwareqca4024qca6595_firmwarefastconnect_7800_firmwareqcn9001_firmwareimmersive_home_216_platform_firmwaresnapdragon_782g_mobile_platform_firmwareipq8070afastconnect_6900_firmwarewcd9380sa6145p_firmwareqam8255psa6155_firmwaresxr2230pqca9990_firmwaresnapdragon_xr2_5g_platform_firmwaresnapdragon_sc8280xp-absa8150pqcn9003qca8075_firmwaresnapdragon_778g_5g_mobile_platformqcf8000qcn5052_firmwaresnapdragon_auto_5g_modem-rf_firmwareqca2064sxr1230psnapdragon_865\+_5g_mobile_platformqca2065_firmwaresnapdragon_sc8180x-ad_firmwaresdx65m_firmwarevideo_collaboration_vc3_platformipq6010aqt1000snapdragon_sc8180xp-ad_firmwaresnapdragon_865_5g_mobile_platform_firmwareqca9980_firmwareqca9985_firmwareqam8295p_firmwareqca6431_firmwaresm7315qca6698aq_firmwarewcd9385qca9994qsm8350qca8084_firmwaresa8255psxr1230p_firmwarewcd9390_firmwareimmersive_home_318_platform_firmwaresnapdragon_778g\+_5g_mobile_platform_firmwareqcn5024snapdragon_865\+_5g_mobile_platform_firmwareqca6430sg8275psdx55_firmwareipq8071a_firmwaresnapdragon_auto_5g_modem-rfssg2125pqca6554a_firmwaresnapdragon_sc8180x-ac_firmwaresxr2130ipq6028qcm4490qcn9100snapdragon_xr2\+_gen_1_platformimmersive_home_326_platformsm7325pqam8650p_firmwareqcn9013_firmwareqca2062qca6420_firmwareaqt1000_firmwareqcs6490_firmwaresnapdragon_x65_5g_modem-rf_systemipq8076_firmwarewcn3980_firmwareqca6584au_firmwareqrb5165n_firmwareqca6436snapdragon_sc8180x-aa_firmwareqcn5152_firmwarewsa8835wsa8840_firmwareqca6391_firmwareqcn6274qfw7124qca6595au_firmwareqca0000snapdragon_sc8180xp-ac_firmwaresnapdragon_ar2_gen_1_platformsnapdragon_782g_mobile_platformipq8068qca6696_firmwaresnapdragon_865_5g_mobile_platformwcd9380_firmwareqca6574_firmwareqca8081wsa8815sd_8_gen1_5gqcn5124qam8775pipq8064_firmwareqca6797aqqcn5152ipq8065_firmwareqca6574a_firmwaresdx55qcn9072_firmwareqca9888_firmwareipq8074aimmersive_home_318_platformqca9889qca1062qcn5024_firmwareqcn9002_firmwaresd_8_gen1_5g_firmwarewcd9375_firmwareqca8386ipq5010qca6391qcn9274_firmwaresnapdragon_sc8180xp-adsnapdragon_778g_5g_mobile_platform_firmwareqcs5430_firmwareipq8173_firmwareqcn9012_firmwaresa8770p_firmwaresa8295psnapdragon_8_gen_2_mobile_platform_firmwarerobotics_rb5_platform_firmwareqcs8550ipq8068_firmwareipq6000_firmwarefastconnect_7800qam8775p_firmwaresd865_5g_firmwarepmp8074_firmwarewcd9375ipq8078_firmwareqca9889_firmwareipq8070_firmwaresa8145pqcn5154immersive_home_316_platformsnapdragon_888\+_5g_mobile_platform_firmwareqca2066wsa8835_firmwaressg2115p_firmwarecsr8811qcn5022snapdragon_x75_5g_modem-rf_system_firmwarewcn3980Snapdragon
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-33056
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.61%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 05:26
Updated-02 Aug, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer dereference in WLAN Firmware

Transient DOS in WLAN Firmware when firmware receives beacon including T2LM IE.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcn5024_firmwareqam8255p_firmwarewsa8830qcn9070sxr2230p_firmwareqca8337qam8650pqfw7124ipq8173_firmwarewcn785x-5qam8775pqcf8001qcn6224_firmwareqcn5124qca4024_firmwareqca8082qcn9072qca8386wsa8840immersive_home_318_platform_firmwareipq8078aipq5028_firmwareqca6595au_firmwareipq6000ssg2115pqcn5152_firmwareqca0000_firmwareqca6584au_firmwarewcn685x-1qcn9000_firmwaresnapdragon_8_gen_2_mobile_platformipq9554qca6554a_firmwarewcd9385_firmwareimmersive_home_216_platformipq8076aimmersive_home_316_platformimmersive_home_316_platform_firmwareqca8386_firmwareqcn6024_firmwareqca8084_firmwareimmersive_home_318_platformipq8074aqcn5124_firmwareqca8082_firmwareqca6574au_firmwareqcn5122_firmwareqcn5164_firmwaresdx55_firmwareqca6595auqca8081_firmwareqcn6023_firmwareqfw7114wsa8845h_firmwareipq5010qca6564au_firmwareqca6584ausnapdragon_x65_5g_modem-rf_system_firmwareqcm8550_firmwareipq8078a_firmwareqcn9274ipq8174ipq5028wsa8840_firmwareqca6698aqqcn5052qca0000qcf8001_firmwareipq6010qcs8550_firmwaresc8380xp_firmwareqcn6112_firmwareqcn9074qca8085sdx65mwcd9340qcn6132qcn6224qcn9013wsa8845hsnapdragon_ar2_gen_1_platform_firmwaresnapdragon_x75_5g_modem-rf_systemwcd9395_firmwareqca8081qcf8000qca6698aq_firmwareipq8071aqcn6023sdx65m_firmwareipq8071a_firmwarewcn685x-1_firmwareimmersive_home_3210_platformqca8085_firmwareqam8775p_firmwareqca9888_firmwareqcn6122wcd9385qca6696_firmwareipq9008_firmwareipq9570qcn5154_firmwareqca6797aqar8035csr8811wcd9390qcc710_firmwareqcn9100_firmwarewsa8830_firmwareipq5010_firmwareipq8074a_firmwarewsa8835_firmwareqcn5022_firmwareimmersive_home_216_platform_firmwaresnapdragon_8_gen_2_mobile_platform_firmwarewcn785x-1qca8337_firmwarewcd9380_firmwaressg2125pqcn9000ipq8072aqcf8000_firmwareqca6554aipq8076a_firmwareqca6595ipq8078qca6564auqca8084ipq8173qcm8550ipq9008qcn9012qcn5164immersive_home_326_platform_firmwareqcn6122_firmwareqca6574sxr1230p_firmwarewsa8835snapdragon_8\+_gen_2_mobile_platform_firmwarecsr8811_firmwareqcn6274wcd9380ipq9554_firmwareqcn5154qca8075_firmwaressg2125p_firmwareqca6574aqcn5024wcn685x-5_firmwareqca9889qcn6132_firmwaresxr1230pqca9888qcn9012_firmwareqcn5052_firmwareqcn9274_firmwareqcc2076_firmwareipq8070a_firmwareqfw7114_firmwarewsa8845qcc2073_firmwareipq6018_firmwareipq8076_firmwareqca6574_firmwarewcd9340_firmwareqcn6112sxr2230pipq8076wsa8845_firmwareqca6574a_firmwareqcn5152ipq6028sc8380xpqcn9024ipq9574_firmwarewcn785x-5_firmwareimmersive_home_3210_platform_firmwareqcn9100qcn6274_firmwaresnapdragon_x65_5g_modem-rf_systemipq8078_firmwareipq9570_firmwareqcn9070_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewsa8832_firmwarewcn685x-5ipq6028_firmwareipq8072a_firmwareqca6797aq_firmwarewcn785x-1_firmwareqca6574auqca9889_firmwareipq9574qcn5122qcn9024_firmwareipq8174_firmwaresnapdragon_8\+_gen_2_mobile_platformwsa8832ipq5332_firmwareipq5332sm8550pimmersive_home_326_platformsnapdragon_ar2_gen_1_platformipq6018qcn5022qcn9013_firmwareqam8650p_firmwareqcc710ipq6010_firmwareimmersive_home_214_platformqca6595_firmwarewcd9395qca6696qcs8550immersive_home_214_platform_firmwareqca4024sm8550p_firmwaresdx55qca8075qcn9022_firmwarewcd9390_firmwareqcn6024qcn9022qcc2076ipq8070aqcn9072_firmwareipq6000_firmwaressg2115p_firmwareqcn9074_firmwareqfw7124_firmwareqam8255pqcc2073ar8035_firmwareSnapdragon
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-32248
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.34%
||
7 Day CHG~0.00%
Published-24 Jul, 2023 | 15:19
Updated-02 Aug, 2024 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tree connection null pointer dereference denial-of-service vulnerability

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_TREE_CONNECT and SMB2_QUERY_INFO commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.

Action-Not Available
Vendor-n/aNetApp, Inc.Fedora ProjectLinux Kernel Organization, IncRed Hat, Inc.
Product-linux_kernelh500sh410sh410ch300sh700sRed Hat Enterprise Linux 9kernelRed Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Fedora
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-32084
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-4.88% / 89.37%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 17:03
Updated-01 Jan, 2025 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HTTP.sys Denial of Service Vulnerability

HTTP.sys Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1809windows_11_22h2windows_11_21h2windows_server_2022windows_server_2019Windows Server 2022Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows 11 version 21H2Windows Server 2019
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-7062
Matching Score-4
Assigner-PHP Group
ShareView Details
Matching Score-4
Assigner-PHP Group
CVSS Score-7.5||HIGH
EPSS-1.16% / 78.26%
||
7 Day CHG~0.00%
Published-27 Feb, 2020 | 20:25
Updated-16 Sep, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Null Pointer Dereference in PHP Session Upload Progress

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.

Action-Not Available
Vendor-Canonical Ltd.openSUSEThe PHP GroupDebian GNU/Linux
Product-ubuntu_linuxphpdebian_linuxleapPHP
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-32252
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.13% / 33.01%
||
7 Day CHG~0.00%
Published-24 Jul, 2023 | 15:19
Updated-27 Aug, 2024 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Session null pointer dereference denial-of-service vulnerability

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_LOGOFF commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.

Action-Not Available
Vendor-n/aNetApp, Inc.Fedora ProjectLinux Kernel Organization, IncRed Hat, Inc.
Product-linux_kernelh500sh410s_firmwareh700s_firmwareh300s_firmwareh500s_firmwareh410c_firmwareh410sh410ch300sh700sRed Hat Enterprise Linux 9kernelRed Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Fedora
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-55780
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 15.29%
||
7 Day CHG~0.00%
Published-23 Sep, 2025 | 00:00
Updated-08 Oct, 2025 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A null pointer dereference occurs in the function break_word_for_overflow_wrap() in MuPDF 1.26.4 when rendering a malformed EPUB document. Specifically, the function calls fz_html_split_flow() to split a FLOW_WORD node, but does not check if node->next is valid before accessing node->next->overflow_wrap, resulting in a crash if the split fails or returns a partial node chain.

Action-Not Available
Vendor-n/aArtifex Software Inc.
Product-mupdfn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-6095
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.81%
||
7 Day CHG~0.00%
Published-27 Mar, 2020 | 19:20
Updated-04 Aug, 2024 | 08:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.

Action-Not Available
Vendor-gstreamer_projectn/aopenSUSE
Product-gst-rtsp-serverbackports_sleleapGStreamer
CWE ID-CWE-690
Unchecked Return Value to NULL Pointer Dereference
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-15505
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.08%
||
7 Day CHG~0.00%
Published-18 Aug, 2018 | 00:00
Updated-05 Aug, 2024 | 09:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 address.

Action-Not Available
Vendor-embedthisn/aJuniper Networks, Inc.
Product-appwebjunosgoaheadn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-2953
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.47% / 80.66%
||
7 Day CHG~0.00%
Published-30 May, 2023 | 00:00
Updated-10 Jan, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.

Action-Not Available
Vendor-openldapn/aRed Hat, Inc.Apple Inc.NetApp, Inc.
Product-h300smacosh500s_firmwareh410s_firmwareh700s_firmwareh410sh700sh410c_firmwareontap_toolsactive_iq_unified_managerenterprise_linuxh500sh410ch300s_firmwareclustered_data_ontapopenldapopenldap
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-54989
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 33.95%
||
7 Day CHG~0.00%
Published-15 Aug, 2025 | 15:04
Updated-03 Nov, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Firebird XDR Message Parsing NULL Pointer Dereference Denial-of-Service Vulnerability

Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulnerability in Firebird. This specific flaw exists within the parsing of xdr message from client. It leads to NULL pointer dereference and DoS. This issue has been patched in versions 3.0.13, 4.0.6, and 5.0.3.

Action-Not Available
Vendor-firebirdsqlFirebirdSQL
Product-firebirdfirebird
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-35618
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.17%
||
7 Day CHG~0.00%
Published-24 May, 2024 | 14:50
Updated-10 Jun, 2025 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PingCAP TiDB v7.5.1 was discovered to contain a NULL pointer dereference via the component SortedRowContainer.

Action-Not Available
Vendor-pingcapn/apingcap
Product-tidbn/atidb
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-10488
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.78%
||
7 Day CHG~0.00%
Published-06 Nov, 2019 | 17:11
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null pointer dereference can occur while parsing invalid chunks while playing the nonstandard clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9150_firmwaresd_632sd_820asd_675msm8996au_firmwaresd_439sd_670_firmwaresd_429sdm439mdm9650sd_636sd_615_firmwaremsm8909w_firmwaremsm8996ausd_820sd_450_firmwaresd_845_firmwaresd_820a_firmwareqcs605_firmwaresd_675_firmwaremdm9206sd_425_firmwaresd_665sd_625_firmwaresd_450sd_845mdm9206_firmwareqcs605sd_632_firmwaresd_835_firmwaremdm9650_firmwaresd_835qca6574au_firmwaresda660sd_210_firmwaresd_600sd_415_firmwaremsm8909wsd_665_firmwaresd_616_firmwaresd_205_firmwaresd_415sd_212sd_427_firmwaresd_712sd_855sd_730_firmwarequalcomm_215sdx20sd_616sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435sd_615sd_710_firmwaresdm630qcs405sd_625qca6574ausd_820_firmwaresd_210mdm9607sd_636_firmwaresd_439_firmwarequalcomm_215_firmwaremdm9150sd_429_firmwaresd_730sd_212_firmwaresd_850_firmwaresdm439_firmwareqcs405_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwaresd_430sd_427sd_670sd_435_firmwaresdx20_firmwaresd_710sd_600_firmwaresd_205sdm660_firmwaresd_855_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-29180
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-7.3||HIGH
EPSS-0.47% / 63.98%
||
7 Day CHG~0.00%
Published-22 Feb, 2024 | 09:40
Updated-10 Dec, 2024 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A null pointer dereference in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.3, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to denial of service via specially crafted HTTP requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiproxyfortiosFortiOSFortiProxyfortiosfortiproxy
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-28625
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.09% / 25.11%
||
7 Day CHG~0.00%
Published-03 Apr, 2023 | 13:19
Updated-10 Apr, 2025 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mod_auth_openidc core dump when OIDCStripCookies is set and an empty Cookie header is supplied

mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`.

Action-Not Available
Vendor-openidcOpenIDC
Product-mod_auth_openidcmod_auth_openidc
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-27786
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.33% / 55.17%
||
7 Day CHG~0.00%
Published-16 Mar, 2023 | 00:00
Updated-26 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the macinstring function.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-tcpreplayn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-27784
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.43% / 61.83%
||
7 Day CHG~0.00%
Published-16 Mar, 2023 | 00:00
Updated-26 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a denial of service via the read_hexstring function at the utils.c:309 endpoint.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-tcpreplayn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-53817
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 30.02%
||
7 Day CHG~0.00%
Published-17 Jul, 2025 | 18:12
Updated-04 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GHSL-2025-059 - 7-Zip - Null pointer array write attempt in NArchive::NCom::CHandler::GetStream

7-Zip is a file archiver with a high compression ratio. 7-Zip supports extracting from Compound Documents. Prior to version 25.0.0, a null pointer dereference in the Compound handler may lead to denial of service. Version 25.0.0 contains a fix cor the issue.

Action-Not Available
Vendor-7-zipipavlov
Product-7-zip7-Zip
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-2617
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.07%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 05:31
Updated-27 Jan, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeByteSegment null pointer dereference

A vulnerability classified as problematic was found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this vulnerability is the function DecodedBitStreamParser::decodeByteSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-228547.

Action-Not Available
Vendor-opencvOpenCV
Product-opencvwechat_qrcode Module
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-26917
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.73%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 00:00
Updated-11 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lysp_stmt_validate_value at lys_parse_mem.c.

Action-Not Available
Vendor-cesnetn/a
Product-libyangn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-54326
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.07% / 20.26%
||
7 Day CHG~0.00%
Published-03 Dec, 2025 | 00:00
Updated-05 Dec, 2025 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Camera in Samsung Mobile Processor Exynos 1280 and 2200. Unnecessary registration of a hardware IP address in the Camera device driver can lead to a NULL pointer dereference, resulting in a denial of service.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_2200exynos_1280exynos_2200_firmwareexynos_1280_firmwaren/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-54334
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.07% / 20.33%
||
7 Day CHG~0.00%
Published-04 Nov, 2025 | 00:00
Updated-07 Nov, 2025 | 12:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the NPU driver in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, 2500. There is a NULL Pointer Dereference of hdev in the __npu_vertex_bootup function.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1480exynos_1380_firmwareexynos_2200exynos_2200_firmwareexynos_1280_firmwareexynos_1380exynos_1580_firmwareexynos_2400_firmwareexynos_2400exynos_2500_firmwareexynos_1280exynos_1480_firmwareexynos_1580exynos_2500n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-25676
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.77%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 23:10
Updated-19 Feb, 2025 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TensorFlow has null dereference on ParallelConcat with XLA

TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.ParallelConcat` segfaults with a nullptr dereference when given a parameter `shape` with rank that is not greater than zero. A fix is available in TensorFlow 2.12.0 and 2.11.1.

Action-Not Available
Vendor-TensorFlowGoogle LLC
Product-tensorflowtensorflow
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-7105
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.57% / 68.14%
||
7 Day CHG~0.00%
Published-16 Jan, 2020 | 03:36
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFedora ProjectRedis Inc.
Product-debian_linuxfedorahiredisn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2003-1000
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.11% / 77.88%
||
7 Day CHG~0.00%
Published-17 Dec, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xchat 2.0.6 allows remote attackers to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dereference.

Action-Not Available
Vendor-xchatn/a
Product-xchatn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-25665
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.67%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 23:39
Updated-19 Feb, 2025 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TensorFlow has Null Pointer Error in SparseSparseMaximum

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `SparseSparseMaximum` is given invalid sparse tensors as inputs, it can give a null pointer error. A fix is included in TensorFlow version 2.12 and version 2.11.1.

Action-Not Available
Vendor-TensorFlowGoogle LLC
Product-tensorflowtensorflow
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-54332
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.07% / 20.33%
||
7 Day CHG~0.00%
Published-04 Nov, 2025 | 00:00
Updated-07 Nov, 2025 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. There is a NULL Pointer Dereference of profiler.node in the npu_vertex_profileoff function.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1380_firmwareexynos_1380n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-25663
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.03%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 23:40
Updated-19 Feb, 2025 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TensorFlow has Null Pointer Error in TensorArrayConcatV2

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `ctx->step_containter()` is a null ptr, the Lookup function will be executed with a null pointer. A fix is included in TensorFlow 2.12.0 and 2.11.1.

Action-Not Available
Vendor-TensorFlowGoogle LLC
Product-tensorflowtensorflow
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-53011
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-2||LOW
EPSS-0.08% / 24.51%
||
7 Day CHG+0.01%
Published-01 Aug, 2025 | 17:58
Updated-20 Aug, 2025 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MaterialX is Vulnerable to NULL Pointer Dereference due to Unchecked implGraphOutput

MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version 1.39.2, when parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously crafted files. An attacker could intentionally crash a target program that uses MaterialX by sending a malicious MTLX file. This is fixed in version 1.39.3.

Action-Not Available
Vendor-AcademySoftwareFoundationThe Linux Foundation
Product-materialxMaterialX
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-53181
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 5.49%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 02:22
Updated-09 Jul, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-25670
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.77%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 23:32
Updated-19 Feb, 2025 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TensorFlow has Null Pointer Error in QuantizedMatMulWithBiasAndDequantize

TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

Action-Not Available
Vendor-TensorFlowGoogle LLC
Product-tensorflowtensorflow
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-25674
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.35% / 56.93%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 23:13
Updated-19 Feb, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TensorFlow has Null Pointer Error in RandomShuffle with XLA enable

TensorFlow is an open source machine learning platform. Versions prior to 2.12.0 and 2.11.1 have a null pointer error in RandomShuffle with XLA enabled. A fix is included in TensorFlow 2.12.0 and 2.11.1.

Action-Not Available
Vendor-TensorFlowGoogle LLC
Product-tensorflowtensorflow
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-24825
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.37% / 58.59%
||
7 Day CHG+0.08%
Published-30 May, 2023 | 15:54
Updated-10 Jan, 2025 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RIOT-OS vulnerable to NULL pointer dereference in gnrc_pktbuf_mark

RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device to trigger a NULL pointer dereference leading to denial of service. This issue is fixed in version 2023.04. There are no known workarounds.

Action-Not Available
Vendor-riot-osRIOT-OS
Product-riotRIOT
CWE ID-CWE-252
Unchecked Return Value
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-53184
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 5.49%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 02:35
Updated-09 Jul, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-24859
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-5.43% / 89.99%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 16:55
Updated-01 Jan, 2025 | 00:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_11_21h2windows_10_22h2windows_server_2022windows_10windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 20H2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-24940
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-3.83% / 87.91%
||
7 Day CHG~0.00%
Published-09 May, 2023 | 17:02
Updated-10 Jul, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability

Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows Server 2012 R2 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2019Windows Server 2016Windows Server 2012 (Server Core installation)Windows 11 version 22H2Windows 10 Version 20H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 11 version 21H2Windows 10 Version 22H2Windows 10 Version 1507Windows Server 2012Windows 10 Version 1607Windows 10 Version 21H2
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-53477
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.47% / 64.12%
||
7 Day CHG~0.00%
Published-10 Jan, 2026 | 09:45
Updated-14 Jan, 2026 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Mynewt NimBLE: NULL Pointer Dereference in NimBLE host HCI layer

NULL Pointer Dereference vulnerability in Apache Nimble. Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference. This issue requires disabled asserts and broken or bogus Bluetooth controller and thus severity is considered low. This issue affects Apache NimBLE: through 1.8.0. Users are recommended to upgrade to version 1.9.0, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-nimbleApache Mynewt NimBLE
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-53180
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 5.49%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 02:20
Updated-09 Jul, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-21285
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-38.76% / 97.17%
||
7 Day CHG+11.83%
Published-14 Jan, 2025 | 18:03
Updated-13 Feb, 2026 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_10_1809windows_server_2008windows_11_24h2windows_11_22h2windows_server_2012windows_server_2016windows_server_2022windows_server_2022_23h2windows_10_21h2windows_10_1507windows_server_2019windows_10_22h2windows_server_2025windows_11_23h2Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-24832
Matching Score-4
Assigner-Meta Platforms, Inc.
ShareView Details
Matching Score-4
Assigner-Meta Platforms, Inc.
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.97%
||
7 Day CHG~0.00%
Published-18 May, 2023 | 21:24
Updated-21 Jan, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A null pointer dereference bug in Hermes prior to commit 5cae9f72975cf0e5a62b27fdd8b01f103e198708 could have been used by an attacker to crash an Hermes runtime where the EnableHermesInternal config option was set to true. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.

Action-Not Available
Vendor-Facebook
Product-hermesHermes
CWE ID-CWE-476
NULL Pointer Dereference
  • Previous
  • 1
  • 2
  • ...
  • 6
  • 7
  • 8
  • ...
  • 15
  • 16
  • Next
Details not found