Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-57873

Summary
Assigner-GV
Assigner Org ID-0df08a0e-a200-4957-9bb0-084f562506f9
Published At-26 Jun, 2026 | 07:17
Updated At-26 Jun, 2026 | 15:29
Rejected At-
Credits

GV-LPC2011/LPC2211 - unauthorized null pointer dereference vulnerability (IEEE8021x_upload.cgi)

An unauthenticated NULL pointer dereference vulnerability exists in IEEE8021x_upload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of multipart upload headers when processing certificate-related upload fields. A remote attacker may exploit this vulnerability by sending a malformed multipart request, causing the affected CGI process to crash and resulting in a denial of service.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GV
Assigner Org ID:0df08a0e-a200-4957-9bb0-084f562506f9
Published At:26 Jun, 2026 | 07:17
Updated At:26 Jun, 2026 | 15:29
Rejected At:
▼CVE Numbering Authority (CNA)
GV-LPC2011/LPC2211 - unauthorized null pointer dereference vulnerability (IEEE8021x_upload.cgi)

An unauthenticated NULL pointer dereference vulnerability exists in IEEE8021x_upload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of multipart upload headers when processing certificate-related upload fields. A remote attacker may exploit this vulnerability by sending a malformed multipart request, causing the affected CGI process to crash and resulting in a denial of service.

Affected Products
Vendor
GeoVision Inc.
Product
GV-LPCLPC2011/2211
Platforms
  • Linux
Default Status
unaffected
Versions
Affected
  • 1.12
Unaffected
  • 1.13
Problem Types
TypeCWE IDDescription
CWECWE-476CWE-476 NULL pointer dereference
Type: CWE
CWE ID: CWE-476
Description: CWE-476 NULL pointer dereference
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-153CAPEC-153 Input Data Manipulation
CAPEC ID: CAPEC-153
Description: CAPEC-153 Input Data Manipulation
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Jincheng Wang (@winmt), Professor Le Yu of Nanjing University of Posts and Telecommunications, and Professor Xiapu Luo of The Hong Kong Polytechnic University has reported:
Timeline
EventDate
Finder reports vulnerability to vendor2026-06-17 07:08:00
Event: Finder reports vulnerability to vendor
Date: 2026-06-17 07:08:00
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.geovision.com.tw/cyber_security.php
N/A
Hyperlink: https://www.geovision.com.tw/cyber_security.php
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:0df08a0e-a200-4957-9bb0-084f562506f9
Published At:26 Jun, 2026 | 08:16
Updated At:26 Jun, 2026 | 16:16

An unauthenticated NULL pointer dereference vulnerability exists in IEEE8021x_upload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of multipart upload headers when processing certificate-related upload fields. A remote attacker may exploit this vulnerability by sending a malformed multipart request, causing the affected CGI process to crash and resulting in a denial of service.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
N/A
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-476Secondary0df08a0e-a200-4957-9bb0-084f562506f9
CWE ID: CWE-476
Type: Secondary
Source: 0df08a0e-a200-4957-9bb0-084f562506f9
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://www.geovision.com.tw/cyber_security.php0df08a0e-a200-4957-9bb0-084f562506f9
N/A
Hyperlink: https://www.geovision.com.tw/cyber_security.php
Source: 0df08a0e-a200-4957-9bb0-084f562506f9
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

844Records found

CVE-2023-51394
Matching Score-4
Assigner-Silicon Labs
ShareView Details
Matching Score-4
Assigner-Silicon Labs
CVSS Score-5.3||MEDIUM
EPSS-0.52% / 40.07%
||
7 Day CHG~0.00%
Published-23 Feb, 2024 | 19:13
Updated-12 Feb, 2025 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Potential DoS for EFR32xxx parts in high traffic environments due to null buffer dereference / crash

High traffic environments may result in NULL Pointer Dereference vulnerability in Silicon Labs's Ember ZNet SDK before v7.4.0, causing a system crash.

Action-Not Available
Vendor-silabssilabs.comsilabs
Product-emberznetEmber ZNet SDKemberznet_sdk
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-52302
Matching Score-4
Assigner-Baidu, Inc.
ShareView Details
Matching Score-4
Assigner-Baidu, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.54% / 41.52%
||
7 Day CHG~0.00%
Published-03 Jan, 2024 | 08:12
Updated-14 Nov, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Segfault in paddle.nextafter

Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

Action-Not Available
Vendor-paddlepaddlePaddlePaddle
Product-paddlepaddlePaddlePaddle
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-55204
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.43% / 34.66%
||
7 Day CHG~0.00%
Published-18 Jun, 2026 | 16:05
Updated-26 Jun, 2026 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HAProxy - NULL Pointer Dereference in hpack_dht_insert Function

HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c that fails to validate the return value of hpack_dht_defrag() when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memory pressure to dereference a NULL pointer and crash HAProxy worker processes, causing denial of service.

Action-Not Available
Vendor-haproxyhaproxy
Product-haproxyhaproxy
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-49936
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.11% / 61.91%
||
7 Day CHG~0.00%
Published-14 Dec, 2023 | 00:00
Updated-04 Nov, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. A NULL pointer dereference leads to denial of service. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.

Action-Not Available
Vendor-schedmdn/a
Product-slurmn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-16754
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.47% / 70.62%
||
7 Day CHG~0.00%
Published-24 Sep, 2019 | 17:50
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RIOT 2019.07 contains a NULL pointer dereference in the MQTT-SN implementation (asymcute), potentially allowing an attacker to crash a network node running RIOT. This requires spoofing an MQTT server response. To do so, the attacker needs to know the MQTT MsgID of a pending MQTT protocol message and the ephemeral port used by RIOT's MQTT implementation. Additionally, the server IP address is required for spoofing the packet.

Action-Not Available
Vendor-riot-osn/a
Product-riotn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-48416
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-7.5||HIGH
EPSS-0.45% / 36.18%
||
7 Day CHG~0.00%
Published-08 Dec, 2023 | 15:45
Updated-02 Aug, 2024 | 21:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple locations, there is a possible null dereference due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-22998
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.5||HIGH
EPSS-0.71% / 49.03%
||
7 Day CHG~0.00%
Published-25 Jan, 2026 | 14:36
Updated-16 Jun, 2026 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec Commit efa56305908b ("nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length") added ttag bounds checking and data_offset validation in nvmet_tcp_handle_h2c_data_pdu(), but it did not validate whether the command's data structures (cmd->req.sg and cmd->iov) have been properly initialized before processing H2C_DATA PDUs. The nvmet_tcp_build_pdu_iovec() function dereferences these pointers without NULL checks. This can be triggered by sending H2C_DATA PDU immediately after the ICREQ/ICRESP handshake, before sending a CONNECT command or NVMe write command. Attack vectors that trigger NULL pointer dereferences: 1. H2C_DATA PDU sent before CONNECT → both pointers NULL 2. H2C_DATA PDU for READ command → cmd->req.sg allocated, cmd->iov NULL 3. H2C_DATA PDU for uninitialized command slot → both pointers NULL The fix validates both cmd->req.sg and cmd->iov before calling nvmet_tcp_build_pdu_iovec(). Both checks are required because: - Uninitialized commands: both NULL - READ commands: cmd->req.sg allocated, cmd->iov NULL - WRITE commands: both allocated

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-49083
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.98% / 58.05%
||
7 Day CHG~0.00%
Published-29 Nov, 2023 | 18:50
Updated-18 Dec, 2025 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
cryptography vulnerable to NULL-dereference when loading PKCS7 certificates

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.

Action-Not Available
Vendor-cryptography.iopyca
Product-cryptographycryptography
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-14180
Matching Score-4
Assigner-PHP Group
ShareView Details
Matching Score-4
Assigner-PHP Group
CVSS Score-8.2||HIGH
EPSS-0.57% / 43.13%
||
7 Day CHG~0.00%
Published-27 Dec, 2025 | 19:21
Updated-09 Jan, 2026 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer Dereference in PDO quoting

In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled, an invalid character sequence (such as \x99) in a prepared statement parameter may cause the quoting function PQescapeStringConn to return NULL, leading to a null pointer dereference in pdo_parse_params() function. This may lead to crashes (segmentation fault) and affect the availability of the target server.

Action-Not Available
Vendor-The PHP Group
Product-phpPHP
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-4450
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-16.38% / 96.58%
||
7 Day CHG~0.00%
Published-07 Jun, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxF5, Inc.
Product-nginxdebian_linuxubuntu_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-14769
Matching Score-4
Assigner-FreeBSD
ShareView Details
Matching Score-4
Assigner-FreeBSD
CVSS Score-7.5||HIGH
EPSS-1.10% / 61.59%
||
7 Day CHG~0.00%
Published-09 Mar, 2026 | 11:34
Updated-17 Mar, 2026 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ipfw denial of service

In some cases, the `tcp-setmss` handler may free the packet data and throw an error without halting the rule processing engine. A subsequent rule can then allow the traffic after the packet data is gone, resulting in a NULL pointer dereference. Maliciously crafted packets sent from a remote host may result in a Denial of Service (DoS) if the `tcp-setmss` directive is used and a subsequent rule would allow the traffic to pass.

Action-Not Available
Vendor-FreeBSD Foundation
Product-freebsdFreeBSD
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-15680
Matching Score-4
Assigner-Kaspersky
ShareView Details
Matching Score-4
Assigner-Kaspersky
CVSS Score-7.5||HIGH
EPSS-2.78% / 84.61%
||
7 Day CHG~0.00%
Published-29 Oct, 2019 | 16:45
Updated-05 Aug, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity.

Action-Not Available
Vendor-tightvncKaspersky Lab
Product-tightvncTightVNC
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-43966
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.9||LOW
EPSS-0.26% / 17.63%
||
7 Day CHG~0.00%
Published-20 Apr, 2025 | 00:00
Updated-08 May, 2025 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc.

Action-Not Available
Vendor-strukturstruktur
Product-libheiflibheif
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-41909
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.93% / 56.29%
||
7 Day CHG~0.00%
Published-05 Sep, 2023 | 00:00
Updated-02 Aug, 2024 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference.

Action-Not Available
Vendor-frroutingn/aDebian GNU/LinuxFedora Project
Product-debian_linuxfedorafrroutingn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-0312
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.65% / 46.55%
||
7 Day CHG~0.00%
Published-20 Mar, 2025 | 10:10
Updated-28 Mar, 2025 | 14:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer Dereference in ollama/ollama

A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to create a customized GGUF model file that, when uploaded and created on the Ollama server, can cause a crash due to an unchecked null pointer dereference. This can lead to a Denial of Service (DoS) attack via remote network.

Action-Not Available
Vendor-ollamaollama
Product-ollamaollama/ollama
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-15099
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.77% / 88.61%
||
7 Day CHG~0.00%
Published-16 Aug, 2019 | 01:15
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncCanonical Ltd.
Product-ubuntu_linuxlinux_kerneln/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-9545
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.31% / 67.25%
||
7 Day CHG~0.00%
Published-02 Mar, 2020 | 01:00
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pale Moon 28.x before 28.8.4 has a segmentation fault related to module scripting, as demonstrated by a Lacoste web site.

Action-Not Available
Vendor-palemoonn/a
Product-pale_moonn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-45667
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-1.14% / 62.64%
||
7 Day CHG~0.00%
Published-20 Oct, 2023 | 23:26
Updated-13 Feb, 2025 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Null pointer dereference because of an uninitialized variable in stb_image

stb_image is a single file MIT licensed library for processing images. If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls `stbi__vertical_flip_slices` with the null pointer result value and the uninitialized `z` value. This may result in a program crash.

Action-Not Available
Vendor-nothingsnothingsnothings
Product-stb_image.hstbstb_image
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-46239
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.77% / 50.94%
||
7 Day CHG~0.00%
Published-31 Oct, 2023 | 15:02
Updated-05 Sep, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
quic-go vulnerable to pointer dereference that can lead to panic

quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference (leading to a panic) when the node attempted to drop the Handshake packet number space. An attacker can bring down a quic-go node with very minimal effort. Completing the QUIC handshake only requires sending and receiving a few packets. Version 0.37.3 contains a patch. Versions before 0.37.0 are not affected.

Action-Not Available
Vendor-quic-go_projectquic-go
Product-quic-goquic-go
CWE ID-CWE-248
Uncaught Exception
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-45931
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.03% / 59.66%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 00:00
Updated-04 Nov, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mesa 23.0.4 was discovered to contain a NULL pointer dereference in check_xshm() for the has_error state. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrated.

Action-Not Available
Vendor-mesa3dn/amesa3d
Product-mesan/amesa
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-46728
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-5.96% / 92.39%
||
7 Day CHG~0.00%
Published-06 Nov, 2023 | 17:13
Updated-03 Nov, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQUID-2021:8 Denial of Service in Gopher gateway

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests.

Action-Not Available
Vendor-Squid Cache
Product-squidsquid
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-46345
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.58% / 43.28%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 00:00
Updated-17 Sep, 2024 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/xlsparse.c.

Action-Not Available
Vendor-fossiesn/a
Product-catdocn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-50609
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.04% / 59.73%
||
7 Day CHG~0.00%
Published-18 Feb, 2025 | 00:00
Updated-22 Apr, 2025 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Fluent Bit 3.1.9. When the OpenTelemetry input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user (with access to the endpoint) to perform a remote Denial of service attack. The crash happens because of a NULL pointer dereference when 0 (from the Content-Length) is passed to the function cfl_sds_len, which in turn tries to cast a NULL pointer into struct cfl_sds. This is related to process_payload_traces_proto_ng() at opentelemetry_prot.c.

Action-Not Available
Vendor-treasuredatan/a
Product-fluent_bitn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-36603
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-2.31% / 81.32%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:07
Updated-14 Apr, 2025 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows TCP/IP Denial of Service Vulnerability

Windows TCP/IP Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_11_22h2windows_11_21h2windows_10_22h2windows_server_2022windows_server_2019Windows Server 2019 (Server Core installation)Windows 11 version 22H2Windows 11 version 21H2Windows 10 Version 1809Windows Server 2022Windows 10 Version 22H2Windows Server 2019Windows 10 Version 21H2
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-48829
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.46% / 36.38%
||
7 Day CHG~0.00%
Published-24 May, 2026 | 02:22
Updated-05 Jun, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c.

Action-Not Available
Vendor-GNU
Product-GNU SASL
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-43522
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.32% / 24.30%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 05:47
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer Dereference in WLAN Firmware

Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-snapdragon_8_gen_3_mobile_platform_firmwaresd865_5gqca6595ipq6028_firmwareimmersive_home_214_platformqca8081_firmwareqcn9001snapdragon_x50_5g_modem-rf_systemwcd9340_firmwareipq5028_firmwarewcd9395_firmwaresnapdragon_730_mobile_platformqcn6024ar9380qcc710_firmwareqca6426fastconnect_6700qcn6422_firmwaresnapdragon_768g_5g_mobile_platform_firmwaresa4150pqcn5124_firmwarewsa8832_firmwareqca8337qca6426_firmwarewcd9395snapdragon_460_mobile_platformqca6574au_firmwaresnapdragon_8cx_gen_3_compute_platform_firmwareipq8078a_firmwareqam8295pwcd9341ipq5312wsa8810_firmwaresd730_firmwarewsa8845h_firmwaresnapdragon_8cx_gen_2_5g_compute_platformsa9000p_firmwareqca2064_firmwarefastconnect_6800_firmwaresnapdragon_4_gen_2_mobile_platform_firmwaresnapdragon_4_gen_1_mobile_platform_firmwaresnapdragon_778g\+_5g_mobile_platformsa8770pqcn9000snapdragon_8cx_compute_platform_firmwareqca2062_firmwaresnapdragon_480\+_5g_mobile_platform_firmwaresnapdragon_695_5g_mobile_platform_firmwareqsm8250_firmwareqsm8350_firmwaresnapdragon_765g_5g_mobile_platformqcn6432qep8111wcd9385_firmwareqca6421ipq8074a_firmwareipq8076awcd9360snapdragon_ar2_gen_1_platform_firmwaresnapdragon_8_gen_1_mobile_platform_firmwaresnapdragon_7c_compute_platformimmersive_home_3210_platform_firmwaresnapdragon_685_4g_mobile_platformsa6155pqca6564au_firmwaresnapdragon_768g_5g_mobile_platformqca8075qam8650psa9000psa6155p_firmwaresnapdragon_870_5g_mobile_platform_firmwareqca6436_firmwaresnapdragon_8\+_gen_1_mobile_platformipq8070a_firmwareqcn5021_firmwareqcn9070snapdragon_7c_compute_platform_firmwaresnapdragon_8_gen_2_mobile_platformsnapdragon_7c\+_gen_3_compute_firmwareqca8084sm4125_firmwareqca6420snapdragon_7c_gen_2_compute_platform_firmwarewcn3910csrb31024snapdragon_x55_5g_modem-rf_system_firmwareqcc2076snapdragon_660_mobile_platformqca6574aqca6174awcd9340qcm2290snapdragon_auto_5g_modem-rf_gen_2qcn6122_firmwareqcn5154_firmwaresm8550p_firmwareqcm8550wcn3988qcn5122_firmwareqcn9024pmp8074snapdragon_460_mobile_platform_firmwareqca6574snapdragon_x75_5g_modem-rf_systemsnapdragon_8cx_compute_platformqca2066_firmwareqamsrv1hqcn6412_firmwareqca8082qcm2290_firmwaresa8155pqca8072_firmwarewsa8830ipq5312_firmwaresm8550pqcf8000_firmwaresa6145psnapdragon_8\+_gen_1_mobile_platform_firmwareqcn6122sa8255p_firmwareqcc2073qrb5165m_firmwaresa8650p_firmwaresnapdragon_678_mobile_platform_firmwareqca9985ipq8071aqcn6112wcn3950_firmwareqrb5165nsnapdragon_8_gen_1_mobile_platformqca1062_firmwarefastconnect_6200sm7325p_firmwaresd460snapdragon_730g_mobile_platformsnapdragon_8cx_gen_2_5g_compute_platform_firmwarewcd9360_firmwaresmart_audio_400_platformsnapdragon_855\+\/860_mobile_platformvideo_collaboration_vc3_platform_firmwareqcn6023_firmwareqcn5164_firmwareimmersive_home_326_platform_firmwaresnapdragon_750g_5g_mobile_platformqcn9072qcn6224_firmwareqca6431sd660_firmwareqca8082_firmwaresxr2130_firmwaresrv1mar8035_firmwaresnapdragon_730_mobile_platform_firmwareqrb5165msnapdragon_888_5g_mobile_platformsc8380xpqca1064snapdragon_w5\+_gen_1_wearable_platform_firmwareqca4024_firmwareqca0000_firmwaresd888_firmwaresnapdragon_662_mobile_platform_firmwareqca9992_firmwareqca9990qcn9074wsa8815_firmwareqca8337_firmwareipq8173snapdragon_8c_compute_platformsm7250p_firmwareipq6010_firmwarewcn3950snapdragon_x65_5g_modem-rf_system_firmwareqca6797aq_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaresnapdragon_765g_5g_mobile_platform_firmwareipq5028qca9986qcf8001_firmwareqcn9070_firmwaresnapdragon_780g_5g_mobile_platformsa8295p_firmwaresnapdragon_720g_mobile_platformqca9984ipq5010_firmwareqcn9022_firmwaresm7250pcsrb31024_firmwareipq6018sa8155sd888sd460_firmwaresnapdragon_4_gen_2_mobile_platformsc8380xp_firmwareipq8065fastconnect_6800snapdragon_685_4g_mobile_platform_firmwareipq5302_firmwareqcn9001_firmwaresnapdragon_782g_mobile_platform_firmwarefastconnect_6900_firmwaresnapdragon_732g_mobile_platform_firmwaresnapdragon_xr2_5g_platform_firmwareqca8075_firmwareqcf8000snapdragon_865\+_5g_mobile_platformqca2065_firmwarevideo_collaboration_vc3_platformsnapdragon_865_5g_mobile_platform_firmwareqca9980_firmwareqca9985_firmwareqca6431_firmwareqcn6402_firmwareqca6698aq_firmwareqcs2290qcs2290_firmwareqca8084_firmwaresnapdragon_678_mobile_platformsa8255psnapdragon_720g_mobile_platform_firmwarewcd9390_firmwareimmersive_home_318_platform_firmwareqcn5024snapdragon_690_5g_mobile_platformqep8111_firmwareqca6430snapdragon_auto_5g_modem-rfssg2125pcsra6640_firmwareqamsrv1mimmersive_home_326_platformqam8650p_firmwareqca2062qca6420_firmwareqcs6490_firmwaresnapdragon_x65_5g_modem-rf_systemipq8076_firmwaresd855_firmwarewcd9335_firmwareqrb5165n_firmwareqca6436wcn3980_firmwarewsa8835wsa8840_firmwareqca6391_firmwaresnapdragon_732g_mobile_platformipq8068qcs4290_firmwaresnapdragon_865_5g_mobile_platformcsra6620qca8081sd660wsa8815qam8775pqcm4325_firmwareqcn6412qcm4290_firmwareqca9888_firmwareqca9889qca1062qcn5024_firmwareqcn9002_firmwareipq5010qcn9274_firmwaresmart_audio_400_platform_firmwaresnapdragon_778g_5g_mobile_platform_firmwaresg4150p_firmwaresnapdragon_480_5g_mobile_platformcsra6620_firmwareqcs8550ipq8068_firmwaresa8650pqam8775p_firmwaresd865_5g_firmwarepmp8074_firmwarewcd9375qca9889_firmwaresa8145pimmersive_home_316_platformsnapdragon_888\+_5g_mobile_platform_firmwareqca2066csr8811qcm8550_firmwaresa6150p_firmwaresw5100pipq9574qcn9000_firmwareqcn6102_firmwareqcn9022wcd9335wcd9370qca8072qca6696wcd9341_firmwareqcn9003_firmwareqcc2073_firmwareipq8076wcn6740_firmwareqca1064_firmwareipq6018_firmwareqca9984_firmwareqcn6023immersive_home_216_platformsnapdragon_x35_5g_modem-rf_system_firmwareqca9994_firmwareipq6000snapdragon_auto_4g_modemipq8078aqca6574auwcd9390csra6640srv1hqcn9100_firmwareqcn5122sd730snapdragon_730g_mobile_platform_firmwareqca6554aqcn6024_firmwareqca9886_firmwaresnapdragon_695_5g_mobile_platformssg2115pqcc710qcn6132_firmwareqcn5054fastconnect_6900qcn6402ipq5332_firmwareqcn5052qca9980qfw7114snapdragon_x55_5g_modem-rf_systemipq9574_firmwareqam8255p_firmwareipq8064sa8155_firmwareqcn5164snapdragon_888_5g_mobile_platform_firmwareqcs4490snapdragon_8\+_gen_2_mobile_platform_firmwarewsa8845qcn6100_firmwareqca6421_firmwarecsr8811_firmwarewsa8810qcn5021qca8085qsm8250snapdragon_8\+_gen_2_mobile_platformsrv1h_firmwareqcn6100qca6595ausm7315_firmwarewcd9326_firmwarewsa8840srv1m_firmwareqcs8550_firmwareqca9986_firmwareqfw7124_firmwareqcn9012qcs4490_firmwareqcf8001wcn3910_firmwaresnapdragon_855\+\/860_mobile_platform_firmwaresnapdragon_8_gen_3_mobile_platformwcd9370_firmwaresnapdragon_750g_5g_mobile_platform_firmwareipq9570sa8195pqcm6490ipq5302immersive_home_316_platform_firmwareimmersive_home_3210_platformqcn9274ipq8076a_firmwaresa8775pipq9570_firmwaresxr2230p_firmwarear9380_firmwareqca6430_firmwaresnapdragon_870_5g_mobile_platformqcn9011sa8775p_firmwareqcn9024_firmwaresnapdragon_8cx_gen_3_compute_platformwsa8845hsa6150pwcd9326sa8155p_firmwaresnapdragon_675_mobile_platformsnapdragon_662_mobile_platformqcn9074_firmwareipq8174sc8180x\+sdx55_firmwaresnapdragon_765_5g_mobile_platformflight_rb5_5g_platform_firmwareipq8174_firmwarear8035ipq8072aqamsrv1m_firmwaresa6155qca2065qcm4325robotics_rb5_platformqcn6224sc8180x\+sdx55qca6698aqsnapdragon_7c_gen_2_compute_platformsm6250ssg2125p_firmwaresnapdragon_8c_compute_platform_firmwaresa8145p_firmwaresnapdragon_888\+_5g_mobile_platformsa8150p_firmwaresnapdragon_w5\+_gen_1_wearable_platformfastconnect_6700_firmwarewcn3990qcn9002ipq8078snapdragon_680_4g_mobile_platform_firmwareqcs6490ipq9554_firmwarefastconnect_6200_firmwarewsa8830_firmwareqca6678aq_firmwareqca8386_firmwarewsa8845_firmwarewsa8832snapdragon_auto_4g_modem_firmwareqcc2076_firmwareqca6678aqqcn6432_firmwaresnapdragon_675_mobile_platform_firmwareqcn5022_firmwareqca9992sa4150p_firmwareipq9554qca6564ausm6250p_firmwareimmersive_home_214_platform_firmwaresa8195p_firmwareqcm4290qcn5054_firmwareqca9888ipq5332snapdragon_680_4g_mobile_platformsg8275p_firmwareqcm6490_firmwareipq8072a_firmwaresm4125qcm4490_firmwaresnapdragon_855_mobile_platformflight_rb5_5g_platformsnapdragon_xr2_5g_platformqcn6112_firmwaresnapdragon_7c\+_gen_3_computesnapdragon_xr2\+_gen_1_platform_firmwareqca8085_firmwareqca9886qcn6132sm6250_firmwareqcn6102snapdragon_780g_5g_mobile_platform_firmwareqca6584auqcn6274_firmwareqcn9011_firmwaresw5100_firmwaresnapdragon_765_5g_mobile_platform_firmwarewcn6740qfw7114_firmwareqca4024qca6595_firmwarefastconnect_7800_firmwareqcn6422immersive_home_216_platform_firmwareipq8070awcd9380sa6145p_firmwareqam8255psa6155_firmwaresxr2230pqca9990_firmwaresnapdragon_4_gen_1_mobile_platformsa8150pqcn9003snapdragon_778g_5g_mobile_platformqcn5052_firmwaresnapdragon_auto_5g_modem-rf_firmwaresnapdragon_x35_5g_modem-rf_systemqca2064sxr1230psd662_firmwareipq6010sw5100aqt1000qca6688aqqam8295p_firmwaresd855wcn3990_firmwaresm7315wcd9385qca9994qsm8350sd662qcs4290sxr1230p_firmwaresnapdragon_778g\+_5g_mobile_platform_firmwaresnapdragon_865\+_5g_mobile_platform_firmwaresg8275psm6250psdx55_firmwareipq8071a_firmwareqca6554a_firmwaresxr2130ipq6028qcm4490qcn9100snapdragon_xr2\+_gen_1_platformqca6174a_firmwaresm7325psnapdragon_855_mobile_platform_firmwareaqt1000_firmwareqca6584au_firmwareqcn5152_firmwareqcn6274snapdragon_480_5g_mobile_platform_firmwareqfw7124qca6595au_firmwareqca0000sw5100p_firmwaresnapdragon_ar2_gen_1_platformsnapdragon_782g_mobile_platformqca6696_firmwarewcd9380_firmwareqca6574_firmwaresg4150psd_8_gen1_5gqcn5124ipq8064_firmwareqca6797aqqcn5152ipq8065_firmwareqca6574a_firmwaresdx55qcn9072_firmwaresnapdragon_480\+_5g_mobile_platformipq8074aimmersive_home_318_platformsd_8_gen1_5g_firmwarewcd9375_firmwareqca8386qca6391ipq8173_firmwareqcn9012_firmwaresa8770p_firmwaresa8295psnapdragon_8_gen_2_mobile_platform_firmwarerobotics_rb5_platform_firmwaresnapdragon_x50_5g_modem-rf_system_firmwareipq6000_firmwarefastconnect_7800ipq8078_firmwareqca6688aq_firmwarewcn3988_firmwareqamsrv1h_firmwareqcn5154wsa8835_firmwaressg2115p_firmwareqcn5022snapdragon_660_mobile_platform_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewcn3980snapdragon_690_5g_mobile_platform_firmwareSnapdragonqam8255p_firmwaresa6150p_firmwaresm6250p_firmwaresg8275p_firmwareipq8173_firmwareqca6431_firmwarewcd9360_firmwareqca4024_firmwareimmersive_home_318_platform_firmwarewcn3950_firmwareipq5028_firmwaresa8150p_firmwareqca6595au_firmwarecsra6620_firmwarecsra6640_firmwaresnapdragon_460_mobile_platform_firmwaresnapdragon_480_5g_mobile_platform_firmwareqep8111_firmwareqca6554a_firmwareqcn6024_firmwareqca8386_firmwareimmersive_home_316_platform_firmwaresd_8_gen1_5g_firmwareqca8084_firmwareqsm8350_firmwaresnapdragon_660_mobile_platform_firmwaresd460_firmwaresm7315_firmwaresnapdragon_695_5g_mobile_platform_firmwareqca6574au_firmwareqcn5164_firmwareqcn6422_firmwarewcd9375_firmwareqca8081_firmwaresa6155_firmwaresnapdragon_auto_5g_modem-rf_firmwareipq8078a_firmwareqca6678aq_firmwaresmart_audio_400_platform_firmwareqrb5165m_firmwarewsa8840_firmwareqcf8001_firmwaresa8155_firmwaresd662_firmwaresc8380xp_firmwareqca6698aq_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwareqca9888_firmwareqam8775p_firmwareipq8068_firmwareqca2066_firmwareqca6696_firmwareqcn5154_firmwarewcn3910_firmwaresnapdragon_855_mobile_platform_firmwareqcc710_firmwarewsa8830_firmwareqca9992_firmwaresd855_firmwaresd865_5g_firmwaresd660_firmwaresnapdragon_780g_5g_mobile_platform_firmwaresa8195p_firmwaresnapdragon_865_5g_mobile_platform_firmwarefastconnect_6800_firmwareqcn5022_firmwaresa8295p_firmwareimmersive_home_216_platform_firmwaresnapdragon_750g_5g_mobile_platform_firmwaresnapdragon_675_mobile_platform_firmwareqca9985_firmwareqca8337_firmwarewcd9380_firmwaresnapdragon_778g_5g_mobile_platform_firmwareqca9980_firmwareipq8076a_firmwareqcn9001_firmwareqcn6402_firmwarecsr8811_firmwareipq9554_firmwareqcn5054_firmwareqca8072_firmwareqca6430_firmwareqcn5052_firmwareqcn9012_firmwareqcn9274_firmwareqfw7114_firmwarewcd9335_firmwareqcc2073_firmwareipq6018_firmwareqcm4325_firmwarewcd9340_firmwarepmp8074_firmwareqca9986_firmwareqca6426_firmwareipq9574_firmwarewcn3980_firmwareimmersive_home_3210_platform_firmwareipq8064_firmwaresnapdragon_x50_5g_modem-rf_system_firmwareqca6421_firmwareqca2062_firmwarewcn6740_firmwareqcs4490_firmwareipq8078_firmwaresa8650p_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarefastconnect_6900_firmwareqca6797aq_firmwareqcn9024_firmwareipq8174_firmwareqcm4290_firmwareqcn6412_firmwaresw5100p_firmwareipq5302_firmwareqamsrv1m_firmwareqca9886_firmwareqca6595_firmwareqca6391_firmwareimmersive_home_214_platform_firmwaresa4150p_firmwarewcd9370_firmwaresm8550p_firmwaresd888_firmwareqcn5021_firmwaressg2115p_firmwareqfw7124_firmwaresnapdragon_720g_mobile_platform_firmwarear8035_firmwareqsm8250_firmwareqcn5024_firmwaresnapdragon_662_mobile_platform_firmwaresa8145p_firmwaresxr2230p_firmwareqca1062_firmwareqcs2290_firmwareflight_rb5_5g_platform_firmwareqcn6224_firmwaresnapdragon_888_5g_mobile_platform_firmwareqca6420_firmwareqca2064_firmwaresd730_firmwaresnapdragon_auto_4g_modem_firmwareqcn5152_firmwareqca0000_firmwareqca6584au_firmwarewcn3990_firmwareqrb5165n_firmwareqcn9000_firmwareqca9984_firmwarequalcomm_video_collaboration_vc3_platform_firmwarewcd9385_firmwarewcd9326_firmwareqamsrv1h_firmwareqcn5124_firmwareqam8295p_firmwareqcn6100_firmwareqcn6102_firmwareqcn9011_firmwareqca8082_firmwaresa9000p_firmwareqcn5122_firmwaresdx55_firmwarewsa8845h_firmwareqcn6023_firmwaresm7250p_firmwareqca6436_firmwaresnapdragon_680_4g_mobile_platform_firmwareqca6564au_firmwaresa6155p_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqcm8550_firmwaresa8775p_firmwareqcs8550_firmwareqcn6112_firmwarewcn3988_firmwaresa6145p_firmwarefastconnect_6700_firmwarewsa8810_firmwaresnapdragon_ar2_gen_1_platform_firmwaresa8255p_firmwarewcd9395_firmwareqca6174a_firmwareipq8071a_firmwareqcs4290_firmwaresa8770p_firmwareqca8085_firmwaresxr2130_firmwareqca2065_firmwareqcs6490_firmwaresm6250_firmwareqcn9100_firmwareipq5010_firmwareipq8074a_firmwarewsa8815_firmwarewsa8835_firmwaresg4150p_firmwaresnapdragon_8_gen_2_mobile_platform_firmwareqca6688aq_firmwareqcm2290_firmwarerobotics_rb5_platform_firmwareqcf8000_firmwarear9380_firmwareimmersive_home_326_platform_firmwareqcn6122_firmwareipq8065_firmwaresxr1230p_firmwaresnapdragon_4_gen_1_mobile_platform_firmwareqca8075_firmwaresnapdragon_4_gen_2_mobile_platform_firmwaressg2125p_firmwareqcn6132_firmwareqcn9003_firmwareqca9994_firmwareqcc2076_firmwareipq8070a_firmwareipq8076_firmwareqca6574_firmwaresm4125_firmwaresm7325p_firmwarewsa8845_firmwaresnapdragon_xr2_5g_platform_firmwareqca6574a_firmwarefastconnect_6200_firmwaresnapdragon_x55_5g_modem-rf_system_firmwareaqt1000_firmwareqcm4490_firmwaresnapdragon_690_5g_mobile_platform_firmwaresnapdragon_x35_5g_modem-rf_system_firmwareqcn6274_firmwarecsrb31024_firmwareqcm6490_firmwarewsa8832_firmwareipq9570_firmwareqcn9070_firmwaresrv1h_firmwareipq6028_firmwareipq8072a_firmwareqcn6432_firmwareipq5312_firmwareqca9889_firmwaresa8155p_firmwarewcd9341_firmwarefastconnect_7800_firmwareipq5332_firmwaresnapdragon_8_gen_1_mobile_platform_firmwaresrv1m_firmwareqam8650p_firmwareipq6010_firmwareqca1064_firmwareqcn9022_firmwaresnapdragon_8_gen_3_mobile_platform_firmwarewcd9390_firmwareqca9990_firmwareqcn9002_firmwareqcn9072_firmwareipq6000_firmwaresw5100_firmwareqcn9074_firmware
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-41358
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.06% / 60.36%
||
7 Day CHG~0.00%
Published-29 Aug, 2023 | 00:00
Updated-02 Aug, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.

Action-Not Available
Vendor-frroutingn/aDebian GNU/LinuxFedora Project
Product-debian_linuxfedorafrroutingn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-15163
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.44% / 90.22%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 18:34
Updated-05 Aug, 2024 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer dereference and daemon crash) if a crypt() call fails.

Action-Not Available
Vendor-n/atcpdump & libpcap
Product-libpcapn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-57434
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-1.7||LOW
EPSS-0.36% / 27.76%
||
7 Day CHG+0.02%
Published-25 Jun, 2026 | 14:32
Updated-26 Jun, 2026 | 13:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nokogiri: Null Pointer Dereference calling methods on uninitialized wrapper classes

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri contains a bug when calling certain methods on allocated-but-uninitialized native wrapper classes that inherit from Nokogiri::XML::Node. This caused a NULL pointer dereference that could crash the process. This vulnerability is fixed in 1.19.4.

Action-Not Available
Vendor-Sparkle Motion
Product-nokogirinokogiri
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-48139
Matching Score-4
Assigner-National Instruments
ShareView Details
Matching Score-4
Assigner-National Instruments
CVSS Score-8.7||HIGH
EPSS-0.34% / 26.32%
||
7 Day CHG~0.00%
Published-19 Jun, 2026 | 13:22
Updated-25 Jun, 2026 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL pointer dereference vulnerability in NI grpc-device data moniker service

There is a NULL pointer dereference vulnerability in NI grpc-device in the data moniker service that may allow an attacker to cause a denial of service by triggering a crash.  Successful exploitation requires an attacker to provide an unknown value to the data moniker service. This affects NI grpc-device 2.17.0 and prior versions.

Action-Not Available
Vendor-niNI
Product-ni_grpc_device_serverinstrumentstudioInstrumentStudiogrpc-device
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-47308
Matching Score-4
Assigner-Samsung TV & Appliance
ShareView Details
Matching Score-4
Assigner-Samsung TV & Appliance
CVSS Score-5.5||MEDIUM
EPSS-0.21% / 11.08%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 04:17
Updated-02 Jun, 2026 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NULL pointer dereference vulnerability in Samsung Open Source Walrus allows Pointer Manipulation. This issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9.

Action-Not Available
Vendor-Samsung Open SourceSamsung
Product-walrusWalrus
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-4652
Matching Score-4
Assigner-FreeBSD
ShareView Details
Matching Score-4
Assigner-FreeBSD
CVSS Score-7.5||HIGH
EPSS-0.37% / 28.67%
||
7 Day CHG~0.00%
Published-26 Mar, 2026 | 06:15
Updated-30 Apr, 2026 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote denial of service via null pointer dereference

On a system exposing an NVMe/TCP target, a remote client can trigger a kernel panic by sending a CONNECT command for an I/O queue with a bogus or stale CNTLID. An attacker with network access to the NVMe/TCP target can trigger an unauthenticated Denial of Service condition on the affected machine.

Action-Not Available
Vendor-FreeBSD Foundation
Product-freebsdFreeBSD
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-40459
Matching Score-4
Assigner-Sierra Wireless Inc.
ShareView Details
Matching Score-4
Assigner-Sierra Wireless Inc.
CVSS Score-7.5||HIGH
EPSS-2.30% / 81.16%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 22:48
Updated-29 May, 2025 | 13:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper input leads to DoS

The ACEManager component of ALEOS 4.16 and earlier does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting within ten seconds of becoming unavailable.

Action-Not Available
Vendor-sierrawirelessSierraWireless
Product-es450lx40aleoslx60rv55rv50xgx450mp70ALEOS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-38676
Matching Score-4
Assigner-Baidu, Inc.
ShareView Details
Matching Score-4
Assigner-Baidu, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.48% / 38.19%
||
7 Day CHG~0.00%
Published-03 Jan, 2024 | 08:11
Updated-06 Sep, 2024 | 17:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Segfault in paddle.dot

Nullptr in paddle.dot in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

Action-Not Available
Vendor-paddlepaddlePaddlePaddle
Product-paddlepaddlePaddlePaddle
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-46527
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.33% / 24.64%
||
7 Day CHG~0.00%
Published-29 May, 2026 | 19:18
Updated-01 Jun, 2026 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
cpp-httplib: Malicious `X-Forwarded-For` Under Trusted-Proxy Configuration Triggers Empty `vector::front()`, Leading to Undefined Behavior and Server Crash

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::set_trusted_proxies() with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose value parses to no valid IP segments. The code path then executes get_client_ip(), which calls front() on an empty std::vector—undefined behavior in C++. On typical implementations this manifests as abnormal process termination (denial of service). With Sanitizers enabled, you get an explicit runtime diagnostic. This vulnerability is fixed in 0.44.0.

Action-Not Available
Vendor-yhiroseyhirose
Product-cpp-httplibcpp-httplib
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-38670
Matching Score-4
Assigner-Baidu, Inc.
ShareView Details
Matching Score-4
Assigner-Baidu, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.56% / 42.56%
||
7 Day CHG~0.00%
Published-26 Jul, 2023 | 10:50
Updated-23 Oct, 2024 | 14:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Null pointer dereference in paddle.flip

Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. This resulted in a runtime crash and denial of service.

Action-Not Available
Vendor-paddlepaddlePaddlePaddle
Product-paddlepaddlePaddlePaddle
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-39397
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.38% / 29.84%
||
7 Day CHG~0.00%
Published-13 Aug, 2023 | 12:32
Updated-09 Oct, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Input parameter verification vulnerability in the communication system. Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-38313
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.96% / 57.09%
||
7 Day CHG~0.00%
Published-17 Nov, 2023 | 00:00
Updated-02 Aug, 2024 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OpenNDS Captive Portal before 10.1.2. it has a do_binauth NULL pointer dereference that can be triggered with a crafted GET HTTP request with a missing client redirect query string parameter. Triggering this issue results in crashing openNDS (a Denial-of-Service condition). The issue occurs when the client is about to be authenticated, and can be triggered only when the BinAuth option is set. Affected OpenNDS Captive Portal before version 10.1.2 fixed infixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on28. August 2023 by updating OpenNDS to version 10.1.3.

Action-Not Available
Vendor-openndsn/a
Product-captive_portaln/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-54952
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.47% / 37.35%
||
7 Day CHG~0.00%
Published-29 May, 2025 | 00:00
Updated-30 Jun, 2025 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MikroTik RouterOS 6.40.5, the SMB service contains a memory corruption vulnerability. Remote, unauthenticated attackers can exploit this issue by sending specially crafted packets, triggering a null pointer dereference. This leads to a Remote Denial of Service (DoS), rendering the SMB service unavailable.

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-38320
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.96% / 57.09%
||
7 Day CHG~0.00%
Published-17 Nov, 2023 | 00:00
Updated-02 Aug, 2024 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a show_preauthpage NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing User-Agent header. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). This problem was fixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on 28. August 2023 by updating OpenNDS to version 10.1.3.

Action-Not Available
Vendor-openndsn/a
Product-captive_portaln/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-42765
Matching Score-4
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-4
Assigner-OpenSSL Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.42% / 33.71%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 16:03
Updated-15 Jun, 2026 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Dereference in Certificate Verification with OCSP Checking

Issue summary: When a partial-chain certificate verification is enabled together with OCSP response checking for the whole chain, a NULL dereference will happen if the verified chain does not have a self-signed trusted anchor, crashing the process. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application. When performing OCSP response checking for certificates in the verification chain, the code always tries to access the next certificate as the issuer. There is a check for a self-signed certificate. However with the partial chain verification enabled when the chain does not have a self-signed trusted anchor, the issuer will be NULL for the last certificate in the chain. A NULL pointer dereference then happens. This issue affects only applications which enable both OCSP verification of the certificate chain (X509_V_FLAG_OCSP_RESP_CHECK_ALL) and partial chain verification (X509_V_FLAG_PARTIAL_CHAIN) in the certificate verification. Both flags are disabled by default. For that reason, we have assigned Low severity to the issue. No FIPS modules are affected by this issue as the affected code is outside the OpenSSL FIPS module boundary.

Action-Not Available
Vendor-OpenSSL
Product-opensslOpenSSL
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-38171
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-69.49% / 99.28%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:07
Updated-14 Apr, 2025 | 22:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft QUIC Denial of Service Vulnerability

Microsoft QUIC Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2visual_studio_2022windows_server_2022.net.NET 7.0Microsoft Visual Studio 2022 version 17.6PowerShell 7.3Windows 11 version 22H2Windows 11 version 21H2Microsoft Visual Studio 2022 version 17.4Microsoft Visual Studio 2022 version 17.7Windows Server 2022Microsoft Visual Studio 2022 version 17.2
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-36709
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-2.58% / 83.35%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:07
Updated-14 Apr, 2025 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft AllJoyn API Denial of Service Vulnerability

Microsoft AllJoyn API Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows 11 version 21H2Windows 10 Version 1809Windows Server 2022Windows 10 Version 22H2Windows Server 2016Windows Server 2019Windows 10 Version 1507Windows 10 Version 21H2
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-37186
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.83% / 53.21%
||
7 Day CHG~0.00%
Published-25 Dec, 2023 | 00:00
Updated-25 Apr, 2025 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference in ndlz/ndlz8x8.c via a NULL pointer to memset.

Action-Not Available
Vendor-bloscn/a
Product-c-blosc2n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-37368
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.46% / 36.76%
||
7 Day CHG~0.00%
Published-08 Sep, 2023 | 00:00
Updated-26 Sep, 2024 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos Mobile Processor, Automotive Processor, and Modem - Exynos 9810, Exynos 9610, Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123). In the Shannon MM Task, Missing validation of a NULL pointer can cause abnormal termination via a malformed NR MM packet.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1380exynos_850_firmwareexynos_9820_firmwareexynos_980_firmwareexynos_1330exynos_auto_t5123exynos_9610exynos_1330_firmwareexynos_9810_firmwareexynos_2100exynos_9110exynos_980exynos_modem_5300_firmwareexynos_2200_firmwareexynos_9820exynos_modem_5123_firmwareexynos_9810exynos_9110_firmwareexynos_1280exynos_850exynos_1080exynos_2200exynos_w920_firmwareexynos_w920exynos_auto_t5123_firmwareexynos_1080_firmwareexynos_2100_firmwareexynos_1280_firmwareexynos_modem_5300exynos_1380_firmwareexynos_9610_firmwareexynos_modem_5123n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-36602
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-2.31% / 81.32%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:07
Updated-14 Apr, 2025 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows TCP/IP Denial of Service Vulnerability

Windows TCP/IP Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_10_21h1windows_server_2019windows_10_1607Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016Windows Server 2012 R2Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)Windows 11 version 21H2Windows Server 2022Windows Server 2019Windows 10 Version 21H2
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-47221
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.45% / 35.67%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 17:35
Updated-27 Jun, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Envoy: Null pointer deref in internal redirects

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.18.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the router filter contains a null pointer dereference vulnerability when handling HTTP 303 (See Other) internal redirects for body-less non-GET/HEAD requests. When a POST, PUT, DELETE, or PATCH request without a body is sent to a route configured with internal redirect policy that includes 303 in redirect_response_codes, and the upstream responds with HTTP 303, the redirect handling code attempts to drain a request body buffer that was never allocated. This results in a segmentation fault that crashes the entire Envoy process. When route configured with internal_redirect_policy including 303 in redirect_response_codes and upstream must return HTTP 303 response, an unauthenticated attacker can exploit this to cause complete denial of service, terminating all active connections. This vulnerability is fixed in 1.35.13, 1.36.9, 1.37.5, and 1.38.3.

Action-Not Available
Vendor-envoyproxyenvoyproxy
Product-envoyenvoy
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-47220
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.66% / 47.26%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 18:02
Updated-30 Jun, 2026 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Envoy: Segmentation fault when using %REQUESTED_SERVER_NAME% in log format

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, when the %REQUESTED_SERVER_NAME(X:Y)% is used in log format and host related options is specified, like HOST_FIRST, SNI_FIRST, it's possible to crash Envoy when the specified host header is missing in the request headers. This vulnerability is fixed in 1.37.5 and 1.38.3.

Action-Not Available
Vendor-envoyproxyenvoyproxyRed Hat, Inc.
Product-envoyenvoyOpenShift Service Mesh 2OpenShift Service Mesh 3
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-47204
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.45% / 35.93%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 17:37
Updated-29 Jun, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Envoy: grpc_stats filter segfault on Connect protocol requests to direct_response routes

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.26.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the envoy.filters.http.grpc_stats filter crashes (null pointer dereference / segfault) when a Connect protocol request (Content-Type: application/connect+proto or application/connect+json) hits a direct_response route. A single unauthenticated HTTP request crashes the Envoy process. This vulnerability is fixed in 1.35.13, 1.36.9, 1.37.5, and 1.38.3.

Action-Not Available
Vendor-envoyproxyenvoyproxy
Product-envoyenvoy
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-14012
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.79% / 51.90%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 10:46
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possibility of null pointer deference as the array of video codecs from media info is referenced without null checking while processing SDP messages in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, Nicobar, QCM2150, QM215, Rennell, SC7180, SC8180X, SDA845, SDM429, SDM439, SDM450, SDM632, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm850_firmwaremsm8920qcm2150_firmwaremsm8953sdm450sdm632_firmwaresdm845sdm450_firmwaresdm632qcm2150msm8920_firmwaresdm439sdx24sc8180x_firmwaresdm429msm8940_firmwaresm7150_firmwaresm6150qm215sc7180_firmwaresm7150msm8917msm8937sc8180xmsm8905sm8150_firmwaremsm8909sdx24_firmwaresdm439_firmwaresda845_firmwarerennellsc7180rennell_firmwareqm215_firmwaremsm8940msm8953_firmwaresm6150_firmwaremsm8917_firmwaremsm8937_firmwaresdm429_firmwaresm8150sdm850msm8905_firmwarenicobar_firmwaremsm8909_firmwaresda845nicobarsdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-476
NULL Pointer Dereference
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 16
  • 17
  • Next
Details not found