Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-9639

Summary
Assigner-canonical
Assigner Org ID-cc1ad9ee-3454-478d-9317-d3e869d708bc
Published At-26 Jun, 2026 | 15:39
Updated At-26 Jun, 2026 | 16:02
Rejected At-
Credits

Authenticated Denial of Service via Malicious Backup Tarball in LXD

Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to version 6.8 and 5.21 on Linux allows an authenticated user with can_create_storage_volumes permissions to cause a denial of service via a specially crafted custom-volume backup tarball that omits the expires_at snapshot field.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:canonical
Assigner Org ID:cc1ad9ee-3454-478d-9317-d3e869d708bc
Published At:26 Jun, 2026 | 15:39
Updated At:26 Jun, 2026 | 16:02
Rejected At:
▼CVE Numbering Authority (CNA)
Authenticated Denial of Service via Malicious Backup Tarball in LXD

Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to version 6.8 and 5.21 on Linux allows an authenticated user with can_create_storage_volumes permissions to cause a denial of service via a specially crafted custom-volume backup tarball that omits the expires_at snapshot field.

Affected Products
Vendor
Canonical Ltd.Canonical
Product
LXD
Package Name
LXD
Repo
https://github.com/canonical/lxd
Platforms
  • Linux
Default Status
unaffected
Versions
Affected
  • From 5.21.0 before 5.21.5 (semver)
  • From 6.0 before 6.9 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-476CWE-476 NULL pointer dereference
Type: CWE
CWE ID: CWE-476
Description: CWE-476 NULL pointer dereference
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-153Input Data Manipulation
CAPEC ID: CAPEC-153
Description: Input Data Manipulation
Solutions

Upgrade to LXD version 5.21.5 or later, or 6.9 or later.

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/canonical/lxd/security/advisories/GHSA-j93m-3j9p-m5m8
vdb-entry
vendor-advisory
https://github.com/canonical/lxd/pull/18320
patch
https://github.com/canonical/lxd/pull/18390
patch
Hyperlink: https://github.com/canonical/lxd/security/advisories/GHSA-j93m-3j9p-m5m8
Resource:
vdb-entry
vendor-advisory
Hyperlink: https://github.com/canonical/lxd/pull/18320
Resource:
patch
Hyperlink: https://github.com/canonical/lxd/pull/18390
Resource:
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/canonical/lxd/security/advisories/GHSA-j93m-3j9p-m5m8
exploit
Hyperlink: https://github.com/canonical/lxd/security/advisories/GHSA-j93m-3j9p-m5m8
Resource:
exploit
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@ubuntu.com
Published At:26 Jun, 2026 | 16:16
Updated At:26 Jun, 2026 | 19:58

Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to version 6.8 and 5.21 on Linux allows an authenticated user with can_create_storage_volumes permissions to cause a denial of service via a specially crafted custom-volume backup tarball that omits the expires_at snapshot field.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
N/A
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-476Secondarysecurity@ubuntu.com
CWE ID: CWE-476
Type: Secondary
Source: security@ubuntu.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/canonical/lxd/pull/18320security@ubuntu.com
N/A
https://github.com/canonical/lxd/pull/18390security@ubuntu.com
N/A
https://github.com/canonical/lxd/security/advisories/GHSA-j93m-3j9p-m5m8security@ubuntu.com
N/A
https://github.com/canonical/lxd/security/advisories/GHSA-j93m-3j9p-m5m8134c704f-9b21-4f2e-91b3-4a467353bcc0
N/A
Hyperlink: https://github.com/canonical/lxd/pull/18320
Source: security@ubuntu.com
Resource: N/A
Hyperlink: https://github.com/canonical/lxd/pull/18390
Source: security@ubuntu.com
Resource: N/A
Hyperlink: https://github.com/canonical/lxd/security/advisories/GHSA-j93m-3j9p-m5m8
Source: security@ubuntu.com
Resource: N/A
Hyperlink: https://github.com/canonical/lxd/security/advisories/GHSA-j93m-3j9p-m5m8
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

162Records found

CVE-2019-14876
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.33% / 67.62%
||
7 Day CHG~0.00%
Published-19 Mar, 2020 | 15:08
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the __lshift function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access to b1 will trigger a null pointer dereference bug in case of a memory allocation failure.

Action-Not Available
Vendor-newlib_projectRed Hat, Inc.
Product-newlibnewlib
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-3338
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-8.09% / 94.12%
||
7 Day CHG~0.00%
Published-30 Jun, 2023 | 00:00
Updated-05 Mar, 2025 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Crash due to a null pointer dereference in the dn_nsp_send function

A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. This issue could allow a remote user to crash the system.

Action-Not Available
Vendor-n/aDebian GNU/LinuxNetApp, Inc.Fedora ProjectLinux Kernel Organization, IncRed Hat, Inc.
Product-linux_kerneldebian_linuxactive_iq_unified_managerRed Hat Enterprise Linux 8FedoraRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9kernelRed Hat Enterprise Linux 6
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-1103
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7.1||HIGH
EPSS-11.27% / 95.43%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 15:00
Updated-21 May, 2025 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-823X HTTP POST Request set_wifi_blacklists null pointer dereference

A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 240126/240802. This affects the function set_wifi_blacklists of the file /goform/set_wifi_blacklists of the component HTTP POST Request Handler. The manipulation of the argument macList leads to null pointer dereference. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-823x_firmwaredir-823xDIR-823X
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-33306
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.84% / 53.32%
||
7 Day CHG~0.00%
Published-16 Jun, 2023 | 09:40
Updated-22 Oct, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A null pointer dereference in Fortinet FortiOS before 7.2.5, before 7.0.11 and before 6.4.13, FortiProxy before 7.2.4 and before 7.0.10 allows attacker to denial of sslvpn service via specifically crafted request in bookmark parameter.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiproxyfortiosFortiOSFortiProxy
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-33283
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.36% / 28.47%
||
7 Day CHG~0.00%
Published-23 Mar, 2026 | 23:49
Updated-24 Mar, 2026 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ella Core panics on malformed ULNASTransport Message without a Request Type

Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing malformed UL NAS Transport NAS messages without a Request Type. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.6.0 adds a guard when receiving an UL NAS Message without a Request Type given no SM Context.

Action-Not Available
Vendor-ellanetworksellanetworks
Product-ella_corecore
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-15258
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.40% / 69.14%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 18:36
Updated-21 Nov, 2024 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SPA100 Series Analog Telephone Adapters Web Management Interface Denial of Service Vulnerability

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper validation of user-supplied requests to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the device to stop responding, requiring manual intervention for recovery.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-spa112_firmwarespa122_firmwarespa112spa122Cisco SPA112 2-Port Phone Adapter
CWE ID-CWE-399
Not Available
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-11550
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7.1||HIGH
EPSS-0.89% / 54.89%
||
7 Day CHG~0.00%
Published-09 Oct, 2025 | 18:02
Updated-24 Feb, 2026 | 06:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W12 HTTP Request modules wifiScheduledSet null pointer dereference

A vulnerability was found in Tenda W12 3.0.0.6(3948). The impacted element is the function wifiScheduledSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument wifiScheduledSet results in null pointer dereference. The attack may be performed from remote. The exploit has been made public and could be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w12_firmwarew12W12
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-29179
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-6.4||MEDIUM
EPSS-2.45% / 82.42%
||
7 Day CHG~0.00%
Published-22 Feb, 2024 | 09:40
Updated-10 Dec, 2024 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A null pointer dereference in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, Fortiproxy version 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 allows attacker to denial of service via specially crafted HTTP requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiosfortiproxyFortiOSFortiProxy
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-15297
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.48% / 87.67%
||
7 Day CHG~0.00%
Published-09 Sep, 2019 | 20:48
Updated-05 Aug, 2024 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference.

Action-Not Available
Vendor-n/aDigium, Inc.
Product-asteriskn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-29781
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-2.1||LOW
EPSS-0.50% / 39.41%
||
7 Day CHG~0.00%
Published-07 Mar, 2026 | 15:25
Updated-11 Mar, 2026 | 21:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sliver: Authenticated Nil-Pointer Dereference in Handlers

Sliver is a command and control framework that uses a custom Wireguard netstack. In versions from 1.7.3 and prior, a vulnerability exists in the Sliver C2 server's Protobuf unmarshalling logic due to a systemic lack of nil-pointer validation. By extracting valid implant credentials and omitting nested fields in a signed message, an authenticated actor can trigger an unhandled runtime panic. Because the mTLS, WireGuard, and DNS transport layers lack the panic recovery middleware present in the HTTP transport, this results in a global process termination. While requiring post-authentication access (a captured implant), this flaw effectively acts as an infrastructure "kill-switch," instantly severing all active sessions across the entire fleet and requiring a manual server restart to restore operations. At time of publication, there are no publicly available patches.

Action-Not Available
Vendor-bishopfoxBishopFox
Product-sliversliver
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-14878
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.34% / 67.92%
||
7 Day CHG~0.00%
Published-19 Mar, 2020 | 15:04
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the __d2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. Accessing _x will trigger a null pointer dereference bug in case of a memory allocation failure.

Action-Not Available
Vendor-newlib_projectRed Hat, Inc.
Product-newlibnewlib
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-14871
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.01% / 58.78%
||
7 Day CHG~0.00%
Published-18 Mar, 2020 | 15:43
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The REENT_CHECK macro (see newlib/libc/include/sys/reent.h) as used by REENT_CHECK_TM, REENT_CHECK_MISC, REENT_CHECK_MP and other newlib macros in versions prior to 3.3.0, does not check for memory allocation problems when the DEBUG flag is unset (as is the case in production firmware builds).

Action-Not Available
Vendor-newlib_projectRed Hat, Inc.
Product-newlibnewlib
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-14873
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.30% / 66.90%
||
7 Day CHG~0.00%
Published-19 Mar, 2020 | 15:04
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the __multadd function of the newlib libc library, prior to versions 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. This will trigger a null pointer dereference bug in case of a memory allocation failure.

Action-Not Available
Vendor-newlib_projectRed Hat, Inc.
Product-newlibnewlib
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-24938
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.98% / 78.16%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 23:25
Updated-01 Jan, 2025 | 01:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows CryptoAPI Denial of Service Vulnerability

Windows CryptoAPI Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_11_22h2windows_11_21h2windows_10_22h2windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 21H2Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows 11 version 21H2Windows Server 2019Windows 10 Version 22H2
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-14877
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.33% / 67.62%
||
7 Day CHG~0.00%
Published-19 Mar, 2020 | 15:04
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the __mdiff function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate big integers, however no check is performed to verify if the allocation succeeded or not. The access to _wds and _sign will trigger a null pointer dereference bug in case of a memory allocation failure.

Action-Not Available
Vendor-newlib_projectRed Hat, Inc.
Product-newlibnewlib
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-4209
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.38% / 68.83%
||
7 Day CHG~0.00%
Published-24 Aug, 2022 | 15:07
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.

Action-Not Available
Vendor-n/aRed Hat, Inc.NetApp, Inc.GNU
Product-solidfire_\&_hci_management_nodeenterprise_linuxactive_iq_unified_managerhci_bootstrap_osgnutlshci_compute_nodeGnuTLS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-14872
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.45% / 70.24%
||
7 Day CHG~0.00%
Published-19 Mar, 2020 | 12:35
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The _dtoa_r function of the newlib libc library, prior to version 3.3.0, performs multiple memory allocations without checking their return value. This could result in NULL pointer dereference.

Action-Not Available
Vendor-newlib_projectRed Hat, Inc.
Product-newlibnewlib
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-14874
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.33% / 67.62%
||
7 Day CHG~0.00%
Published-19 Mar, 2020 | 15:07
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the __i2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _ x[0] will trigger a null pointer dereference bug in case of a memory allocation failure.

Action-Not Available
Vendor-newlib_projectRed Hat, Inc.
Product-newlibnewlib
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-14875
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.29% / 66.79%
||
7 Day CHG~0.00%
Published-19 Mar, 2020 | 15:08
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the __multiply function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _x[0] will trigger a null pointer dereference bug in case of a memory allocation failure.

Action-Not Available
Vendor-newlib_projectRed Hat, Inc.
Product-newlibnewlib
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-37750
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.17% / 80.03%
||
7 Day CHG~0.00%
Published-23 Aug, 2021 | 00:00
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.

Action-Not Available
Vendor-starwindsoftwaren/aOracle CorporationDebian GNU/LinuxMIT (Massachusetts Institute of Technology)Fedora Project
Product-communications_cloud_native_core_network_slice_selection_functiondebian_linuxstarwind_virtual_sanfedorakerberos_5n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-36613
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.09% / 79.37%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 17:34
Updated-04 Aug, 2024 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the ptp process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-6535
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.55% / 72.05%
||
7 Day CHG~0.00%
Published-07 Feb, 2024 | 21:04
Updated-06 Nov, 2025 | 21:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel: null pointer dereference in nvmet_tcp_execute_request

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.

Action-Not Available
Vendor-Linux Kernel Organization, IncRed Hat, Inc.
Product-enterprise_linuxenterprise_linux_euscodeready_linux_builder_for_arm64_euscodeready_linux_builder_for_ibm_z_systems_euscodeready_linux_builder_eusenterprise_linux_for_real_time_for_nfventerprise_linux_for_arm_64_eusvirtualization_hostenterprise_linux_server_auscodeready_linux_builder_eus_for_power_little_endian_eusenterprise_linux_for_ibm_z_systems_eusenterprise_linux_for_power_little_endian_euslinux_kernelenterprise_linux_server_tusenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsenterprise_linux_for_real_timeRed Hat Enterprise Linux 9RHOL-5.8-RHEL-9Red Hat Enterprise Linux 6Red Hat Virtualization 4 for Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Extended Update SupportRed Hat Enterprise Linux 7Red Hat Enterprise Linux 8.8 Extended Update Support
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-35984
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-1.82% / 76.11%
||
7 Day CHG~0.00%
Published-20 Aug, 2021 | 18:10
Updated-16 Sep, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Pro DC PDFLibTool Null Pointer Dereference Bug

Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Null pointer dereference vulnerability. An authenticated attacker could leverage this vulnerability achieve an application denial-of-service in the context of the current user. Exploitation of this issue does not requires user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-acrobat_dcacrobat_reader_dcAcrobat Reader
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-36614
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.09% / 79.36%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 17:34
Updated-04 Aug, 2024 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the tr069-client process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-6247
Matching Score-4
Assigner-OpenVPN Inc.
ShareView Details
Matching Score-4
Assigner-OpenVPN Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.78% / 51.35%
||
7 Day CHG~0.00%
Published-20 Feb, 2024 | 18:43
Updated-21 Aug, 2025 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PKCS#7 parser in OpenVPN 3 Core Library versions through 3.8.3 did not properly validate the parsed data, which would result in the application crashing.

Action-Not Available
Vendor-openvpnOpenVPN
Product-openvpn_3OpenVPN 3 Core Library
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-3514
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.18% / 63.78%
||
7 Day CHG~0.00%
Published-28 May, 2021 | 00:00
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-389_directory_server389-ds-base
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-24641
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-2.5||LOW
EPSS-0.39% / 30.55%
||
7 Day CHG~0.00%
Published-10 Mar, 2026 | 16:44
Updated-12 Mar, 2026 | 20:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker to crash the HTTP daemon via crafted HTTP requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwebFortiWeb
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-23952
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.43% / 34.52%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 00:32
Updated-27 Feb, 2026 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick has a NULL pointer dereference in MSL parser via <comment> tag before image load

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL (Magick Scripting Language) parser when processing <comment> tags before images are loaded. This can lead to DoS attack due to assertion failure (debug builds) or NULL pointer dereference (release builds). This issue is fixed in version 14.10.2.

Action-Not Available
Vendor-dlemstraImageMagick Studio LLC
Product-magick.netimagemagickImageMagick
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-22899
Matching Score-4
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-4
Assigner-QNAP Systems, Inc.
CVSS Score-1.3||LOW
EPSS-0.28% / 19.78%
||
7 Day CHG~0.00%
Published-10 Jun, 2026 | 03:07
Updated-17 Jun, 2026 | 01:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Station 5

A NULL pointer dereference vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5208 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-file_stationFile Station 5
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-1444
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7.5||HIGH
EPSS-1.32% / 67.34%
||
7 Day CHG~0.00%
Published-17 Mar, 2023 | 06:33
Updated-26 Feb, 2025 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Filseclab Twister Antivirus IoControlCode fildds.sys 0x8011206B denial of service

A vulnerability was found in Filseclab Twister Antivirus 8. It has been rated as critical. This issue affects the function 0x8011206B in the library fildds.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223289 was assigned to this vulnerability.

Action-Not Available
Vendor-filseclabFilseclab
Product-twister_antivirusTwister Antivirus
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-28166
Matching Score-4
Assigner-Eclipse Foundation
ShareView Details
Matching Score-4
Assigner-Eclipse Foundation
CVSS Score-6.5||MEDIUM
EPSS-0.97% / 57.50%
||
7 Day CHG~0.00%
Published-07 Apr, 2021 | 18:50
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-mosquittoEclipse Mosquitto
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-47015
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.49% / 70.88%
||
7 Day CHG~0.00%
Published-20 Jan, 2023 | 00:00
Updated-03 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.

Action-Not Available
Vendor-n/aMariaDB Foundation
Product-mariadbn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-1667
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.31% / 67.21%
||
7 Day CHG~0.00%
Published-26 May, 2023 | 00:00
Updated-02 Aug, 2024 | 05:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.

Action-Not Available
Vendor-libsshn/aDebian GNU/LinuxRed Hat, Inc.Fedora Project
Product-libsshdebian_linuxfedoraenterprise_linuxlibssh
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-40733
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-5||MEDIUM
EPSS-0.82% / 52.60%
||
7 Day CHG~0.00%
Published-18 Dec, 2024 | 22:35
Updated-26 Aug, 2025 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code to trigger Denial Of Service.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022windows_11_21h2Windows
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-57435
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.46% / 36.97%
||
7 Day CHG+0.02%
Published-31 Jan, 2025 | 00:00
Updated-22 Apr, 2025 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interface resulting in a null pointer dereference occurring in all subsequent operations that require authentication, which triggers a denial-of-service attack and service restart failure.

Action-Not Available
Vendor-macrozhengn/a
Product-mall-tinyn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-36661
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.72% / 49.44%
||
7 Day CHG~0.00%
Published-07 Sep, 2022 | 16:30
Updated-17 Jun, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xhyve commit dfbe09b was discovered to contain a NULL pointer dereference via the component vi_pci_read(). This vulnerability allows attackers to cause a Denial of Service via unspecified vectors.

Action-Not Available
Vendor-xhyve_projectn/a
Product-xhyven/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-22570
Matching Score-4
Assigner-Google LLC
ShareView Details
Matching Score-4
Assigner-Google LLC
CVSS Score-6.5||MEDIUM
EPSS-2.66% / 83.84%
||
7 Day CHG~0.00%
Published-26 Jan, 2022 | 00:00
Updated-21 Apr, 2025 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nullptr Dereference in Protobuf

Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectOracle CorporationNetApp, Inc.Google LLC
Product-snapcenterdebian_linuxprotobufactive_iq_unified_managerfedoraoncommand_workflow_automationmysqloncommand_insightProtobuf
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-22792
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-6.5||MEDIUM
EPSS-0.93% / 56.20%
||
7 Day CHG+0.03%
Published-02 Sep, 2021 | 16:53
Updated-29 May, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).

Action-Not Available
Vendor-n/aSchneider Electric SE
Product-modicon_m580_bmep584020modicon_premium_tsxp57_554mmodicon_m580_bmep585040cmodicon_quantum_140cpu65150cmodicon_m580_bmep584040modicon_momentum_171cbu98090modicon_quantum_140cpu65150modicon_mc80_bmkc8020310modicon_quantum_140cpu65160cmodicon_m580_bmeh584040cmodicon_m580_bmep586040modicon_m580_bmeh584040splc_simulator_for_ecostruxure_control_expertmodicon_mc80_bmkc8030311modicon_m340_bmxp341000modicon_m580_bmep581020modicon_m580_bmep582020hmodicon_premium_tsxp57_454mmodicon_premium_tsxp57_5634mmodicon_m580_bmep582020modicon_m580_bmeh582040plc_simulator_for_ecostruxure_process_expertmodicon_m340_bmxp342030modicon_momentum_171cbu78090modicon_m580_bmep582040modicon_m580_bmep584040smodicon_premium_tsxp57_4634mmodicon_m580_bmeh586040modicon_m340_bmxp342010modicon_m580_bmep585040modicon_premium_tsxp57_2834mmodicon_m580_bmeh582040smodicon_m580_bmeh582040cmodicon_m580_bmep583040modicon_mc80_bmkc8020301modicon_premium_tsxp57_1634mmodicon_m340_bmxp342020modicon_m580_bmep582040smodicon_quantum_140cpu65160modicon_m580_bmep586040cmodicon_momentum_171cbu98091modicon_m580_bmep581020hmodicon_m580_bmep582040hmodicon_m580_bmeh584040modicon_m580_bmeh586040cmodicon_m580_bmeh586040smodicon_premium_tsxp57_2634mmodicon_m580_bmep583020modicon_premium_tsxp57_6634mModicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-3621
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-1.21% / 64.65%
||
7 Day CHG~0.00%
Published-20 Oct, 2022 | 00:00
Updated-15 Apr, 2025 | 13:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linux Kernel nilfs2 inode.c nilfs_bmap_lookup_at_level null pointer dereference

A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920.

Action-Not Available
Vendor-Linux Kernel Organization, IncDebian GNU/Linux
Product-debian_linuxlinux_kernelKernel
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-47692
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-6.5||MEDIUM
EPSS-1.17% / 63.52%
||
7 Day CHG~0.00%
Published-21 Oct, 2024 | 11:53
Updated-12 May, 2026 | 12:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
nfsd: return -EINVAL when namelen is 0

In the Linux kernel, the following vulnerability has been resolved: nfsd: return -EINVAL when namelen is 0 When we have a corrupted main.sqlite in /var/lib/nfs/nfsdcld/, it may result in namelen being 0, which will cause memdup_user() to return ZERO_SIZE_PTR. When we access the name.data that has been assigned the value of ZERO_SIZE_PTR in nfs4_client_to_reclaim(), null pointer dereference is triggered. [ T1205] ================================================================== [ T1205] BUG: KASAN: null-ptr-deref in nfs4_client_to_reclaim+0xe9/0x260 [ T1205] Read of size 1 at addr 0000000000000010 by task nfsdcld/1205 [ T1205] [ T1205] CPU: 11 PID: 1205 Comm: nfsdcld Not tainted 5.10.0-00003-g2c1423731b8d #406 [ T1205] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20190727_073836-buildvm-ppc64le-16.ppc.fedoraproject.org-3.fc31 04/01/2014 [ T1205] Call Trace: [ T1205] dump_stack+0x9a/0xd0 [ T1205] ? nfs4_client_to_reclaim+0xe9/0x260 [ T1205] __kasan_report.cold+0x34/0x84 [ T1205] ? nfs4_client_to_reclaim+0xe9/0x260 [ T1205] kasan_report+0x3a/0x50 [ T1205] nfs4_client_to_reclaim+0xe9/0x260 [ T1205] ? nfsd4_release_lockowner+0x410/0x410 [ T1205] cld_pipe_downcall+0x5ca/0x760 [ T1205] ? nfsd4_cld_tracking_exit+0x1d0/0x1d0 [ T1205] ? down_write_killable_nested+0x170/0x170 [ T1205] ? avc_policy_seqno+0x28/0x40 [ T1205] ? selinux_file_permission+0x1b4/0x1e0 [ T1205] rpc_pipe_write+0x84/0xb0 [ T1205] vfs_write+0x143/0x520 [ T1205] ksys_write+0xc9/0x170 [ T1205] ? __ia32_sys_read+0x50/0x50 [ T1205] ? ktime_get_coarse_real_ts64+0xfe/0x110 [ T1205] ? ktime_get_coarse_real_ts64+0xa2/0x110 [ T1205] do_syscall_64+0x33/0x40 [ T1205] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ T1205] RIP: 0033:0x7fdbdb761bc7 [ T1205] Code: 0f 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 514 [ T1205] RSP: 002b:00007fff8c4b7248 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ T1205] RAX: ffffffffffffffda RBX: 000000000000042b RCX: 00007fdbdb761bc7 [ T1205] RDX: 000000000000042b RSI: 00007fff8c4b75f0 RDI: 0000000000000008 [ T1205] RBP: 00007fdbdb761bb0 R08: 0000000000000000 R09: 0000000000000001 [ T1205] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000042b [ T1205] R13: 0000000000000008 R14: 00007fff8c4b75f0 R15: 0000000000000000 [ T1205] ================================================================== Fix it by checking namelen.

Action-Not Available
Vendor-Siemens AGLinux Kernel Organization, Inc
Product-linux_kernelLinuxSCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 familyRUGGEDCOM RST2428PSCALANCE XCM-/XRM-/XCH-/XRH-300 familySIMATIC S7-1500 TM MFP - GNU/Linux subsystem
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-13542
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.5||MEDIUM
EPSS-1.36% / 68.44%
||
7 Day CHG~0.00%
Published-17 Sep, 2019 | 18:56
Updated-04 Aug, 2024 | 23:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition.

Action-Not Available
Vendor-GmbHCODESYS GmbH
Product-control_for_pfc200control_for_raspberry_picontrol_rtecontrol_for_iot2000control_for_empc-a\/imx6linuxruntime_system_toolkitcontrol_for_beaglebonecontrol_wincontrol_for_pfc1003S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-2850
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.24% / 65.48%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.

Action-Not Available
Vendor-port389n/aFedora ProjectDebian GNU/LinuxRed Hat, Inc.
Product-enterprise_linuxdebian_linux389-ds-basefedoradirectory_server389-ds-base
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-8569
Matching Score-4
Assigner-Kubernetes
ShareView Details
Matching Score-4
Assigner-Kubernetes
CVSS Score-4.3||MEDIUM
EPSS-2.27% / 80.95%
||
7 Day CHG~0.00%
Published-21 Jan, 2021 | 17:09
Updated-17 Sep, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kubernetes CSI snapshot-controller DoS

Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference any VolumeSnapshotClass. - The snapshot-controller crashes, is automatically restarted by Kubernetes, and processes the same VolumeSnapshot custom resource after the restart, entering an endless crashloop. Only the volume snapshot feature is affected by this vulnerability. When exploited, users can’t take snapshots of their volumes or delete the snapshots. All other Kubernetes functionality is not affected.

Action-Not Available
Vendor-Kubernetes
Product-container_storage_interface_snapshotterCSI Snapshotter
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-5736
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.58% / 72.60%
||
7 Day CHG~0.00%
Published-08 Apr, 2020 | 12:42
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Amcrest cameras and NVR are vulnerable to a null pointer dereference over port 37777. An authenticated remote attacker can abuse this issue to crash the device.

Action-Not Available
Vendor-n/aAmcrest Industries LLC.
Product-1080-lite_8chip8m-2454ew_firmwareip4m-1053ew_firmwareip8m-mb2546ew_firmwareip2m-841-v3_firmwareip8m-t2499ewip8m-2496ebipm-721ip8m-2496eb_firmwareip8m-mt2544ew1080-lite_8ch_firmwareip2m-841_firmwareip8m-2493eb_firmwareip8m-2597eip2m-866ewipm-721_firmwareamdv10814-h5ip2m-866wipm-hx1_firmwareip4m-1053ewip8m-t2499ew_firmwareip2m-858w_firmwareip8m-2493ebipm-hx1ip8m-2454ewip2m-866ew_firmwareamdv10814-h5_firmwareip2m-853ew_firmwareip2m-853ewip2m-841ip8m-mb2546ewip8m-2597e_firmwareip2m-841-v3ip8m-mt2544ew_firmwareip2m-866w_firmwareip2m-858wAmcrest
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-38711
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.69% / 48.29%
||
7 Day CHG~0.00%
Published-25 Aug, 2023 | 00:00
Updated-02 Aug, 2024 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6.

Action-Not Available
Vendor-libreswann/a
Product-libreswann/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-20216
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.58% / 72.51%
||
7 Day CHG~0.00%
Published-07 Jul, 2021 | 13:30
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/graphing process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-20266
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.10% / 79.42%
||
7 Day CHG~0.00%
Published-19 May, 2021 | 11:20
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/dot1x process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-20212
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.88% / 76.91%
||
7 Day CHG~0.00%
Published-07 Jul, 2021 | 13:27
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-20250
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.71% / 74.55%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 11:59
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). NOTE: this is different from CVE-2020-20253 and CVE-2020-20254. All four vulnerabilities in the /nova/bin/lcdstat process are discussed in the CVE-2020-20250 github.com/cq674350529 reference.

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-20222
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.17% / 86.46%
||
7 Day CHG~0.00%
Published-18 May, 2021 | 18:21
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-476
NULL Pointer Dereference
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found