VYPR

CWE-476

NULL Pointer Dereference

BaseStableLikelihood: Medium

Description

The product dereferences a pointer that it expects to be valid but is NULL.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (1,587)

page 14 of 80
  • CVE-2025-30195HigApr 7, 2025
    risk 0.49cvss 7.5epss 0.01

    An attacker can publish a zone containing specific Resource Record Sets. Processing and caching results for these sets can lead to an illegal memory accesses and crash of the Recursor, causing a denial of service. The remedy is: upgrade to the patched 5.2.1 version. We would…

  • CVE-2025-24177HigJan 27, 2025
    risk 0.49cvss 7.5epss 0.01

    A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An attacker on the local network may be able to cause a denial-of-service.

  • CVE-2024-24442HigJan 21, 2025
    risk 0.49cvss 7.5epss 0.00

    A NULL pointer dereference in the ngap_app::handle_receive routine of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP message.

  • CVE-2025-0430HigJan 17, 2025
    risk 0.49cvss 7.5epss 0.00

    Belledonne Communications Linphone-Desktop is vulnerable to a NULL Dereference vulnerability, which could allow a remote attacker to create a denial-of-service condition.

  • CVE-2024-43357HigAug 15, 2024
    risk 0.49cvss 8.6epss 0.01

    ECMA-262 is the language specification for the scripting language ECMAScript. A problem in the ECMAScript (JavaScript) specification of async generators, introduced by a May 2021 spec refactor, may lead to mis-implementation in a way that could present as a security…

  • CVE-2024-39130HigJun 27, 2024
    risk 0.49cvss 7.5epss 0.00

    A NULL Pointer Dereference discovered in DumpTS v0.1.0-nightly allows attackers to cause a denial of service via the function DumpOneStream() at /src/DumpStream.cpp.

  • CVE-2024-24194HigJun 6, 2024
    risk 0.49cvss 7.5epss 0.00

    robdns commit d76d2e6 was discovered to contain a NULL pointer dereference via the item->tokens component at /src/conf-parse.c.

  • CVE-2024-35492HigMay 29, 2024
    risk 0.49cvss 7.5epss 0.01

    Cesanta Mongoose commit b316989 was discovered to contain a NULL pointer dereference via the scpy function at src/fmt.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MQTT packet.

  • CVE-2023-51391HigApr 16, 2024
    risk 0.49cvss 7.5epss 0.01

    A bug in Micrium OS Network HTTP Server permits an invalid pointer dereference during header processing - potentially allowing a device crash and Denial of Service.

  • CVE-2023-0401HigFeb 8, 2023
    risk 0.49cvss 7.5epss 0.02

    A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest…

  • CVE-2023-0217HigFeb 8, 2023
    risk 0.49cvss 7.5epss 0.02

    An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted…

  • CVE-2023-0216HigFeb 8, 2023
    risk 0.49cvss 7.5epss 0.02

    An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which could lead to a denial of service…

  • CVE-2021-42521HigAug 25, 2022
    risk 0.49cvss 7.5epss 0.01

    There is a NULL pointer dereference vulnerability in VTK before 9.2.5, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn't check the return value of libxml2 API 'xmlDocGetRootElement', and try to dereference it. It is unsafe as the return value can be NULL and that…

  • CVE-2021-41497HigDec 17, 2021
    risk 0.49cvss 7.5epss 0.01

    Null pointer reference in CMS_Conservative_increment_obj in RaRe-Technologies bounter version 1.01 and 1.10, allows attackers to conduct Denial of Service attacks by inputting a huge width of hash bucket.

  • CVE-2021-22792HigSep 2, 2021
    risk 0.49cvss 7.5epss 0.01

    A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all…

  • CVE-2021-29241HigMay 3, 2021
    risk 0.49cvss 7.5epss 0.01

    CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).

  • CVE-2021-28307HigMar 12, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in the fltk crate before 0.15.3 for Rust. There is a NULL pointer dereference during attempted use of a non-raster image for a window icon.

  • CVE-2021-28306HigMar 12, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in the fltk crate before 0.15.3 for Rust. There is a NULL pointer dereference during attempted use of a multi label type if the image is nonexistent.

  • CVE-2021-25904HigJan 26, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in the av-data crate before 0.3.0 for Rust. A raw pointer is dereferenced, leading to a read of an arbitrary memory address, sometimes causing a segfault.

  • CVE-2021-25903HigJan 26, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in the cache crate through 2021-01-01 for Rust. A raw pointer is dereferenced.