VYPR

CWE-476

NULL Pointer Dereference

BaseStableLikelihood: Medium

Description

The product dereferences a pointer that it expects to be valid but is NULL.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (1,587)

page 17 of 80
  • CVE-2018-6951HigFeb 13, 2018
    risk 0.49cvss 7.5epss 0.09

    An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue.

  • CVE-2016-9570HigFeb 12, 2018
    risk 0.49cvss 7.5epss 0.01

    cb.exe in Carbon Black 5.1.1.60603 allows attackers to cause a denial of service (out-of-bounds read, invalid pointer dereference, and application crash) by leveraging access to the NetMon named pipe.

  • CVE-2018-6644HigFeb 8, 2018
    risk 0.49cvss 7.5epss 0.02

    SBLIM Small Footprint CIM Broker (SFCB) 1.4.9 has a null pointer (DoS) vulnerability via a crafted POST request to the /cimom URI.

  • CVE-2017-12464HigFeb 7, 2018
    risk 0.49cvss 7.5epss 0.02

    ccn-lite-valid.c in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via vectors involving the keyfile variable.

  • CVE-2017-12380HigJan 26, 2018
    risk 0.49cvss 7.5epss 0.05

    ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms in…

  • CVE-2017-12130HigJan 20, 2018
    risk 0.49cvss 7.5epss 0.02

    An exploitable NULL pointer dereference vulnerability exists in the tinysvcmdns library version 2017-11-05. A specially crafted packet can make the library dereference a NULL pointer leading to a server crash and denial of service. An attacker needs to send a DNS query to…

  • CVE-2017-16728HigJan 5, 2018
    risk 0.49cvss 7.5epss 0.02

    An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash.

  • CVE-2017-17997HigDec 30, 2017
    risk 0.49cvss 7.5epss 0.02

    In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343.

  • CVE-2017-17439HigDec 6, 2017
    risk 0.49cvss 7.5epss 0.03

    In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault.…

  • CVE-2017-8820HigDec 3, 2017
    risk 0.49cvss 7.5epss 0.02

    In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer dereference and application crash) against directory authorities via a malformed…

  • CVE-2017-1000200HigNov 17, 2017
    risk 0.49cvss 7.5epss 0.01

    tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service

  • CVE-2017-12719HigNov 6, 2017
    risk 0.49cvss 7.5epss 0.03

    An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is able to execute code to dereference a pointer within the program causing the application to become unavailable.

  • CVE-2017-15723HigOct 22, 2017
    risk 0.49cvss 7.5epss 0.02

    In Irssi before 1.0.5, overlong nicks or targets may result in a NULL pointer dereference while splitting the message.

  • CVE-2017-15721HigOct 22, 2017
    risk 0.49cvss 7.5epss 0.02

    In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages could cause a NULL pointer dereference. This is a separate, but similar, issue relative to CVE-2017-9468.

  • CVE-2017-15600HigOct 18, 2017
    risk 0.49cvss 7.5epss 0.02

    In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function of plugins/nsf_extractor.c.

  • CVE-2014-3164HigOct 18, 2017
    risk 0.49cvss 7.5epss 0.01

    cmds/servicemanager/service_manager.c in Android before commit 7d42a3c31ba78a418f9bdde0e0ab951469f321b5 allows attackers to cause a denial of service (NULL pointer dereference, or out-of-bounds write) via vectors related to binder passed lengths.

  • CVE-2017-15286HigOct 12, 2017
    risk 0.49cvss 7.5epss 0.03

    SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized.

  • CVE-2017-15267HigOct 11, 2017
    risk 0.49cvss 7.5epss 0.03

    In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c.

  • CVE-2015-2297HigOct 6, 2017
    risk 0.49cvss 7.5epss 0.02

    nanohttp in libcsoap allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Authorization header.

  • CVE-2017-14977HigOct 2, 2017
    risk 0.49cvss 7.5epss 0.02

    The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack.