VYPR

CWE-476

NULL Pointer Dereference

BaseStableLikelihood: Medium

Description

The product dereferences a pointer that it expects to be valid but is NULL.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (1,587)

page 19 of 80
  • CVE-2017-9343HigJun 2, 2017
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address.

  • CVE-2017-7502HigMay 30, 2017
    risk 0.49cvss 7.5epss 0.04

    Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.

  • CVE-2017-9250HigMay 28, 2017
    risk 0.49cvss 7.5epss 0.03

    The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed JavaScript…

  • CVE-2017-9229HigMay 24, 2017
    risk 0.49cvss 7.5epss 0.05

    An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result…

  • CVE-2017-8825HigMay 8, 2017
    risk 0.49cvss 7.5epss 0.02

    A null dereference vulnerability has been found in the MIME handling component of LibEtPan before 1.8, as used in MailCore and MailCore 2. A crash can occur in low-level/imf/mailimf.c during a failed parse of a Cc header containing multiple e-mail addresses.

  • CVE-2017-8395HigMay 1, 2017
    risk 0.49cvss 7.5epss 0.02

    The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents…

  • CVE-2017-8394HigMay 1, 2017
    risk 0.49cvss 7.5epss 0.02

    The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs…

  • CVE-2017-8392HigMay 1, 2017
    risk 0.49cvss 7.5epss 0.01

    The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes…

  • CVE-2016-8726HigApr 13, 2017
    risk 0.49cvss 7.5epss 0.01

    An exploitable null pointer dereference vulnerability exists in the Web Application /forms/web_runScript iw_filename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault…

  • CVE-2016-8723HigApr 13, 2017
    risk 0.49cvss 7.5epss 0.01

    An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an '/' will cause a segmentation fault in the web server. An attacker can send any of a…

  • CVE-2015-8270HigApr 13, 2017
    risk 0.49cvss 7.5epss 0.03

    The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to cause a denial of service (invalid pointer dereference and process crash).

  • CVE-2016-5041HigApr 10, 2017
    risk 0.49cvss 7.5epss 0.03

    dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a debugging information entry using DWARF5 and without a DW_AT_name.

  • CVE-2017-6441HigApr 3, 2017
    risk 0.49cvss 7.5epss 0.02

    The _zval_get_long_func_ex in Zend/zend_operators.c in PHP 7.1.2 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted use of "declare(ticks=" in a PHP script. NOTE: the vendor disputes the classification of this as a…

  • CVE-2016-6561HigMar 31, 2017
    risk 0.49cvss 7.5epss 0.03

    illumos smbsrv NULL pointer dereference allows system crash.

  • CVE-2016-4912HigMar 27, 2017
    risk 0.49cvss 7.5epss 0.05

    The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a large number of crafted packets, which triggers a memory allocation failure.

  • CVE-2017-7243HigMar 24, 2017
    risk 0.49cvss 7.5epss 0.02

    Eclipse tinydtls 0.8.2 for Eclipse IoT allows remote attackers to cause a denial of service (DTLS peer crash) by sending a "Change cipher spec" packet without pre-handshake.

  • CVE-2016-10132HigMar 24, 2017
    risk 0.49cvss 7.5epss 0.02

    regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to regular expression compilation.

  • CVE-2017-7225HigMar 22, 2017
    risk 0.49cvss 7.5epss 0.02

    The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.

  • CVE-2017-6311HigMar 10, 2017
    risk 0.49cvss 7.5epss 0.03

    gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message.

  • CVE-2017-6497HigMar 6, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in ImageMagick 6.9.7. A specially crafted psd file could lead to a NULL pointer dereference (thus, a DoS).