CWE-476
NULL Pointer Dereference
Description
The product dereferences a pointer that it expects to be valid but is NULL.
Hierarchy (View 1000)
CVEs mapped to this weakness (1,587)
page 26 of 80| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42285 | Hig | 0.42 | 7.5 | 0.00 | May 7, 2026 | GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. In version 4.4.0, an unauthenticated remote BGP peer can trigger a fatal panic in GoBGP by sending a specially crafted BGP UPDATE message. When the server receives a message with… | ||
| CVE-2026-41642 | Hig | 0.42 | 7.5 | 0.01 | May 7, 2026 | GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. In version 4.3.0, a remote Denial of Service (DoS) vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized… | ||
| CVE-2026-8063 | Med | 0.42 | 6.5 | 0.00 | May 7, 2026 | An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view. When resolving a view, the server inspects the aggregation pipeline to determine whether it begins with an Atlas Search stage. For $rankFusion and $scoreFusion,… | ||
| CVE-2026-43213 | Hig | 0.42 | 7.5 | 0.00 | May 6, 2026 | In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: pci: validate sequence number of TX release report Hardware rarely reports abnormal sequence number in TX release report, which will access out-of-bounds of wd_ring->pages array, causing NULL… | ||
| CVE-2026-43164 | Hig | 0.42 | 7.5 | 0.00 | May 6, 2026 | In the Linux kernel, the following vulnerability has been resolved: udplite: Fix null-ptr-deref in __udp_enqueue_schedule_skb(). syzbot reported null-ptr-deref of udp_sk(sk)->udp_prod_queue. [0] Since the cited commit, udp_lib_init_sock() can fail, as can udp_init_sock() and… | ||
| CVE-2026-43101 | Hig | 0.42 | 7.5 | 0.00 | May 6, 2026 | In the Linux kernel, the following vulnerability has been resolved: ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data() We need to check __in6_dev_get() for possible NULL value, as suggested by Yiming Qian. Also add skb_dst_dev_rcu() instead of… | ||
| CVE-2026-43099 | Hig | 0.42 | 7.5 | 0.00 | May 6, 2026 | In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: fix null-ptr-deref in icmp_build_probe() ipv6_stub->ipv6_dev_find() may return ERR_PTR(-EAFNOSUPPORT) when the IPv6 stack is not active (CONFIG_IPV6=m and not loaded), and passing this error… | ||
| CVE-2026-29169 | Hig | 0.42 | 7.5 | 0.01 | May 4, 2026 | A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod_dav_lock is not used internally by mod_dav or mod_dav_fs. The only known use-case for mod_dav_lock was mod_dav_svn from… | ||
| CVE-2026-31638 | Hig | 0.42 | 7.5 | 0.00 | Apr 24, 2026 | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Only put the call ref if one was acquired rxrpc_input_packet_on_conn() can process a to-client packet after the current client call on the channel has already been torn down. In that case chan->call is… | ||
| CVE-2026-31600 | Hig | 0.42 | 7.5 | 0.00 | Apr 24, 2026 | In the Linux kernel, the following vulnerability has been resolved: arm64: mm: Handle invalid large leaf mappings correctly It has been possible for a long time to mark ptes in the linear map as invalid. This is done for secretmem, kfence, realm dma memory un/share, and… | ||
| CVE-2026-31477 | Hig | 0.42 | 7.5 | 0.00 | Apr 22, 2026 | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memory leaks and NULL deref in smb2_lock() smb2_lock() has three error handling issues after list_del() detaches smb_lock from lock_list at no_check_cl: 1) If vfs_lock_file() returns an unexpected… | ||
| CVE-2026-28390 | Hig | 0.42 | 7.5 | 0.01 | Apr 7, 2026 | Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur… | ||
| CVE-2026-28389 | Hig | 0.42 | 7.5 | 0.01 | Apr 7, 2026 | Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur… | ||
| CVE-2026-28388 | Hig | 0.42 | 7.5 | 0.01 | Apr 7, 2026 | Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service… | ||
| CVE-2026-34874 | Hig | 0.42 | 7.5 | 0.00 | Apr 1, 2026 | An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0. | ||
| CVE-2026-25075 | Hig | 0.42 | 7.5 | 0.01 | Mar 23, 2026 | strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication. Attackers… | ||
| CVE-2026-26829 | Hig | 0.42 | 7.5 | 0.01 | Mar 23, 2026 | A NULL pointer dereference in the safe_atou64 function (src/misc.c) of owntone-server through commit c4d57aa allows attackers to cause a Denial of Service (DoS) via sending a series of crafted HTTP requests to the server. | ||
| CVE-2026-26828 | Hig | 0.42 | 7.5 | 0.00 | Mar 23, 2026 | A NULL pointer dereference in the daap_reply_playlists function (src/httpd_daap.c) of owntone-server commit 3d1652d allows attackers to cause a Denial of Service (DoS) via sending a crafted DAAP request to the server | ||
| CVE-2026-23242 | Hig | 0.42 | 7.5 | 0.00 | Mar 18, 2026 | In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix potential NULL pointer dereference in header processing If siw_get_hdr() returns -EINVAL before set_rx_fpdu_context(), qp->rx_fpdu can be NULL. The error path in siw_tcp_rx_data() dereferences… | ||
| CVE-2026-29781 | Med | 0.42 | 6.5 | 0.01 | Mar 7, 2026 | Sliver is a command and control framework that uses a custom Wireguard netstack. In versions from 1.7.3 and prior, a vulnerability exists in the Sliver C2 server's Protobuf unmarshalling logic due to a systemic lack of nil-pointer validation. By extracting valid implant… |
- risk 0.42cvss 7.5epss 0.00
GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. In version 4.4.0, an unauthenticated remote BGP peer can trigger a fatal panic in GoBGP by sending a specially crafted BGP UPDATE message. When the server receives a message with…
- risk 0.42cvss 7.5epss 0.01
GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. In version 4.3.0, a remote Denial of Service (DoS) vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized…
- risk 0.42cvss 6.5epss 0.00
An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view. When resolving a view, the server inspects the aggregation pipeline to determine whether it begins with an Atlas Search stage. For $rankFusion and $scoreFusion,…
- risk 0.42cvss 7.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: pci: validate sequence number of TX release report Hardware rarely reports abnormal sequence number in TX release report, which will access out-of-bounds of wd_ring->pages array, causing NULL…
- risk 0.42cvss 7.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: udplite: Fix null-ptr-deref in __udp_enqueue_schedule_skb(). syzbot reported null-ptr-deref of udp_sk(sk)->udp_prod_queue. [0] Since the cited commit, udp_lib_init_sock() can fail, as can udp_init_sock() and…
- risk 0.42cvss 7.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data() We need to check __in6_dev_get() for possible NULL value, as suggested by Yiming Qian. Also add skb_dst_dev_rcu() instead of…
- risk 0.42cvss 7.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: fix null-ptr-deref in icmp_build_probe() ipv6_stub->ipv6_dev_find() may return ERR_PTR(-EAFNOSUPPORT) when the IPv6 stack is not active (CONFIG_IPV6=m and not loaded), and passing this error…
- risk 0.42cvss 7.5epss 0.01
A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod_dav_lock is not used internally by mod_dav or mod_dav_fs. The only known use-case for mod_dav_lock was mod_dav_svn from…
- risk 0.42cvss 7.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Only put the call ref if one was acquired rxrpc_input_packet_on_conn() can process a to-client packet after the current client call on the channel has already been torn down. In that case chan->call is…
- risk 0.42cvss 7.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: arm64: mm: Handle invalid large leaf mappings correctly It has been possible for a long time to mark ptes in the linear map as invalid. This is done for secretmem, kfence, realm dma memory un/share, and…
- risk 0.42cvss 7.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memory leaks and NULL deref in smb2_lock() smb2_lock() has three error handling issues after list_del() detaches smb_lock from lock_list at no_check_cl: 1) If vfs_lock_file() returns an unexpected…
- risk 0.42cvss 7.5epss 0.01
Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur…
- risk 0.42cvss 7.5epss 0.01
Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur…
- risk 0.42cvss 7.5epss 0.01
Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service…
- risk 0.42cvss 7.5epss 0.00
An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0.
- risk 0.42cvss 7.5epss 0.01
strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication. Attackers…
- risk 0.42cvss 7.5epss 0.01
A NULL pointer dereference in the safe_atou64 function (src/misc.c) of owntone-server through commit c4d57aa allows attackers to cause a Denial of Service (DoS) via sending a series of crafted HTTP requests to the server.
- risk 0.42cvss 7.5epss 0.00
A NULL pointer dereference in the daap_reply_playlists function (src/httpd_daap.c) of owntone-server commit 3d1652d allows attackers to cause a Denial of Service (DoS) via sending a crafted DAAP request to the server
- risk 0.42cvss 7.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix potential NULL pointer dereference in header processing If siw_get_hdr() returns -EINVAL before set_rx_fpdu_context(), qp->rx_fpdu can be NULL. The error path in siw_tcp_rx_data() dereferences…
- risk 0.42cvss 6.5epss 0.01
Sliver is a command and control framework that uses a custom Wireguard netstack. In versions from 1.7.3 and prior, a vulnerability exists in the Sliver C2 server's Protobuf unmarshalling logic due to a systemic lack of nil-pointer validation. By extracting valid implant…