VYPR

CWE-476

NULL Pointer Dereference

BaseStableLikelihood: Medium

Description

The product dereferences a pointer that it expects to be valid but is NULL.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (1,587)

page 28 of 80
  • CVE-2024-56318HigDec 18, 2024
    risk 0.42cvss 7.5epss 0.01

    In raw\TCP.cpp in Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0 before 27ca6ec, there is a NULL pointer dereference in TCPBase::ProcessSingleMessage via TCP packets with zero messageSize, leading to denial of service.

  • CVE-2024-45969HigNov 15, 2024
    risk 0.42cvss 7.5epss 0.00

    NULL pointer dereference in the MMS Client in MZ Automation LibIEC1850 before commit 7afa40390b26ad1f4cf93deaa0052fe7e357ef33 allows a malicious server to Cause a Denial-of-Service via the MMS InitiationResponse message.

  • CVE-2024-24446MedNov 15, 2024
    risk 0.42cvss 6.5epss 0.00

    An uninitialized pointer dereference in OpenAirInterface CN5G AMF up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted InitialContextSetupResponse message sent to the AMF.

  • CVE-2024-47692MedOct 21, 2024
    risk 0.42cvss 6.5epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: nfsd: return -EINVAL when namelen is 0 When we have a corrupted main.sqlite in /var/lib/nfs/nfsdcld/, it may result in namelen being 0, which will cause memdup_user() to return ZERO_SIZE_PTR. When we access…

  • CVE-2024-39132MedJun 27, 2024
    risk 0.42cvss 6.5epss 0.00

    A NULL Pointer Dereference vulnerability in DumpTS v0.1.0-nightly allows attackers to cause a denial of service via the function VerifyCommandLine() at /src/DumpTS.cpp.

  • CVE-2024-37890HigJun 17, 2024
    risk 0.42cvss 7.5epss 0.01

    ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in ws@8.17.1 (e55e510) and backported to ws@7.5.10 (22c2876), ws@6.2.3…

  • CVE-2024-31420MedApr 3, 2024
    risk 0.42cvss 6.5epss 0.01

    A NULL pointer dereference flaw was found in KubeVirt. This flaw allows an attacker who has access to a virtual machine guest on a node with DownwardMetrics enabled to cause a denial of service by issuing a high number of calls to vm-dump-metrics --virtio and then deleting the…

  • CVE-2024-0079MedMar 27, 2024
    risk 0.42cvss 6.5epss 0.00

    NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user in a guest VM can cause a NULL-pointer dereference in the host. A successful exploit of this vulnerability may lead to denial of service.

  • CVE-2024-0078MedMar 27, 2024
    risk 0.42cvss 6.5epss 0.00

    NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user in a guest can cause a NULL-pointer dereference in the host, which may lead to denial of service.

  • CVE-2023-46239HigOct 31, 2023
    risk 0.42cvss 7.5epss 0.01

    quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference (leading to a panic)…

  • CVE-2023-25676HigMar 25, 2023
    risk 0.42cvss 7.5epss 0.00

    TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.ParallelConcat` segfaults with a nullptr dereference when given a parameter `shape` with rank that is not greater than zero. A fix is available in…

  • CVE-2023-25674HigMar 25, 2023
    risk 0.42cvss 7.5epss 0.00

    TensorFlow is an open source machine learning platform. Versions prior to 2.12.0 and 2.11.1 have a null pointer error in RandomShuffle with XLA enabled. A fix is included in TensorFlow 2.12.0 and 2.11.1.

  • CVE-2023-25672HigMar 25, 2023
    risk 0.42cvss 7.5epss 0.00

    TensorFlow is an open source platform for machine learning. The function `tf.raw_ops.LookupTableImportV2` cannot handle scalars in the `values` parameter and gives an NPE. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

  • CVE-2023-25670HigMar 25, 2023
    risk 0.42cvss 7.5epss 0.00

    TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

  • CVE-2023-25665HigMar 25, 2023
    risk 0.42cvss 7.5epss 0.00

    TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `SparseSparseMaximum` is given invalid sparse tensors as inputs, it can give a null pointer error. A fix is included in TensorFlow version 2.12 and version 2.11.1.

  • CVE-2023-25663HigMar 25, 2023
    risk 0.42cvss 7.5epss 0.00

    TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `ctx->step_containter()` is a null ptr, the Lookup function will be executed with a null pointer. A fix is included in TensorFlow 2.12.0 and 2.11.1.

  • CVE-2023-25660HigMar 25, 2023
    risk 0.42cvss 7.5epss 0.00

    TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when the parameter `summarize` of `tf.raw_ops.Print` is zero, the new method `SummarizeArray` will reference to a nullptr, leading to a seg fault. A fix is included in…

  • CVE-2022-23476HigDec 8, 2022
    risk 0.42cvss 7.5epss 0.02

    Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when…

  • CVE-2022-39381HigNov 2, 2022
    risk 0.42cvss 7.5epss 0.01

    Muhammara is a node module with c/cpp bindings to modify PDF with js for node or electron (based/replacement on/of galkhana/hummusjs). The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously…

  • CVE-2022-25867HigAug 2, 2022
    risk 0.42cvss 7.5epss 0.01

    The package io.socket:socket.io-client before 2.0.1 are vulnerable to NULL Pointer Dereference when parsing a packet with with invalid payload format.