VYPR

CWE-476

NULL Pointer Dereference

BaseStableLikelihood: Medium

Description

The product dereferences a pointer that it expects to be valid but is NULL.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (1,587)

page 52 of 80
  • CVE-2016-1814MedMay 20, 2016
    risk 0.36cvss 5.5epss 0.01

    IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.

  • CVE-2010-3079MedSep 30, 2010
    risk 0.36cvss 5.5epss 0.00

    kernel/trace/ftrace.c in the Linux kernel before 2.6.35.5, when debugfs is enabled, does not properly handle interaction between mutex possession and llseek operations, which allows local users to cause a denial of service (NULL pointer dereference and outage of all function…

  • CVE-2026-44317MedMay 27, 2026
    risk 0.35cvss 6.5epss 0.00

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's PCF POST /npcf-policyauthorization/v1/app-sessions handler panics on a single authenticated request whose ascReqData.suppFeat == "1" (enabling traffic-routing feature negotiation) and…

  • CVE-2026-41069MedMay 22, 2026
    risk 0.35cvss 6.5epss 0.00

    libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS. A malformed file can have stco.entry_count == 0 (creating no chunks) while…

  • CVE-2026-7259MedMay 10, 2026
    risk 0.35cvss 6.5epss 0.00

    In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to  a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is…

  • CVE-2026-42183MedMay 9, 2026
    risk 0.35cvss 6.5epss 0.00

    Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, a nil pointer dereference in server/auth/gatekeeper.go rbacAuthorization() causes a panic (denial of service) for SSO…

  • CVE-2026-41684MedMay 7, 2026
    risk 0.35cvss 6.5epss 0.00

    Incus is a system container and virtual machine manager. Prior to version 7.0.0, backup.GetInfo() trusts the inline backup/index.yaml config when present and only falls back to parsing the legacy backup/container/backup.yaml file if result.Config == nil. As a result, an archive…

  • CVE-2026-41647MedMay 7, 2026
    risk 0.35cvss 6.5epss 0.00

    Incus is a system container and virtual machine manager. Prior to version 7.0.0, a missing error handling could lead an authenticated Incus user to cause a daemon crash through the import of a truncated storage bucket backup file. This issue has been patched in version 7.0.0.

  • CVE-2026-40197MedMay 6, 2026
    risk 0.35cvss 6.5epss 0.00

    Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The custom volume backup…

  • CVE-2026-40195MedMay 6, 2026
    risk 0.35cvss 6.5epss 0.00

    Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage bucket import logic allows an authenticated user with access to the storage bucket feature to cause the Incus daemon to crash. The vulnerability is present…

  • CVE-2025-70070MedMay 4, 2026
    risk 0.35cvss 6.5epss 0.00

    An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXMeshGeometry.cpp, MeshGeometry::MeshGeometry()

  • CVE-2026-5590MedApr 5, 2026
    risk 0.35cvss 6.4epss 0.00

    A race condition during TCP connection teardown can cause tcp_recv() to operate on a connection that has already been released. If tcp_conn_search() returns NULL while processing a SYN packet, a NULL pointer derived from stale context data is passed to tcp_backlog_is_full() and…

  • CVE-2026-33907MedMar 27, 2026
    risk 0.35cvss 6.5epss 0.00

    Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing Authentication Response and Authentication Failure NAS message missing IEs. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service…

  • CVE-2026-33903MedMar 27, 2026
    risk 0.35cvss 6.5epss 0.00

    Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing a specially crafted NGAP LocationReport message. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected…

  • CVE-2026-28522MedMar 16, 2026
    risk 0.35cvss 6.5epss 0.00

    arduino-TuyaOpen before version 1.2.1 contains a null pointer dereference vulnerability in the WiFiUDP component. An attacker on the same local area network can send a large volume of malicious UDP packets that trigger a null pointer dereference, resulting in a denial-of-service…

  • CVE-2024-52296MedNov 12, 2024
    risk 0.35cvss 6.5epss 0.00

    libosdp is an implementation of IEC 60839-11-5 OSDP (Open Supervised Device Protocol) and provides a C library with support for C++, Rust and Python3. At ospd_common.c, on the osdp_reply_name function, any reply id between REPLY_ACK and REPLY_XRD is valid, but names array do not…

  • CVE-2024-3186MedOct 17, 2024
    risk 0.35cvss 5.3epss 0.00

    CWE-476 NULL Pointer Dereference vulnerability in the evalExpr() function of GoAhead Web Server (version <= 6.0.0) when compiled with the ME_GOAHEAD_JAVASCRIPT flag. This vulnerability allows a remote attacker with the privileges to modify JavaScript template (JST) files to…

  • CVE-2022-23589MedFeb 4, 2022
    risk 0.35cvss 6.5epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one…

  • CVE-2022-23577MedFeb 4, 2022
    risk 0.35cvss 6.5epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. The implementation of `GetInitOp` is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3,…

  • CVE-2022-23570MedFeb 4, 2022
    risk 0.35cvss 6.5epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a `DCHECK`. However, `DCHECK` is a…