VYPR

CWE-476

NULL Pointer Dereference

BaseStableLikelihood: Medium

Description

The product dereferences a pointer that it expects to be valid but is NULL.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (1,587)

page 53 of 80
  • CVE-2022-21739MedFeb 3, 2022
    risk 0.35cvss 6.5epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. The implementation of `QuantizedMaxPool` has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this…

  • CVE-2021-22570MedJan 26, 2022
    risk 0.35cvss 6.5epss 0.03

    Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We…

  • CVE-2021-41495MedDec 17, 2021
    risk 0.35cvss 5.3epss 0.01

    Null Pointer Dereference vulnerability exists in numpy.sort in NumPy &lt and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays. NOTE: While correct that validation is…

  • CVE-2020-26235MedNov 24, 2020
    risk 0.35cvss 5.3epss 0.02

    In Rust time crate from version 0.2.7 and before version 0.2.23, unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires the user to set any environment variable in a different thread than the affected functions.…

  • CVE-2019-9635MedApr 24, 2019
    risk 0.35cvss 6.5epss 0.00

    NULL pointer dereference in Google TensorFlow before 1.12.2 could cause a denial of service via an invalid GIF file.

  • CVE-2018-7576MedApr 23, 2019
    risk 0.35cvss 6.5epss 0.00

    Google TensorFlow 1.6.x and earlier is affected by: Null Pointer Dereference. The type of exploitation is: context-dependent.

  • CVE-2018-14471MedJul 20, 2018
    risk 0.35cvss 6.5epss 0.01

    dwg_obj_block_control_get_block_headers in dwg_api.c in GNU LibreDWG 0.5.1048 allows remote attackers to cause a denial of service (NULL pointer dereference and SEGV) via a crafted dwg file.

  • CVE-2017-17251MedApr 24, 2018
    risk 0.35cvss 5.3epss 0.01

    Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01,…

  • CVE-2017-1000360MedApr 24, 2017
    risk 0.35cvss 5.3epss 0.01

    StreamCorruptedException and NullPointerException in OpenDaylight odl-mdsal-xsql. Controller launches exceptions in the console. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0.

  • CVE-2015-8750MedFeb 13, 2017
    risk 0.35cvss 6.5epss 0.02

    libdwarf 20151114 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a debug_abbrev section marked NOBITS in an ELF file.

  • CVE-2026-12329MedJun 16, 2026
    risk 0.34cvss 5.3epss 0.00

    Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12 and Thunderbird 140.12.

  • CVE-2026-6778MedApr 21, 2026
    risk 0.34cvss 5.3epss 0.00

    Invalid pointer in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

  • CVE-2025-7700MedNov 7, 2025
    risk 0.34cvss 5.3epss 0.00

    A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to…

  • CVE-2025-42902MedOct 14, 2025
    risk 0.34cvss 5.3epss 0.00

    Due to the memory corruption vulnerability in SAP NetWeaver AS ABAP and ABAP Platform, an unauthenticated attacker can send a corrupted SAP Logon Ticket or SAP Assertion Ticket to the SAP application server. This leads to a dereference of NULL which makes the work process crash.…

  • CVE-2025-32909MedApr 14, 2025
    risk 0.34cvss 5.3epss 0.00

    A flaw was found in libsoup. SoupContentSniffer may be vulnerable to a NULL pointer dereference in the sniff_mp4 function. The HTTP server may cause the libsoup client to crash.

  • CVE-2025-0696MedJan 27, 2025
    risk 0.34cvss 5.3epss 0.00

    A NULL Pointer Dereference vulnerability in Cesanta Frozen versions less than 1.7 allows an attacker to induce a crash of the component embedding the library by supplying a maliciously crafted JSON as input.

  • CVE-2024-52546MedDec 3, 2024
    risk 0.34cvss 5.3epss 0.01

    An unauthenticated attacker can perform a null pointer dereference in the DHIP Service (UDP port 37810). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.

  • CVE-2024-47586MedNov 12, 2024
    risk 0.34cvss 5.3epss 0.04

    SAP NetWeaver Application Server for ABAP and ABAP Platform allows an unauthenticated attacker to send a maliciously crafted http request which could cause a null pointer dereference in the kernel. This dereference will result in the system crashing and rebooting, causing the…

  • CVE-2024-34044MedApr 30, 2024
    risk 0.34cvss 5.3epss 0.00

    The O-RAN E2T I-Release buildPrometheusList function can have a NULL pointer dereference because peerInfo can be NULL.

  • CVE-2023-50432MedApr 29, 2024
    risk 0.34cvss 5.3epss 0.00

    simple-dhcp-server through ec976d2 allows remote attackers to cause a denial of service (daemon crash) by sending a DHCP packet without any option fields, which causes free_packet in dhcp_packet.c to dereference a NULL pointer.