VYPR

CWE-476

NULL Pointer Dereference

BaseStableLikelihood: Medium

Description

The product dereferences a pointer that it expects to be valid but is NULL.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (1,587)

page 76 of 80
  • CVE-2024-36620Nov 29, 2024
    risk 0.00cvss epss 0.01

    moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go.

  • CVE-2023-45925Mar 27, 2024
    risk 0.00cvss epss 0.00

    GNU Midnight Commander 4.8.29-146-g299d9a2fb was discovered to contain a NULL pointer dereference via the function x_error_handler() at tty/x11conn.c. NOTE: this is disputed because it should be categorized as a usability problem (an X operation silently fails).

  • CVE-2024-26130Feb 21, 2024
    risk 0.00cvss epss 0.01

    cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the…

  • CVE-2021-43667HigNov 18, 2021
    risk 0.00cvss 7.5epss 0.01

    A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. This bug can be leveraged by constructing a message whose payload is nil and sending this message with the method 'forwardToLeader'. This bug has been admitted and fixed by the developers of Fabric.…

  • CVE-2018-17293HigSep 21, 2018
    risk 0.00cvss 8.8epss 0.02

    An issue was discovered in WAVM before 2018-09-16. The run function in Programs/wavm/wavm.cpp does not check whether there is Emscripten memory to store the command-line arguments passed by the input WebAssembly file's main function, which allows attackers to cause a denial of…

  • CVE-2018-16749MedSep 9, 2018
    risk 0.00cvss 6.5epss 0.02

    In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file.

  • CVE-2017-2634HigJul 27, 2018
    risk 0.00cvss 7.5epss 0.05

    It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation before 2.6.22.17 used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use…

  • CVE-2018-13303MedJul 5, 2018
    risk 0.00cvss 6.5epss 0.01

    In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service.

  • CVE-2018-13301MedJul 5, 2018
    risk 0.00cvss 6.5epss 0.01

    In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service.

  • CVE-2018-13094MedJul 3, 2018
    risk 0.00cvss 5.5epss 0.02

    An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp.

  • CVE-2018-13093MedJul 3, 2018
    risk 0.00cvss 5.5epss 0.02

    An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that…

  • CVE-2018-12460MedJun 15, 2018
    risk 0.00cvss 6.5epss 0.01

    libavcodec in FFmpeg 4.0 may trigger a NULL pointer dereference if the studio profile is incorrectly detected while converting a crafted AVI file to MPEG4, leading to a denial of service, related to idctdsp.c and mpegvideo.c.

  • CVE-2018-12249HigJun 12, 2018
    risk 0.00cvss 7.5epss 0.02

    An issue was discovered in mruby 1.4.1. There is a NULL pointer dereference in mrb_class_real because "class BasicObject" is not properly supported in class.c.

  • CVE-2018-12247HigJun 12, 2018
    risk 0.00cvss 7.5epss 0.02

    An issue was discovered in mruby 1.4.1. There is a NULL pointer dereference in mrb_class, related to certain .clone usage, because mrb_obj_clone in kernel.c copies flags other than the MRB_FLAG_IS_FROZEN flag (e.g., the embedded flag).

  • CVE-2018-1000200MedJun 5, 2018
    risk 0.00cvss 5.5epss 0.00

    The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory (OOM) killing of large mlocked processes. The issue arises from an oom killed process's final thread calling exit_mmap(), which calls munlock_vma_pages_all() for…

  • CVE-2018-11695HigJun 4, 2018
    risk 0.00cvss 8.8epss 0.02

    An issue was discovered in LibSass <3.5.3. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.

  • CVE-2018-11591MedMay 31, 2018
    risk 0.00cvss 5.5epss 0.01

    Espruino before 1.98 allows attackers to cause a denial of service (application crash) with a user crafted input file via a NULL pointer dereference during syntax parsing. This was addressed by adding validation for a debug trace print statement in jsvar.c.

  • CVE-2018-1130MedMay 10, 2018
    risk 0.00cvss 5.5epss 0.01

    Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.

  • CVE-2018-10074MedApr 12, 2018
    risk 0.00cvss 5.5epss 0.00

    The hi3660_stub_clk_probe function in drivers/clk/hisilicon/clk-hi3660-stub.c in the Linux kernel before 4.16 allows local users to cause a denial of service (NULL pointer dereference) by triggering a failure of resource retrieval.

  • CVE-2018-1095MedApr 2, 2018
    risk 0.00cvss 5.5epss 0.01

    The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of service (get_acl NULL pointer…