VYPR

CWE-822

Untrusted Pointer Dereference

BaseIncomplete

Description

The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-129

CVEs mapped to this weakness (35)

page 1 of 2
  • CVE-2018-14811CriSep 26, 2018
    risk 0.64cvss 9.8epss 0.04

    Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution.

  • CVE-2018-7497CriMay 15, 2018
    risk 0.64cvss 9.8epss 0.03

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities…

  • CVE-2025-4993CriSep 23, 2025
    risk 0.59cvss 9.1epss 0.00

    Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.10, from 6.1.0 before 6.1.2.27, from 6.0.0 before 6.0.1.43, from 5.3.0…

  • CVE-2026-33120HigApr 14, 2026
    risk 0.57cvss 8.8epss 0.01

    Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.

  • CVE-2026-40367HigMay 12, 2026
    risk 0.55cvss 8.4epss 0.00

    Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  • CVE-2026-20738HigMay 12, 2026
    risk 0.55cvss epss 0.00

    Untrusted pointer dereference for some Intel(R) QuickAssist Adapter 8960 software before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may…

  • CVE-2026-33114HigApr 14, 2026
    risk 0.55cvss 8.4epss 0.00

    Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  • CVE-2024-36352HigSep 6, 2025
    risk 0.55cvss 8.4epss 0.00

    Improper input validation in the AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary writes or denial of service.

  • CVE-2025-20018HigMay 13, 2025
    risk 0.55cvss 8.4epss 0.00

    Untrusted pointer dereference for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-34023HigNov 13, 2024
    risk 0.55cvss 8.4epss 0.00

    Untrusted pointer dereference in some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-40872HigJul 25, 2024
    risk 0.55cvss 8.4epss 0.00

    There is an elevation of privilege vulnerability in server and client components of Absolute Secure Access prior to version 13.07. Attackers with local access and valid desktop user credentials can elevate their privilege to system level by passing invalid address data to the…

  • CVE-2023-42772HigSep 16, 2024
    risk 0.53cvss 8.2epss 0.00

    Untrusted pointer dereference in UEFI firmware for some Intel(R) reference processors may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2026-45645HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2026-45643HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  • CVE-2026-45471HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  • CVE-2026-40369HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.05

    Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

  • CVE-2025-47408HigMay 4, 2026
    risk 0.51cvss 7.8epss 0.00

    Memory corruption when another driver calls an IOCTL with invalid input/output buffer.

  • CVE-2025-47405HigMay 4, 2026
    risk 0.51cvss 7.8epss 0.00

    Memory corruption when processing camera sensor input/output control codes with invalid output buffers.

  • CVE-2026-32222HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Untrusted pointer dereference in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32077HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.