CWE-822
AllowedUntrusted Pointer Dereference
Abstraction: Base · Status: Incomplete
The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.
380 vulnerabilities reference this CWE, most recent first.
GHSA-3632-54Q8-M96X
Vulnerability from github – Published: 2025-09-02 17:22 – Updated: 2025-09-02 17:22The crate has the following vulnerabilities:
-
The public trait
arenavec::common::AllocHandleallows the return of raw pointers through its methodsallocateandallocate_or_extend. However, the trait is not marked as unsafe, meaning users of the crate may implement it under the assumption that the library safely handles the returned raw pointers. These raw pointers can later be dereferenced within safe APIs of the crate-such asarenavec::common::SliceVec::push-potentially leading to arbitrary memory access. -
The safe API
arenavec::common::SliceVec::reservecan reach the private functionarenavec::common::allocate_inner. Incorrect behavior inallocate_innermay result in aSliceVecwith an increased capacity, even though the underlying memory has not actually been expanded. This mismatch betweenSliceVec.capacityand the actual reserved memory can lead to a heap buffer overflow. -
The safe API
arenavec::common::SliceVec::split_offcan duplicate the ownership of the elements inself(of typeSliceVec) if they implement theDroptrait. Specifically, whenat == 0, the method returns a newSliceVecwith the same length asself. Since bothselfand the returned object point to the same heap memory, dropping one will deallocate the shared memory. When the other is subsequently dropped, it will attempt to free the same memory again, resulting in a double free violation.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "arenavec"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.1.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-122",
"CWE-415",
"CWE-822"
],
"github_reviewed": true,
"github_reviewed_at": "2025-09-02T17:22:36Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "The crate has the following vulnerabilities:\n\n- The public trait `arenavec::common::AllocHandle` allows the return of raw pointers through its methods `allocate` and `allocate_or_extend`. However, the trait is not marked as unsafe, meaning users of the crate may implement it under the assumption that the library safely handles the returned raw pointers. These raw pointers can later be dereferenced within safe APIs of the crate-such as `arenavec::common::SliceVec::push`-potentially leading to arbitrary memory access.\n\n- The safe API `arenavec::common::SliceVec::reserve` can reach the private function `arenavec::common::allocate_inner`. Incorrect behavior in `allocate_inner` may result in a `SliceVec` with an increased capacity, even though the underlying memory has not actually been expanded. This mismatch between `SliceVec.capacity` and the actual reserved memory can lead to a heap buffer overflow.\n\n- The safe API `arenavec::common::SliceVec::split_off` can duplicate the ownership of the elements in `self` (of type `SliceVec`) if they implement the `Drop` trait. Specifically, when `at == 0`, the method returns a new `SliceVec` with the same length as `self`. Since both `self` and the returned object point to the same heap memory, dropping one will deallocate the shared memory. When the other is subsequently dropped, it will attempt to free the same memory again, resulting in a double free violation.",
"id": "GHSA-3632-54q8-m96x",
"modified": "2025-09-02T17:22:36Z",
"published": "2025-09-02T17:22:36Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ibabushkin/arenavec/issues/4"
},
{
"type": "WEB",
"url": "https://github.com/ibabushkin/arenavec/issues/5"
},
{
"type": "WEB",
"url": "https://github.com/ibabushkin/arenavec/issues/6"
},
{
"type": "PACKAGE",
"url": "https://github.com/ibabushkin/arenavec"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2025-0053.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "arenavec has multiple memory corruption vulnerabilities in safe APIs"
}
GHSA-3828-PJXX-WP2J
Vulnerability from github – Published: 2025-11-11 18:30 – Updated: 2025-11-11 18:30Untrusted pointer dereference in Storvsp.sys Driver allows an authorized attacker to deny service locally.
{
"affected": [],
"aliases": [
"CVE-2025-60708"
],
"database_specific": {
"cwe_ids": [
"CWE-822"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-11T18:15:38Z",
"severity": "MODERATE"
},
"details": "Untrusted pointer dereference in Storvsp.sys Driver allows an authorized attacker to deny service locally.",
"id": "GHSA-3828-pjxx-wp2j",
"modified": "2025-11-11T18:30:21Z",
"published": "2025-11-11T18:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60708"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60708"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3986-R924-XXJC
Vulnerability from github – Published: 2024-11-12 18:30 – Updated: 2024-11-12 18:30Windows Secure Kernel Mode Elevation of Privilege Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-43646"
],
"database_specific": {
"cwe_ids": [
"CWE-822"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-12T18:15:35Z",
"severity": "MODERATE"
},
"details": "Windows Secure Kernel Mode Elevation of Privilege Vulnerability",
"id": "GHSA-3986-r924-xxjc",
"modified": "2024-11-12T18:30:59Z",
"published": "2024-11-12T18:30:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43646"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43646"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-39FM-J66R-FFJ4
Vulnerability from github – Published: 2025-06-03 06:31 – Updated: 2025-06-03 06:31Memory corruption during dynamic process creation call when client is only passing address and length of shell binary.
{
"affected": [],
"aliases": [
"CVE-2025-21486"
],
"database_specific": {
"cwe_ids": [
"CWE-822"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-03T06:15:26Z",
"severity": "HIGH"
},
"details": "Memory corruption during dynamic process creation call when client is only passing address and length of shell binary.",
"id": "GHSA-39fm-j66r-ffj4",
"modified": "2025-06-03T06:31:14Z",
"published": "2025-06-03T06:31:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21486"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3F7X-M7W7-VQR9
Vulnerability from github – Published: 2026-05-04 18:30 – Updated: 2026-05-04 18:30Memory corruption when processing camera sensor input/output control codes with invalid output buffers.
{
"affected": [],
"aliases": [
"CVE-2025-47405"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-822"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-04T17:16:20Z",
"severity": "HIGH"
},
"details": "Memory corruption when processing camera sensor input/output control codes with invalid output buffers.",
"id": "GHSA-3f7x-m7w7-vqr9",
"modified": "2026-05-04T18:30:30Z",
"published": "2026-05-04T18:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47405"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2026-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3GX2-67XW-9FC9
Vulnerability from github – Published: 2024-07-25 18:32 – Updated: 2024-07-25 18:32There is an elevation of privilege vulnerability in server and client components of Absolute Secure Access prior to version 13.07. Attackers with local access and valid desktop user credentials can elevate their privilege to system level by passing invalid address data to the vulnerable component. This could be used to manipulate process tokens to elevate the privilege of a normal process to System. The scope is changed, the impact to system confidentiality and integrity is high, the impact to the availability of the effected component is none.
{
"affected": [],
"aliases": [
"CVE-2024-40872"
],
"database_specific": {
"cwe_ids": [
"CWE-822"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-25T17:15:10Z",
"severity": "HIGH"
},
"details": "There is an elevation of privilege vulnerability in server\nand client components of Absolute Secure Access prior to version 13.07.\nAttackers with local access and valid desktop user credentials can elevate\ntheir privilege to system level by passing invalid address data to the vulnerable\ncomponent. This could be used to\nmanipulate process tokens to elevate the privilege of a normal process to\nSystem. The scope is changed, the impact to system confidentiality and\nintegrity is high, the impact to the availability of the effected component is\nnone.",
"id": "GHSA-3gx2-67xw-9fc9",
"modified": "2024-07-25T18:32:36Z",
"published": "2024-07-25T18:32:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40872"
},
{
"type": "WEB",
"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1307/cve-2024-40872"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3JR6-JFQC-MJCF
Vulnerability from github – Published: 2023-01-26 21:30 – Updated: 2024-11-27 21:32This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18677.
{
"affected": [],
"aliases": [
"CVE-2022-42418"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-822"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-26T18:59:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18677.",
"id": "GHSA-3jr6-jfqc-mjcf",
"modified": "2024-11-27T21:32:39Z",
"published": "2023-01-26T21:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42418"
},
{
"type": "WEB",
"url": "https://www.tracker-software.com/product/pdf-xchange-editor/history"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1387"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3Q27-8G46-2VWM
Vulnerability from github – Published: 2024-08-12 15:30 – Updated: 2025-11-04 00:31Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine.
{
"affected": [],
"aliases": [
"CVE-2024-36461"
],
"database_specific": {
"cwe_ids": [
"CWE-822"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-12T13:38:22Z",
"severity": "CRITICAL"
},
"details": "Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine.",
"id": "GHSA-3q27-8g46-2vwm",
"modified": "2025-11-04T00:31:11Z",
"published": "2024-08-12T15:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36461"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00000.html"
},
{
"type": "WEB",
"url": "https://support.zabbix.com/browse/ZBX-25018"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3RCG-83X5-6R67
Vulnerability from github – Published: 2026-01-07 12:31 – Updated: 2026-01-07 12:31Memory corruption while processing a video session to set video parameters.
{
"affected": [],
"aliases": [
"CVE-2025-47343"
],
"database_specific": {
"cwe_ids": [
"CWE-822"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-07T12:17:03Z",
"severity": "HIGH"
},
"details": "Memory corruption while processing a video session to set video parameters.",
"id": "GHSA-3rcg-83x5-6r67",
"modified": "2026-01-07T12:31:24Z",
"published": "2026-01-07T12:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47343"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-443W-GF2F-8H6X
Vulnerability from github – Published: 2025-04-08 18:34 – Updated: 2025-04-08 18:34Untrusted pointer dereference in Windows Kernel Memory allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2025-29812"
],
"database_specific": {
"cwe_ids": [
"CWE-822"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-08T18:16:07Z",
"severity": "HIGH"
},
"details": "Untrusted pointer dereference in Windows Kernel Memory allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-443w-gf2f-8h6x",
"modified": "2025-04-08T18:34:57Z",
"published": "2025-04-08T18:34:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29812"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29812"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-129: Pointer Manipulation
This attack pattern involves an adversary manipulating a pointer within a target application resulting in the application accessing an unintended memory location. This can result in the crashing of the application or, for certain pointer values, access to data that would not normally be possible or the execution of arbitrary code. Since pointers are simply integer variables, Integer Attacks may often be used in Pointer Attacks.