Common Weakness Enumeration

CWE-824

Allowed

Access of Uninitialized Pointer

Abstraction: Base · Status: Incomplete

The product accesses or uses a pointer that has not been initialized.

451 vulnerabilities reference this CWE, most recent first.

GHSA-2Q53-R2C4-59VP

Vulnerability from github – Published: 2025-03-13 18:32 – Updated: 2025-03-13 18:32
VLAI
Details

A denial-of-service vulnerability exists in the "GetWebLoginCredentials" function in "Sante PACS Server.exe".

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-2284"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-824"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-13T17:15:39Z",
    "severity": "HIGH"
  },
  "details": "A denial-of-service vulnerability exists in the \"GetWebLoginCredentials\" function in \"Sante PACS Server.exe\".",
  "id": "GHSA-2q53-r2c4-59vp",
  "modified": "2025-03-13T18:32:23Z",
  "published": "2025-03-13T18:32:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2284"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/security/research/tra-2025-08"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2VG6-3MR6-W5MP

Vulnerability from github – Published: 2022-05-02 03:24 – Updated: 2022-05-02 03:24
VLAI
Details

lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2009-1415"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-824"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-04-30T20:30:00Z",
    "severity": "MODERATE"
  },
  "details": "lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free.",
  "id": "GHSA-2vg6-3mr6-w5mp",
  "modified": "2022-05-02T03:24:54Z",
  "published": "2022-05-02T03:24:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1415"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50257"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50260"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50445"
    },
    {
      "type": "WEB",
      "url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515"
    },
    {
      "type": "WEB",
      "url": "http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3502"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34842"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35211"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200905-04.xml"
    },
    {
      "type": "WEB",
      "url": "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3488"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:116"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/34783"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1022157"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1218"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-2WMC-XMV6-FHJQ

Vulnerability from github – Published: 2024-05-14 18:30 – Updated: 2024-05-14 18:30
VLAI
Details

NULL pointer access vulnerability in the clock module Impact: Successful exploitation of this vulnerability will affect availability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-32998"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-824"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-14T15:37:25Z",
    "severity": "MODERATE"
  },
  "details": "NULL pointer access vulnerability in the clock module\nImpact: Successful exploitation of this vulnerability will affect availability.",
  "id": "GHSA-2wmc-xmv6-fhjq",
  "modified": "2024-05-14T18:30:48Z",
  "published": "2024-05-14T18:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32998"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2024/5"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-phones-202405-0000001902628049"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2X3C-49J5-46PJ

Vulnerability from github – Published: 2026-04-30 09:30 – Updated: 2026-04-30 09:30
VLAI
Details

GSM RP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-6870"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-824"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-30T07:16:41Z",
    "severity": "MODERATE"
  },
  "details": "GSM RP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service",
  "id": "GHSA-2x3c-49j5-46pj",
  "modified": "2026-04-30T09:30:25Z",
  "published": "2026-04-30T09:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6870"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21189"
    },
    {
      "type": "WEB",
      "url": "https://www.wireshark.org/security/wnpa-sec-2026-43.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2XPJ-F5G2-8P7M

Vulnerability from github – Published: 2021-04-20 16:30 – Updated: 2024-09-12 21:06
VLAI
Summary
Asyncpg Arbitrary Code Execution Via Access to an Uninitialized Pointer
Details

asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized pointer in the array data decoder.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "asyncpg"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.21.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-17446"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-824"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-04-14T21:35:20Z",
    "nvd_published_at": "2020-08-12T16:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized pointer in the array data decoder.",
  "id": "GHSA-2xpj-f5g2-8p7m",
  "modified": "2024-09-12T21:06:18Z",
  "published": "2021-04-20T16:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17446"
    },
    {
      "type": "WEB",
      "url": "https://github.com/MagicStack/asyncpg/commit/69bcdf5bf7696b98ee708be5408fd7d854e910d0"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/MagicStack/asyncpg"
    },
    {
      "type": "WEB",
      "url": "https://github.com/MagicStack/asyncpg/releases/tag/v0.21.0"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-2xpj-f5g2-8p7m"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/asyncpg/PYSEC-2020-24.yaml"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00002.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Asyncpg Arbitrary Code Execution Via Access to an Uninitialized Pointer"
}

GHSA-323H-XV5H-R9J9

Vulnerability from github – Published: 2022-07-16 00:00 – Updated: 2022-07-16 00:00
VLAI
Details

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-34228"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-824"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-15T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-323h-xv5h-r9j9",
  "modified": "2022-07-16T00:00:29Z",
  "published": "2022-07-16T00:00:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34228"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb22-32.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3325-4GJP-WGF5

Vulnerability from github – Published: 2025-12-11 21:31 – Updated: 2026-06-04 21:31
VLAI
Details

In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Uninitialized Pointer vulnerability can be exploited by an attacker which can lead to arbitrary code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-66588"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-824"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-11T21:15:57Z",
    "severity": "HIGH"
  },
  "details": "In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Uninitialized Pointer vulnerability can be exploited by an attacker which can lead to arbitrary code execution.",
  "id": "GHSA-3325-4gjp-wgf5",
  "modified": "2026-06-04T21:31:18Z",
  "published": "2025-12-11T21:31:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66588"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-345-03.json"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-34VX-JR58-Q9X4

Vulnerability from github – Published: 2022-05-14 03:40 – Updated: 2022-05-14 03:40
VLAI
Details

A remote code execution vulnerability in HPE intelligent Management Center (iMC) PLAT version Plat 7.3 E0504P4 and earlier was found.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-12561"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-824"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-02-15T22:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "A remote code execution vulnerability in HPE intelligent Management Center (iMC) PLAT version Plat 7.3 E0504P4 and earlier was found.",
  "id": "GHSA-34vx-jr58-q9x4",
  "modified": "2022-05-14T03:40:11Z",
  "published": "2022-05-14T03:40:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12561"
    },
    {
      "type": "WEB",
      "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03781en_us"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039495"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-37HV-5W7W-HHJW

Vulnerability from github – Published: 2022-02-25 00:00 – Updated: 2022-03-19 00:01
VLAI
Details

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-3608"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-824"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-24T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in the QEMU implementation of VMWare\u0027s paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a \"PVRDMA_REG_DSRHIGH\" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability.",
  "id": "GHSA-37hv-5w7w-hhjw",
  "modified": "2022-03-19T00:01:43Z",
  "published": "2022-02-25T00:00:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3608"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1973383"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg07926.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202208-27"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220318-0002"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-38JP-8R92-CQG4

Vulnerability from github – Published: 2024-11-10 21:30 – Updated: 2025-11-04 00:32
VLAI
Details

An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-46951"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-824"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-10T21:15:14Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution.",
  "id": "GHSA-38jp-8r92-cqg4",
  "modified": "2025-11-04T00:32:01Z",
  "published": "2024-11-10T21:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46951"
    },
    {
      "type": "WEB",
      "url": "https://bugs.ghostscript.com/show_bug.cgi?id=707991"
    },
    {
      "type": "WEB",
      "url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f49812186baa7d1362880673408a6fbe8719b4f8"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00023.html"
    },
    {
      "type": "WEB",
      "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243942-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.