CWE-824
AllowedAccess of Uninitialized Pointer
Abstraction: Base · Status: Incomplete
The product accesses or uses a pointer that has not been initialized.
451 vulnerabilities reference this CWE, most recent first.
GHSA-G2MM-3MXM-Q4WW
Vulnerability from github – Published: 2022-05-13 01:18 – Updated: 2022-05-13 01:18Teluu PJSIP version 2.7.1 and earlier contains a Access of Null/Uninitialized Pointer vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2.
{
"affected": [],
"aliases": [
"CVE-2018-1000099"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-03-13T01:29:00Z",
"severity": "HIGH"
},
"details": "Teluu PJSIP version 2.7.1 and earlier contains a Access of Null/Uninitialized Pointer vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2.",
"id": "GHSA-g2mm-3mxm-q4ww",
"modified": "2022-05-13T01:18:44Z",
"published": "2022-05-13T01:18:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000099"
},
{
"type": "WEB",
"url": "https://trac.pjsip.org/repos/milestone/release-2.7.2"
},
{
"type": "WEB",
"url": "https://trac.pjsip.org/repos/ticket/2092"
},
{
"type": "WEB",
"url": "https://trac.pjsip.org/repos/ticket/2094"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4170"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G5CG-643P-2M3G
Vulnerability from github – Published: 2022-05-14 03:10 – Updated: 2022-05-14 03:10In the MDSS driver in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, a data structure may be used without being initialized correctly.
{
"affected": [],
"aliases": [
"CVE-2018-5860"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-15T20:29:00Z",
"severity": "MODERATE"
},
"details": "In the MDSS driver in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, a data structure may be used without being initialized correctly.",
"id": "GHSA-g5cg-643p-2m3g",
"modified": "2022-05-14T03:10:21Z",
"published": "2022-05-14T03:10:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5860"
},
{
"type": "WEB",
"url": "https://www.codeaurora.org/security-bulletin/2018/06/04/june-2018-code-aurora-security-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G68J-9RXJ-C36W
Vulnerability from github – Published: 2024-06-19 15:30 – Updated: 2024-10-31 15:30In the Linux kernel, the following vulnerability has been resolved:
mac80211: track only QoS data frames for admission control
For admission control, obviously all of that only works for QoS data frames, otherwise we cannot even access the QoS field in the header.
Syzbot reported (see below) an uninitialized value here due to a status of a non-QoS nullfunc packet, which isn't even long enough to contain the QoS header.
Fix this to only do anything for QoS data packets.
{
"affected": [],
"aliases": [
"CVE-2021-47602"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-19T15:15:54Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac80211: track only QoS data frames for admission control\n\nFor admission control, obviously all of that only works for\nQoS data frames, otherwise we cannot even access the QoS\nfield in the header.\n\nSyzbot reported (see below) an uninitialized value here due\nto a status of a non-QoS nullfunc packet, which isn\u0027t even\nlong enough to contain the QoS header.\n\nFix this to only do anything for QoS data packets.",
"id": "GHSA-g68j-9rxj-c36w",
"modified": "2024-10-31T15:30:58Z",
"published": "2024-06-19T15:30:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47602"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/42d08e97b196479f593499e887a9ab81446a34b9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/46b9e29db2012a4d2a40a26101862e002ccf387b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/69f054d6642c8f6173724ce17e7ee3ff66b8f682"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d5e568c3a4ec2ddd23e7dc5ad5b0c64e4f22981a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/eed897a22230e3231a740eddd7d6d95ba476625f"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G822-H382-CV3P
Vulnerability from github – Published: 2022-06-03 00:01 – Updated: 2022-06-11 00:00The affected product is vulnerable to a heap-based buffer overflow via uninitialized pointer, which may allow an attacker to execute arbitrary code
{
"affected": [],
"aliases": [
"CVE-2022-30540"
],
"database_specific": {
"cwe_ids": [
"CWE-122",
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-02T14:15:00Z",
"severity": "HIGH"
},
"details": "The affected product is vulnerable to a heap-based buffer overflow via uninitialized pointer, which may allow an attacker to execute arbitrary code",
"id": "GHSA-g822-h382-cv3p",
"modified": "2022-06-11T00:00:35Z",
"published": "2022-06-03T00:01:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30540"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-146-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G96G-HXM2-7QVQ
Vulnerability from github – Published: 2023-11-16 18:30 – Updated: 2023-11-16 18:30Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2023-47060"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-16T17:15:08Z",
"severity": "LOW"
},
"details": "Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-g96g-hxm2-7qvq",
"modified": "2023-11-16T18:30:31Z",
"published": "2023-11-16T18:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47060"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-G9GF-4956-GQ9W
Vulnerability from github – Published: 2025-07-09 00:30 – Updated: 2025-07-09 00:30InDesign Desktop versions 19.5.3 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2025-43592"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-08T22:15:25Z",
"severity": "HIGH"
},
"details": "InDesign Desktop versions 19.5.3 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-g9gf-4956-gq9w",
"modified": "2025-07-09T00:30:32Z",
"published": "2025-07-09T00:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43592"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/indesign/apsb25-60.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GCQH-FGCV-64WF
Vulnerability from github – Published: 2023-04-13 00:30 – Updated: 2023-04-13 00:30Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2023-26386"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-12T22:15:00Z",
"severity": "MODERATE"
},
"details": "Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-gcqh-fgcv-64wf",
"modified": "2023-04-13T00:30:49Z",
"published": "2023-04-13T00:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26386"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-26.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GFR5-CGGC-PQ3J
Vulnerability from github – Published: 2024-08-17 09:30 – Updated: 2025-09-29 15:30In the Linux kernel, the following vulnerability has been resolved:
drm/client: Fix error code in drm_client_buffer_vmap_local()
This function accidentally returns zero/success on the failure path. It leads to locking issues and an uninitialized *map_copy in the caller.
{
"affected": [],
"aliases": [
"CVE-2024-42275"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-17T09:15:08Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/client: Fix error code in drm_client_buffer_vmap_local()\n\nThis function accidentally returns zero/success on the failure path.\nIt leads to locking issues and an uninitialized *map_copy in the\ncaller.",
"id": "GHSA-gfr5-cggc-pq3j",
"modified": "2025-09-29T15:30:29Z",
"published": "2024-08-17T09:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42275"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b5fbf924f125ba3638cfdc21c0515eb7e76264ca"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c0f412961653237f52e2f16ee8747fb330bcf074"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GG9P-XJX9-Q4R7
Vulnerability from github – Published: 2022-05-13 01:26 – Updated: 2022-05-13 01:26An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID.
{
"affected": [],
"aliases": [
"CVE-2018-14356"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-17T17:29:00Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID.",
"id": "GHSA-gg9p-xjx9-q4r7",
"modified": "2022-05-13T01:26:29Z",
"published": "2022-05-13T01:26:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14356"
},
{
"type": "WEB",
"url": "https://github.com/neomutt/neomutt/commit/93b8ac558752d09e1c56d4f1bc82631316fa9c82"
},
{
"type": "WEB",
"url": "https://gitlab.com/muttmua/mutt/commit/e154cba1b3fc52bb8cb8aa846353c0db79b5d9c6"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
},
{
"type": "WEB",
"url": "https://neomutt.org/2018/07/16/release"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201810-07"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3719-3"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4277"
},
{
"type": "WEB",
"url": "http://www.mutt.org/news.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GGPJ-5V2H-5JRP
Vulnerability from github – Published: 2022-05-24 17:36 – Updated: 2023-10-12 21:30An issue was discovered in FNET through 4.6.4. The code for IPv6 fragment reassembly tries to access a previous fragment starting from a network incoming fragment that still doesn't have a reference to the previous one (which supposedly resides in the reassembly list). When faced with an incoming fragment that belongs to a non-empty fragment list, IPv6 reassembly must check that there are no empty holes between the fragments: this leads to an uninitialized pointer dereference in _fnet_ip6_reassembly in fnet_ip6.c, and causes Denial-of-Service.
{
"affected": [],
"aliases": [
"CVE-2020-17469"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-11T23:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in FNET through 4.6.4. The code for IPv6 fragment reassembly tries to access a previous fragment starting from a network incoming fragment that still doesn\u0027t have a reference to the previous one (which supposedly resides in the reassembly list). When faced with an incoming fragment that belongs to a non-empty fragment list, IPv6 reassembly must check that there are no empty holes between the fragments: this leads to an uninitialized pointer dereference in _fnet_ip6_reassembly in fnet_ip6.c, and causes Denial-of-Service.",
"id": "GHSA-ggpj-5v2h-5jrp",
"modified": "2023-10-12T21:30:55Z",
"published": "2022-05-24T17:36:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17469"
},
{
"type": "WEB",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/815128"
},
{
"type": "WEB",
"url": "http://fnet.sourceforge.net/manual/fnet_history.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.