Common Weakness Enumeration

CWE-824

Allowed

Access of Uninitialized Pointer

Abstraction: Base · Status: Incomplete

The product accesses or uses a pointer that has not been initialized.

451 vulnerabilities reference this CWE, most recent first.

GHSA-G2MM-3MXM-Q4WW

Vulnerability from github – Published: 2022-05-13 01:18 – Updated: 2022-05-13 01:18
VLAI
Details

Teluu PJSIP version 2.7.1 and earlier contains a Access of Null/Uninitialized Pointer vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-1000099"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-824"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-03-13T01:29:00Z",
    "severity": "HIGH"
  },
  "details": "Teluu PJSIP version 2.7.1 and earlier contains a Access of Null/Uninitialized Pointer vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2.",
  "id": "GHSA-g2mm-3mxm-q4ww",
  "modified": "2022-05-13T01:18:44Z",
  "published": "2022-05-13T01:18:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000099"
    },
    {
      "type": "WEB",
      "url": "https://trac.pjsip.org/repos/milestone/release-2.7.2"
    },
    {
      "type": "WEB",
      "url": "https://trac.pjsip.org/repos/ticket/2092"
    },
    {
      "type": "WEB",
      "url": "https://trac.pjsip.org/repos/ticket/2094"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4170"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G5CG-643P-2M3G

Vulnerability from github – Published: 2022-05-14 03:10 – Updated: 2022-05-14 03:10
VLAI
Details

In the MDSS driver in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, a data structure may be used without being initialized correctly.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-5860"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-824"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-06-15T20:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In the MDSS driver in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, a data structure may be used without being initialized correctly.",
  "id": "GHSA-g5cg-643p-2m3g",
  "modified": "2022-05-14T03:10:21Z",
  "published": "2022-05-14T03:10:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5860"
    },
    {
      "type": "WEB",
      "url": "https://www.codeaurora.org/security-bulletin/2018/06/04/june-2018-code-aurora-security-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G68J-9RXJ-C36W

Vulnerability from github – Published: 2024-06-19 15:30 – Updated: 2024-10-31 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

mac80211: track only QoS data frames for admission control

For admission control, obviously all of that only works for QoS data frames, otherwise we cannot even access the QoS field in the header.

Syzbot reported (see below) an uninitialized value here due to a status of a non-QoS nullfunc packet, which isn't even long enough to contain the QoS header.

Fix this to only do anything for QoS data packets.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47602"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-824"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-19T15:15:54Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac80211: track only QoS data frames for admission control\n\nFor admission control, obviously all of that only works for\nQoS data frames, otherwise we cannot even access the QoS\nfield in the header.\n\nSyzbot reported (see below) an uninitialized value here due\nto a status of a non-QoS nullfunc packet, which isn\u0027t even\nlong enough to contain the QoS header.\n\nFix this to only do anything for QoS data packets.",
  "id": "GHSA-g68j-9rxj-c36w",
  "modified": "2024-10-31T15:30:58Z",
  "published": "2024-06-19T15:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47602"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/42d08e97b196479f593499e887a9ab81446a34b9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/46b9e29db2012a4d2a40a26101862e002ccf387b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/69f054d6642c8f6173724ce17e7ee3ff66b8f682"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d5e568c3a4ec2ddd23e7dc5ad5b0c64e4f22981a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eed897a22230e3231a740eddd7d6d95ba476625f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G822-H382-CV3P

Vulnerability from github – Published: 2022-06-03 00:01 – Updated: 2022-06-11 00:00
VLAI
Details

The affected product is vulnerable to a heap-based buffer overflow via uninitialized pointer, which may allow an attacker to execute arbitrary code

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-30540"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-122",
      "CWE-824"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-02T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "The affected product is vulnerable to a heap-based buffer overflow via uninitialized pointer, which may allow an attacker to execute arbitrary code",
  "id": "GHSA-g822-h382-cv3p",
  "modified": "2022-06-11T00:00:35Z",
  "published": "2022-06-03T00:01:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30540"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-146-02"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G96G-HXM2-7QVQ

Vulnerability from github – Published: 2023-11-16 18:30 – Updated: 2023-11-16 18:30
VLAI
Details

Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-47060"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-824"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-16T17:15:08Z",
    "severity": "LOW"
  },
  "details": "Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-g96g-hxm2-7qvq",
  "modified": "2023-11-16T18:30:31Z",
  "published": "2023-11-16T18:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47060"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G9GF-4956-GQ9W

Vulnerability from github – Published: 2025-07-09 00:30 – Updated: 2025-07-09 00:30
VLAI
Details

InDesign Desktop versions 19.5.3 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-43592"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-824"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-08T22:15:25Z",
    "severity": "HIGH"
  },
  "details": "InDesign Desktop versions 19.5.3 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-g9gf-4956-gq9w",
  "modified": "2025-07-09T00:30:32Z",
  "published": "2025-07-09T00:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43592"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/indesign/apsb25-60.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GCQH-FGCV-64WF

Vulnerability from github – Published: 2023-04-13 00:30 – Updated: 2023-04-13 00:30
VLAI
Details

Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-26386"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-824"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-12T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-gcqh-fgcv-64wf",
  "modified": "2023-04-13T00:30:49Z",
  "published": "2023-04-13T00:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26386"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-26.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GFR5-CGGC-PQ3J

Vulnerability from github – Published: 2024-08-17 09:30 – Updated: 2025-09-29 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/client: Fix error code in drm_client_buffer_vmap_local()

This function accidentally returns zero/success on the failure path. It leads to locking issues and an uninitialized *map_copy in the caller.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-42275"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-824"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-17T09:15:08Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/client: Fix error code in drm_client_buffer_vmap_local()\n\nThis function accidentally returns zero/success on the failure path.\nIt leads to locking issues and an uninitialized *map_copy in the\ncaller.",
  "id": "GHSA-gfr5-cggc-pq3j",
  "modified": "2025-09-29T15:30:29Z",
  "published": "2024-08-17T09:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42275"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b5fbf924f125ba3638cfdc21c0515eb7e76264ca"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c0f412961653237f52e2f16ee8747fb330bcf074"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GG9P-XJX9-Q4R7

Vulnerability from github – Published: 2022-05-13 01:26 – Updated: 2022-05-13 01:26
VLAI
Details

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-14356"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-824"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-17T17:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID.",
  "id": "GHSA-gg9p-xjx9-q4r7",
  "modified": "2022-05-13T01:26:29Z",
  "published": "2022-05-13T01:26:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14356"
    },
    {
      "type": "WEB",
      "url": "https://github.com/neomutt/neomutt/commit/93b8ac558752d09e1c56d4f1bc82631316fa9c82"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/muttmua/mutt/commit/e154cba1b3fc52bb8cb8aa846353c0db79b5d9c6"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://neomutt.org/2018/07/16/release"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201810-07"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3719-3"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4277"
    },
    {
      "type": "WEB",
      "url": "http://www.mutt.org/news.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GGPJ-5V2H-5JRP

Vulnerability from github – Published: 2022-05-24 17:36 – Updated: 2023-10-12 21:30
VLAI
Details

An issue was discovered in FNET through 4.6.4. The code for IPv6 fragment reassembly tries to access a previous fragment starting from a network incoming fragment that still doesn't have a reference to the previous one (which supposedly resides in the reassembly list). When faced with an incoming fragment that belongs to a non-empty fragment list, IPv6 reassembly must check that there are no empty holes between the fragments: this leads to an uninitialized pointer dereference in _fnet_ip6_reassembly in fnet_ip6.c, and causes Denial-of-Service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-17469"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-824"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-11T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in FNET through 4.6.4. The code for IPv6 fragment reassembly tries to access a previous fragment starting from a network incoming fragment that still doesn\u0027t have a reference to the previous one (which supposedly resides in the reassembly list). When faced with an incoming fragment that belongs to a non-empty fragment list, IPv6 reassembly must check that there are no empty holes between the fragments: this leads to an uninitialized pointer dereference in _fnet_ip6_reassembly in fnet_ip6.c, and causes Denial-of-Service.",
  "id": "GHSA-ggpj-5v2h-5jrp",
  "modified": "2023-10-12T21:30:55Z",
  "published": "2022-05-24T17:36:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17469"
    },
    {
      "type": "WEB",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/815128"
    },
    {
      "type": "WEB",
      "url": "http://fnet.sourceforge.net/manual/fnet_history.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.