CVEbaza.plSłownik CWECWE-822
Common Weakness Enumeration

CWE-822

Untrusted Pointer Dereference

Kategoria: BaseCVE: 201
Opis

Produkt uzyskuje wartość z niezaufanego źródła, konwertuje ją na wskaźnik i następnie dereferencuje wynikowy wskaźnik. Może to prowadzić do odczytania lub modyfikacji pamięci pod arbitralnym adresem, stanowiąc zagrożenie bezpieczeństwa.

Description (EN)

The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.

Podatności CVE z CWE-822 (201)
9.8
CVSS
CRITICAL
CVE-2025-50165

Krytyczna podatność w komponencie graficznym systemu Windows umożliwia nieuwierzytelnionemu atakującemu zdalne wykonanie kodu (RCE) przez sieć. Brak wymagań dotyczących uprawnień lub interakcji użytkownika czyni tę podatność szczególnie niebezpieczną.

pub. 2025-08-12
9.8
CVSS
CRITICAL
CVE-2023-1437

All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute commands and overwrite files.

pub. 2023-08-02
9.8
CVSS
CRITICAL
CVE-2018-12548

In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public jdk.crypto.jniprovider.NativeCrypto class contains public static natives which accept pointer values that are dereferenced in the native code.

pub. 2019-01-31
9.8
CVSS
CRITICAL
CVE-2018-17893

LAquis SCADA Versions 4.1.0.3870 and prior has an untrusted pointer dereference vulnerability, which may allow remote code execution.

pub. 2018-10-17
9.8
CVSS
CRITICAL
CVE-2018-14811

Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution.

pub. 2018-09-26
9.8
CVSS
CRITICAL
CVE-2018-7497

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities have been identified, which may allow an attacker to execute arbitrary code.

pub. 2018-05-15
9.3
CVSS
CRITICAL
CVE-2026-48137

There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, potentially resulting in remote code execution.  Successful exploitation requires an attacker  to supply a specially crafted Moniker protobuf message.  This affects NI grpc-device 2.17.0 and prior versions.

pub. 2026-06-19
9.1
CVSS
CRITICAL
CVE-2024-36461

Podatność w platformie Zabbix umożliwia zalogowanym użytkownikom bezpośrednią modyfikację wskaźników pamięci w wbudowanym silniku JavaScript. Luka klasyfikowana jest jako krytyczna (CVSS 9.1) i może prowadzić do poważnych konsekwencji dla integralności, poufności oraz dostępności systemu.

pub. 2024-08-12
9.1
CVSS
CRITICAL
CVE-2023-21643

Memory corruption due to untrusted pointer dereference in automotive during system call.

pub. 2023-08-08
8.8
CVSS
HIGH
CVE-2026-33120

Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.

pub. 2026-04-14
8.8
CVSS
HIGH
CVE-2025-62549

Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

pub. 2025-12-09
8.8
CVSS
HIGH
CVE-2025-27060

Memory corruption while performing SCM call with malformed inputs.

pub. 2025-10-09
8.8
CVSS
HIGH
CVE-2024-43624

Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability

pub. 2024-11-12
8.8
CVSS
HIGH
CVE-2024-37339

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

pub. 2024-09-10
8.8
CVSS
HIGH
CVE-2024-37340

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

pub. 2024-09-10
8.8
CVSS
HIGH
CVE-2024-38104

Windows Fax Service Remote Code Execution Vulnerability

pub. 2024-07-09
8.8
CVSS
HIGH
CVE-2023-0184

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler which may lead to denial of service, escalation of privileges, information disclosure, and data tampering.

pub. 2023-04-22
8.8
CVSS
HIGH
CVE-2023-0189

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

pub. 2023-04-01
8.8
CVSS
HIGH
CVE-2022-34890

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 17.1.1 (51537). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Parallels Tools component. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-16653.

pub. 2022-07-18
8.8
CVSS
HIGH
CVE-2020-27259

The Omron CX-One Version 4.60 and prior may allow an attacker to supply a pointer to arbitrary memory locations, which may allow an attacker to remotely execute arbitrary code.

pub. 2021-02-09
Pokazano 20 z 201 podatności
Informacje
ID: CWE-822
Typ: Base
Podatności: 201
MITRE CWE ↗
← Słownik CWE
CWE-822 — Dereferencja niezaufanego wskaźnika | Słownik CWE | CVEbaza.pl