CVE-2026-42767

The CVE-2026-42767 issue affects the OpenSSL CMP client: processing a CRMF CertRepMessage with EncryptedValue where symmAlg has an OID but no parameters can trigger a NULL pointer dereference, crashing the CMP client and enabling DoS. The vulnerability is due to improper handling during CMP respo...

CVE-2026-42766

The CVE-2026-42766 entry documents a NULL pointer dereference in OpenSSL’s CMS decryption for password-based CMS messages. Specifically, PasswordRecipientInfo.keyDerivationAlgorithm is OPTIONAL and may be absent; OpenSSL’s CMS decryption dereferences this field without checking, triggering an app...

CVE-2026-42764 NULL Pointer Dereference in QUIC Server Initial Packet Handling

Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server process and a Denial ...

CVE-2026-42764

Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server process and a Denial ...

CVE-2026-42765 NULL Dereference in Certificate Verification with OCSP Checking

Issue summary: When a partial-chain certificate verification is enabled together with OCSP response checking for the whole chain, a NULL dereference will happen if the verified chain does not have a self-signed trusted anchor, crashing the process. Impact summary: A NULL pointer dereference can...

CVE-2026-42765

CVE-2026-42765 describes a NULL dereference in certificate verification when OCSP response checking is enabled together with partial-chain verification. The issue triggers a crash (Denial of Service) if the verified chain lacks a self-signed trusted anchor, because for the last certificate the is...

CVE-2026-42764 NULL Pointer Dereference in QUIC Server Initial Packet Handling

Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server process and a Denial ...

Windows Kerberos Denial of Service Vulnerability

Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network...

CVE-2026-11788 389-ds-base: 389-ds-base: null pointer dereference in deref control plugin ber parser

A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure...

CVE-2026-11788

The vulnerability CVE-2026-11788 affects 389 Directory Server (389-ds-base) in the dereference control plugin BER parser. The root cause is that the plugin does not check for BER allocation failures before using structures, enabling a null pointer/dereference scenario that can crash the LDAP serv...

CVE-2026-11788 389-ds-base: 389-ds-base: null pointer dereference in deref control plugin ber parser

A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure...

SUSE CVE-2026-46305

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: osdep: avoid NULL pointer dereference in rtwcbufalloc The return value of kzallocflex is used without ensuring that the allocation succeeded, and the pointer is dereferenced unconditionally. Guard the access t...

SUSE CVE-2026-46310

In the Linux kernel, the following vulnerability has been resolved: media: renesas: vsp1: Fix NULL pointer deref on module unload When unloading the module on gen 4, we hit a NULL pointer dereference. This is caused by the cleanup code calling vsp1drmcleanup where it should be calling...

Adobe InDesign Desktop 代码问题漏洞

Adobe InDesign Desktop is a page layout software developed by Adobe, a company based in America. Versions of Adobe InDesign Desktop such as 21.3, 20.5.3, and earlier versions have code vulnerabilities. These vulnerabilities stem from null pointer dereferencing issues, which can lead to applicatio...

Adobe InDesign Desktop 代码问题漏洞

Adobe InDesign Desktop is a page layout software developed by Adobe, a company based in America. Versions of Adobe InDesign Desktop such as 21.3, 20.5.3, and earlier versions have code vulnerabilities. These vulnerabilities stem from null pointer dereferencing issues, which can lead to applicatio...

PT-2026-48141

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this...

OpenSSL 代码问题漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team, capable of implementing Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure hash...

OpenSSL 1.0.2 < 1.0.2zq Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.2zq. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.2zq advisory. - Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption...

OpenSSL 1.1.1 < 1.1.1zh Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.1.1zh. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.1zh advisory. - Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption...

PT-2026-47834

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description A NULL pointer dereference occurs in the OpenSSL QUIC server when receiving a QUIC initial packet containing an invalid or expired token. This issue is triggered specifically when address...