GHSA-RM5C-5X2P-48WR Klever-Go KVM: Unauthenticated remote node crash (nil-pointer DoS) in klever-go P2P transaction interceptor (txVersionChecker nil RawData) - potential chain halt

Summary Every transaction gossiped on the klever-go P2P network is decoded and validated synchronously inside the libp2p pubsub topic-validator callback. The validator txVersionChecker.CheckTxVersion dereferences tx.RawData.Version with no nil check. A protobuf Transaction whose embedded RawData...

Integer Underflow (Wrap or Wraparound)

Overview Affected versions of this package are vulnerable to Integer Underflow Wrap or Wraparound in the DecodeFromBytes function. An attacker can trigger a nil pointer dereference and panic by supplying a malicious BGP UPDATE message with a declared section length shorter than the actual data...

CVE-2026-44328

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. On top of that, the DELETE /upi/v1/upNodesLinks/upNodeRef handler unconditionally dereferences upNode.UPF after the type-guarded...

CVE-2026-44322

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF PATCH /3gpp-pfd-management/v1/afId/transactions/transId/applications/appId handler panics with a nil-pointer dereference when the upstream UDR call fails AND the consumer wrapper returns err != nil...

CVE-2026-44328 free5GC: SMF UPI DELETE /upi/v1/upNodesLinks/{ref} panics on AN-node deletion via nil UPF dereference; unauthenticated, state-mutating

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. On top of that, the DELETE /upi/v1/upNodesLinks/upNodeRef handler unconditionally dereferences upNode.UPF after the type-guarded...

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the DELETE handler in SMF unconditionally canceling the reference to UPF objects, which could lead to a null...

PT-2026-40269

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, a nil pointer dereference in server/auth/gatekeeper.go rbacAuthorization causes a panic denial of service for SSO users whose claims match a...

CVE-2026-42183

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, a nil pointer dereference in server/auth/gatekeeper.go rbacAuthorization causes a panic denial of service for SSO users whose claims match a...

Improper Check for Unusual or Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the provisioningOfTrafficRoutingInfo function when a POST request to the app-session creation endpoint includes suppFeat set to "1" and a medComponents entry with afAppId present b...

GHSA-WR8J-6CHW-GM6P free5GC's PCF npcf-smpolicycontrol POST /sm-policies panics on downstream UDR/OpenAPI 404 via nil pointer dereference

Summary free5GC's PCF POST /npcf-smpolicycontrol/v1/sm-policies handler HandleCreateSmPolicyRequest panics with a nil-pointer dereference when a downstream OpenAPI consumer call UDR lookup returns 404 Not Found and the consumer wrapper returns err != nil together with a nil response struct. The...

CVE-2026-41642 GoBGP: Remote Denial of Service (Panic) via Malformed Well-known Path Attribute

GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. In version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: Check for unset descriptor Ensure that the descriptor has been set before checking maxpacket. This fixes a null pointer panic in this case. This issue may occur if the gadget does not properly set up the endpoi...

GoBGP has Remote Denial of Service (Panic) via Malformed Well-known Path Attribute

Summary A remote Denial of Service DoS vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as "Well-known," the daemon fails to interrupt the message handling flow. This results in an illegal memory...

GHSA-7235-89M6-F4PX GoBGP has Remote Denial of Service (Panic) via Malformed Well-known Path Attribute

Summary A remote Denial of Service DoS vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as "Well-known," the daemon fails to interrupt the message handling flow. This results in an illegal memory...

Missing Default Case in Switch Statement

Overview Affected versions of this package are vulnerable to Missing Default Case in Switch Statement in the DataChangeNotification process due to a nil pointer dereference. An attacker can cause a panic and disrupt service availability by triggering this process with crafted input. Remediation...

CVE-2026-25501

free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, SMF panics due to nil pointer dereference and the SMF process terminates. This is triggered by a malformed PFCP...

CVE-2026-25501

free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, SMF panics due to nil pointer dereference and the SMF process terminates. This is triggered by a malformed PFCP...

CVE-2026-23051

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix drm panic null pointer when driver not support atomic When driver not support atomic, fb using plane-fb rather than plane-state-fb. cherry picked from commit 2f2a72de673513247cd6fae14e53f6c40c5841ef...

PT-2026-6121

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix drm panic null pointer when driver not support atomic When driver not support atomic, fb using plane-fb rather than plane-state-fb. cherry picked from commit 2f2a72de673513247cd6fae14e53f6c40c5841ef...

CVE-2023-54192

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix null pointer panic in tracepoint in replaceatomicwriteblock We got a kernel panic if oldaddr is NULL. https://bugzilla.kernel.org/showbug.cgi?id=217266 BUG: kernel NULL pointer dereference, address: 0000000000000000 Cal...