Description
Query PR
Language
C/C++
CVE(s) ID list
Most results are not yet fixed nor disclosed... About half of the top 100 C projects have at least one report.
Some reports are kind of duplicates when there is a vendor dependency which is in multiple projects...
How should I go about it ?
CWE
476
Report
The vulnerability is a NULL dereference.
2.
A function may return NULL, and its return value is not checked before passing it to another function which dereferences it, also without checking it.
3.
This query was inspired by a real bug cf OISF/suricata#11098
4.
I first worked on the query on Suricata database, then I ran it on the top 100 C projects to refine it.
I guess there are still a few false positives to address, when there is a disguised check against the pointer being NULL (like checking an integer representing a size greater than zero)
5.
Most results seem to come from ignoring malloc or such return.
Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).
- Yes
- No
Blog post link
No response