CWE-170— Improper Null Termination
43 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-170page 1 of 1
- CVE-2019-11044LOWCVSS 3.7EG 7.52019-12-23
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in appl…
- CVE-2019-11045LOWCVSS 3.7EG 5.92019-12-23
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applica…
- CVE-2019-8275CRITICALCVSS 9.8EG 9.82019-03-08
UltraVNC revision 1211 has multiple improper null termination vulnerabilities in VNC server code, which result in out-of-bound data being accessed by remote users. This attack appears to be exploitable via network connectivity. These vulne…
- CVE-2020-14323MEDIUMCVSS 5.5EG 5.52020-10-29
A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.
- CVE-2020-27736MEDIUMCVSS 6.5EG 6.52021-04-22
A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (A…
- CVE-2020-7066MEDIUMCVSS 5.3EG 4.32020-04-01
In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software…
- CVE-2021-1120HIGHCVSS 7.0EG 7.02021-10-29
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a string provided by the guest OS may not be properly null terminated. The guest OS or attacker has no ability to push content to the plugin thro…
- CVE-2021-1411CRITICALCVSS 9.9EG 9.92021-03-24
Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access s…
- CVE-2021-1417CRITICALCVSS 9.9EG 6.52021-03-24
Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access s…
- CVE-2021-1418CRITICALCVSS 9.9EG 9.92021-03-24
Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access s…
- CVE-2021-1469CRITICALCVSS 9.9EG 7.22021-03-24
Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access s…
- CVE-2021-1471CRITICALCVSS 9.9EG 9.92021-03-24
Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access s…
- CVE-2021-22931CRITICALCVSS 9.8EG 9.82021-08-16
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of w…
- CVE-2021-31884CRITICALCVSS 9.8EG 9.82021-11-09
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BA…
- CVE-2021-31886CRITICALCVSS 9.8EG 9.82021-11-09
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BA…
- CVE-2021-31887HIGHCVSS 8.8EG 8.82021-11-09
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BA…
- CVE-2021-31888HIGHCVSS 8.8EG 8.82021-11-09
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BA…
- CVE-2022-47515HIGHCVSS 7.5EG 7.52022-12-18
An issue was discovered in drachtio-server before 0.8.20. It allows remote attackers to cause a denial of service (daemon crash) via a long message in a TCP request that leads to std::length_error.
- CVE-2023-24021HIGHCVSS 7.5EG 9.82023-01-20
Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collect…
- CVE-2023-28263MEDIUMCVSS 5.5EG 5.52023-04-11
Visual Studio Information Disclosure Vulnerability
- CVE-2023-35321MEDIUMCVSS 6.5EG 6.52023-07-11
Windows Deployment Services Denial of Service Vulnerability
- CVE-2023-36906MEDIUMCVSS 5.5EG 5.52023-08-08
Windows Cryptographic Services Information Disclosure Vulnerability
- CVE-2023-36907MEDIUMCVSS 5.5EG 5.52023-08-08
Windows Cryptographic Services Information Disclosure Vulnerability
- CVE-2023-48674MEDIUMCVSS 6.8EG 6.82024-03-01
Dell Platform BIOS contains an Improper Null Termination vulnerability. A high privilege user with network access to the system could potentially send malicious data to the device in order to cause some services to cease to function.
- CVE-2024-21442HIGHCVSS 7.8EG 7.82024-03-12
Windows USB Print Driver Elevation of Privilege Vulnerability
- CVE-2024-31197MEDIUMCVSS 5.3EG 5.32024-09-18
Improper Null Termination vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of10::Port:unpack. This issue affects libfluid: 0.1.0.
- CVE-2024-31484HIGHCVSS 7.8EG 7.82024-05-14
A vulnerability has been identified in CPC80 Central Processing/Communication (All versions < V16.41), CPCI85 Central Processing/Communication (All versions < V5.30), CPCX26 Central Processing/Communication (All versions < V06.02), ETA4 Et…
- CVE-2024-43474HIGHCVSS 7.6EG 7.62024-09-10
Microsoft SQL Server Information Disclosure Vulnerability
- CVE-2024-45288HIGHCVSS 8.4EG 8.42024-09-05
A missing null-termination character in the last element of an nvlist array string can lead to writing outside the allocated buffer.
- CVE-2025-2026HIGHCVSS 7.1EG 0.02025-12-31
The NPort 6100-G2/6200-G2 Series is affected by a high-severity vulnerability (CVE-2025-2026) that allows remote attackers to execute a null byte injection through the device’s web API. This may lead to an unexpected device reboot and re…
- CVE-2025-61912MEDIUMCVSS 5.3EG 5.32025-10-10
python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, ldap.dn.escape_dn_chars() escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4…
- CVE-2025-62792HIGHCVSS 7.5EG 7.52025-10-29
Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.12.0, a buffer over-read occurs in w_expression_match() when strlen() is called on str_test, because the corresponding buffer is not b…
- CVE-2025-66220MEDIUMCVSS 5.0EG 5.02025-12-03
Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy’s mTLS certificate matcher for match_typed_subject_alt_names may incorrectly treat certificates containing an embedded null by…
- CVE-2025-67790HIGHCVSS 7.5EG 7.52025-12-17
An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. An unprivileged user could cause occasionally a Blue Screen Of Death (BSOD) on Windows computers by using an IOCTL and an unterminated str…
- CVE-2026-21488MEDIUMCVSS 6.1EG 6.12026-01-06
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Out-of-bounds Read, Heap-based Buffer Overflow and Improper Null Termination through its CIccTagText:…
- CVE-2026-23749LOWCVSS 2.9EG 2.92026-02-26
Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of-bounds read due to improper null termination of a blockwise transfer path. blockwise_transfer_init() accepts a path whose length equals CON…
- CVE-2026-24852MEDIUMCVSS 6.1EG 6.12026-01-28
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, a heap buffer over-read when the strlen() function attempts to read a no…
- CVE-2026-33948MEDIUMCVSS 5.3EG 5.32026-04-14
jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows validation bypass via embedded NUL bytes. When reading JSON from files or stdin, jq uses st…
- CVE-2026-34032MEDIUMCVSS 5.3EG 5.32026-05-04
Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.
- CVE-2026-34462HIGHCVSS 7.8EG 7.82026-05-05
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers (KillAllHandler, SuspendAllHandler, and RunSandboxedHandler) copy a WCHAR boxname[34] field from …
- CVE-2026-34464HIGHCVSS 8.8EG 8.82026-05-05
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, NamedPipeServer::OpenHandler copies the server field from NAMED_PIPE_OPEN_REQ into a fixed WCHAR pipename[160] stack buffer usin…
- CVE-2026-40334LOWCVSS 3.5EG 3.52026-04-18
libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptp_unpack_Canon_FE() in camlibs/ptp2/ptp-pack.c (line 1377). The function copies a filename into a 13-byte buff…
- CVE-2026-8721CRITICALCVSS 9.8EG 9.82026-05-17
Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char *, which routes through Perl's default typemap to SvPV_nolen. The Perl length is discarded.…
Map vulnerabilities like CWE-170 to your infrastructure
EchelonGraph correlates every CVE — across CWE-170 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →