There is a NULL pointer dereference in rds_tcp_kill_sock() in net/rds/tcp.c that will cause denial of service.
Tag: NULL Pointer Dereference
ASA-2019-00540 – Asterisk: Crash when negotiating for T.38 with a declined stream
When Asterisk sends a re-invite initiating T.38 faxing, and the endpoint responds with a declined media stream a crash will then occur in Asterisk.
ASA-2019-00517 – Apache HTTP Server: Stack buffer overflow and NULL pointer dereference in mod_remoteip
When mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.
ASA-2019-00499 – Wind River VxWorks: Denial of Service (DoS) via NULL dereference in IGMP parsing
This vulnerability require that the TCP/IP-stack is assigned a multicast address the API intended for assigning unicast addresses or something with the same logical flaw is a prerequisite. This vulnerability requires that at least one IPv4 multicast address has been assigned to the target in an incorrect way, i.e., using the API intended for assigning unicast addresses. It is not possible to exploit for multicast addresses added with the proper API, i.e., setsockopt(). An attacker may use CVE-2019-12264 to incorrectly assign a multicast IP address. An attacker on the same LAN as the victim system may use this vulnerability to cause a NULL pointer dereference, which most likely will crash the tNet0 task.
ASA-2019-00364 – Samba: A user with read access to the directory can cause a NULL pointer dereference using the paged search control
A user with read access to the LDAP server can crash the LDAP server process. Depending on the Samba version and the choice of process model, this may crash only the user's own connection.
ASA-2019-00363 – Samba: AD DC Denial of Service in DNS management server (dnsserver)
The (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. An authenticated user can crash the RPC server process via a NULL pointer de-reference.
ASA-2019-00351 – Mozilla Thunderbird: Heap-based buffer overflow in icalmemory_strdup_and_dequote()
A heap-based buffer overflow has been identified in the Thunderbird email client. The issue is present in the libical implementation, which was forked from upstream libical version 0.47. The issue can be triggered remotely, when an attacker sends a specially crafted calendar attachment and does not require user interaction. It might be used by a remote attacker to crash or gain remote code execution in the client system.
ASA-2019-00269 – FreeBSD: Authenticated denial of service in ntpd
A crafted malicious authenticated mode 6 packet from a permitted network address can trigger a NULL pointer dereference. Note for this attack to work, the sending system must be on an address from which the target ntpd(8) accepts mode 6 packets, and must use a private key that is specifically listed as being used for mode 6 authorization.