Vulnerabilities > CVE-2018-3841 - NULL Pointer Dereference vulnerability in Pixar Renderman 21.6

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

pixar

CWE-476

NVD

Published: 2018-06-26

Updated: 2023-02-04

Summary

A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x69). The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read-in is not validated, and its use can lead to a null pointer dereference. The IT application is opened by a user and then listens for a connection on port 4001. An attacker can deliver an attack once the application has been opened.

Vulnerable Configurations

Part	Description	Count
Application	Pixar Pixar Renderman 21.6	1

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

Talos

id	TALOS-2018-0524
last seen	2019-05-29
published	2018-06-14
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0524
title	Pixar Renderman IT Display Service 0x69 Command Denial-of-Service Vulnerability

References

https://talosintelligence.com/vulnerability_reports/TALOS-2018-0524