Vulnerabilities > CVE-2021-32285 - NULL Pointer Dereference vulnerability in Creolabs Gravity

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

creolabs

CWE-476

NVD

Published: 2021-09-20

Updated: 2021-10-02

Summary

An issue was discovered in gravity through 0.8.1. A NULL pointer dereference exists in the function list_iterator_next() located in gravity_core.c. It allows an attacker to cause Denial of Service.

Vulnerable Configurations

Part	Description	Count
Application	Creolabs Creolabs Gravity 0.2.8 Creolabs Gravity 0.3.0 Creolabs Gravity 0.3.5 Creolabs Gravity 0.3.6 Creolabs Gravity 0.3.7 Creolabs Gravity 0.3.8 Creolabs Gravity 0.4.0 Creolabs Gravity 0.4.1 Creolabs Gravity 0.4.2 Creolabs Gravity 0.4.3 Creolabs Gravity 0.4.4 Creolabs Gravity 0.4.5 Creolabs Gravity 0.4.7 Creolabs Gravity 0.4.8 Creolabs Gravity 0.4.9 Creolabs Gravity 0.5.0 Creolabs Gravity 0.5.1 Creolabs Gravity 0.5.4 Creolabs Gravity 0.5.5 Creolabs Gravity 0.5.6 Creolabs Gravity 0.5.8 Creolabs Gravity 0.5.9 Creolabs Gravity 0.6.0 Creolabs Gravity 0.6.1 Creolabs Gravity 0.6.3 Creolabs Gravity 0.6.4 Creolabs Gravity 0.6.5 Creolabs Gravity 0.6.6 Creolabs Gravity 0.6.7 Creolabs Gravity 0.6.9 Creolabs Gravity 0.7.0	31

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://github.com/marcobambini/gravity/issues/319