CWE-822 · Untrusted Pointer Dereference

Scaner-VSvulnerability catalog · v4.2

Home Catalog Sources CWE CAPEC ATT&CK Mitigations Products Vendors Docs

← Back to List

CWE-822BaseIncomplete

Abstraction: Base

Status: Incomplete

Untrusted Pointer Dereference

The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.

Open in catalog with CWE filter →

Related CAPECs

Pointer Manipulation

Related vulnerabilities

CVE-2025-50165Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.

CVE-2023-43518Memory corruption in video while parsing invalid mp2 clip.

CVE-2023-1437All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute commands and overwrite files.

CVE-2018-7497In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities have been identified, which may allow an attacker to execute arbitrary code.

CVE-2018-17893LAquis SCADA Versions 4.1.0.3870 and prior has an untrusted pointer dereference vulnerability, which may allow remote code execution.

CVE-2018-14811Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution.

CVE-2018-12548In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public jdk.crypto.jniprovider.NativeCrypto class contains public static natives which accept pointer values that are dereferenced in the native code.

CVE-2026-33120Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.

CVE-2025-62549Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

CVE-2025-27060Memory corruption while performing SCM call with malformed inputs.

CVE-2024-43624Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability

CVE-2024-38104Windows Fax Service Remote Code Execution Vulnerability

CVE-2024-37340Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

CVE-2024-37339Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

CVE-2024-36461Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine.