VDB
GCVE-110-NCSC-2025-382
GCVE-110-NCSC-2025-382
Advisory PublishedCVSS 5.3/10
A NULL pointer dereference vulnerability in SQLite 3.31.1 can cause out-of-memory errors during INTERSECT query processing, potentially leading to Denial of Service attacks in affected NetApp products.
Weaknesses (CWE)
CWE-271Privilege Dropping / Lowering ErrorsCWE-20Improper Input ValidationCWE-400Uncontrolled Resource ConsumptionCWE-358Improperly Implemented Security Check for StandardCWE-787Out-of-bounds WriteCWE-126Buffer Over-readCWE-476NULL Pointer DereferenceCWE-327Use of a Broken or Risky Cryptographic AlgorithmCWE-770Allocation of Resources Without Limits or ThrottlingCWE-835Loop with Unreachable Exit Condition ('Infinite Loop')CWE-863Incorrect AuthorizationCWE-203Observable DiscrepancyCWE-416Use After FreeCWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-862Missing AuthorizationCWE-909Missing Initialization of ResourceCWE-200Exposure of Sensitive Information to an Unauthorized ActorCWE-212Improper Removal of Sensitive Information Before Storage or TransferCWE-681Incorrect Conversion between Numeric TypesCWE-667Improper LockingCWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')CWE-763Release of Invalid Pointer or ReferenceCWE-129Improper Validation of Array IndexCWE-415Double FreeCWE-141Improper Neutralization of Parameter/Argument DelimitersCWE-319Cleartext Transmission of Sensitive InformationCWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-294Authentication Bypass by Capture-replayCWE-306Missing Authentication for Critical FunctionCWE-287Improper AuthenticationCWE-276Incorrect Default PermissionsCWE-347Improper Verification of Cryptographic SignatureCWE-311Missing Encryption of Sensitive DataCWE-125Out-of-bounds ReadCWE-384Session FixationCWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')CWE-414Missing Lock CheckCWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')CWE-303Incorrect Implementation of Authentication AlgorithmCWE-440Expected Behavior ViolationCWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')CWE-121Stack-based Buffer OverflowCWE-352Cross-Site Request Forgery (CSRF)CWE-732Incorrect Permission Assignment for Critical ResourceCWE-201Insertion of Sensitive Information Into Sent DataCWE-1333Inefficient Regular Expression ComplexityCWE-502Deserialization of Untrusted DataCWE-1287Improper Validation of Specified Type of InputCWE-407Inefficient Algorithmic ComplexityCWE-268Privilege ChainingCWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')CWE-754Improper Check for Unusual or Exceptional ConditionsCWE-340Generation of Predictable Numbers or IdentifiersCWE-295Improper Certificate ValidationCWE-204Observable Response DiscrepancyCWE-940Improper Verification of Source of a Communication ChannelCWE-285Improper AuthorizationCWE-798Use of Hard-coded CredentialsCWE-284Improper Access ControlCWE-288Authentication Bypass Using an Alternate Path or ChannelCWE-122Heap-based Buffer Overflow
Risk Scores
CVSS 3.0
5.3/10
Medium · CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Siemens | vers:unknown/* | — | — |
Aliases
CVE-2018-1000876CVE-2018-12934CVE-2018-7169CVE-2018-9234CVE-2019-12900CVE-2019-14866CVE-2019-9893CVE-2020-12762CVE-2020-21047CVE-2020-22217CVE-2020-35525CVE-2021-35550CVE-2021-35556CVE-2021-35559CVE-2021-35561CVE-2021-35564CVE-2021-35565CVE-2021-35567CVE-2021-35578CVE-2021-35586CVE-2021-35588CVE-2021-35603CVE-2021-36084CVE-2021-36085CVE-2021-36086CVE-2021-36087CVE-2021-38185CVE-2021-47358CVE-2021-47361CVE-2022-0435CVE-2022-0492CVE-2022-0847CVE-2022-0850CVE-2022-1353CVE-2022-1734CVE-2022-20141CVE-2022-23039CVE-2022-23040CVE-2022-24958CVE-2022-2639CVE-2022-27223CVE-2022-28390CVE-2022-2964CVE-2022-29872CVE-2022-29873CVE-2022-29874CVE-2022-29876CVE-2022-29878CVE-2022-29879CVE-2022-29880CVE-2022-29881CVE-2022-29882CVE-2022-29883CVE-2022-30594CVE-2022-31807CVE-2022-3424CVE-2022-34903CVE-2022-36123CVE-2022-37032CVE-2022-37434CVE-2022-40226CVE-2022-41665CVE-2022-41858CVE-2022-43439CVE-2022-48624CVE-2022-48626CVE-2022-48919CVE-2022-48926CVE-2022-48948CVE-2022-48951CVE-2022-48960CVE-2022-48962CVE-2022-48966CVE-2022-48967CVE-2022-49058CVE-2023-27043CVE-2023-28322CVE-2023-29383CVE-2023-29491CVE-2023-30901CVE-2023-31238CVE-2023-41358CVE-2023-46218CVE-2023-4641CVE-2023-46753CVE-2023-47234CVE-2024-0397CVE-2024-11053CVE-2024-11168CVE-2024-12133CVE-2024-12243CVE-2024-28085CVE-2024-32487CVE-2024-47875CVE-2024-50602CVE-2024-52533CVE-2024-5642CVE-2024-56835CVE-2024-56836CVE-2024-56837CVE-2024-56838CVE-2024-56839CVE-2024-56840CVE-2024-6232CVE-2024-6923CVE-2024-7592CVE-2025-0938CVE-2025-10148CVE-2025-2783CVE-2025-40800CVE-2025-40801CVE-2025-40806CVE-2025-40807CVE-2025-40818CVE-2025-40819CVE-2025-40820CVE-2025-40830CVE-2025-40831CVE-2025-40935CVE-2025-40938CVE-2025-40939CVE-2025-40940CVE-2025-40941CVE-2025-59392
References
Browse GCVE Records
73,280 records in the GCVE database · Updated July 17, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.