Skip to main content

CWE-170

Improper Null Termination

36 CVEs Avg CVSS 7.0 MITRE
7
CRITICAL
14
HIGH
11
MEDIUM
4
LOW
6
POC
0
KEV

Monthly

CVE-2026-12386 LOW PATCH Monitor

Buffer overflow via improper null termination in Pardus Pen affects versions up to and including 4.1.5, with a fix available in 4.2.1. A local, low-privileged user who interacts with crafted input can trigger a CWE-170 null termination error causing out-of-bounds memory reads, resulting in limited confidentiality exposure and availability disruption. No public exploit code and no CISA KEV listing are associated with this CVE; the vulnerability was disclosed by TR-CERT (Turkey's national CERT) and carries a low CVSS base score of 3.9.

Buffer Overflow Pardus Pen
NVD VulDB
CVSS 3.1
3.9
EPSS
0.1%
CVE-2026-5067 CRITICAL Act Now

Remote code execution and denial of service in Zephyr RTOS HTTP server (versions 3.7.0 through 4.3.0) allow unauthenticated network attackers to corrupt stack memory by sending a crafted Sec-WebSocket-Key header during WebSocket upgrade. The flaw is a CWE-170 improper NUL-termination issue where a bounded copy fails to terminate the header buffer, causing strlen() and subsequent concatenation to read and write past stack bounds. No public exploit identified at time of analysis, but the CVSS 9.8 rating and trivially reachable attack surface make this a high-priority issue for any Zephyr deployment with CONFIG_HTTP_SERVER_WEBSOCKET enabled.

Denial Of Service Buffer Overflow RCE Zephyr
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-8721 CRITICAL Act Now

Silent password truncation in the Perl module Crypt::OpenSSL::PKCS12 versions up to and including 1.94 causes any password bytes at or after the first embedded NULL byte to be dropped without warning. The flaw stems from password parameters being declared as char* in PKCS12.xs, routing through Perl's default typemap to SvPV_nolen and discarding the Perl-known length before C strlen() truncates the buffer. The result is severe entropy loss for binary, KDF-derived, or HMAC-derived passwords used to protect PKCS12 keystores, with no public exploit identified at time of analysis.

OpenSSL Information Disclosure
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-34032 MEDIUM PATCH This Month

Improper null termination and out-of-bounds read vulnerability in Apache HTTP Server through version 2.4.66 allows remote unauthenticated attackers to trigger information disclosure with low complexity exploitation. The vulnerability has a CVSS score of 5.3 (medium) with network-accessible attack vector and no user interaction required, though technical impact is limited to confidentiality (partial information disclosure). Vendor-released patch: version 2.4.67 addresses the issue.

Red Hat Suse Apache Buffer Overflow Apache HTTP Server
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-40334 LOW Monitor

Missing null terminator in libgphoto2's ptp_unpack_Canon_FE() function allows out-of-bounds memory reads when processing Canon camera filenames. Versions up to 2.5.33 are vulnerable when a 13-byte filename without null termination is supplied, causing subsequent string operations to read beyond buffer boundaries. The vulnerability requires physical camera access and results in information disclosure or denial of service, not remote code execution.

Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
3.5
EPSS
0.0%
CVE-2026-2239 LOW PATCH Monitor

GIMP's PSD file parser crashes when processing specially crafted Photoshop documents due to improper null-termination in the fread_pascal_string function, allowing local authenticated users to trigger a denial of service. The vulnerability affects GIMP across Red Hat Enterprise Linux 7, 8, and 9, as well as multiple Debian and Ubuntu releases tracked by their respective security teams. While the CVSS score is low (2.8), the widespread distribution across major Linux vendors and confirmed advisory issuance from Red Hat, Debian, and SUSE indicates this merits coordinated patching despite limited exploitability constraints.

Buffer Overflow Denial Of Service Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 9
NVD
CVSS 3.1
2.8
EPSS
0.0%
CVE-2026-32837 MEDIUM PATCH This Month

Miniaudio versions 0.11.25 and earlier are vulnerable to a heap out-of-bounds read in the WAV BEXT metadata parser when processing specially crafted WAV files. An attacker can exploit improper null-termination handling in the coding history field to trigger memory access violations, causing application crashes or denial of service. No patch is currently available for affected Debian and Miniaudio distributions.

Buffer Overflow Denial Of Service Miniaudio
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-23749 LOW Monitor

Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of-bounds read due to improper null termination of a blockwise transfer path. blockwise_transfer_init() accepts a path whose length equals CONFIG_GOLIOTH_COAP_MAX_PATH_LEN and copies it using strncpy() without guaranteeing a trailing NUL byte, leaving ctx->path unterminated. A later strlen() on this bu...

Denial Of Service Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-66220 Go MEDIUM POC PATCH This Month

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy’s mTLS certificate matcher for match_typed_subject_alt_names may incorrectly treat certificates containing an embedded null byte (\0) inside an OTHERNAME SAN value as valid matches.

Information Disclosure Debian Envoy Red Hat
NVD GitHub
CVSS 3.1
5.0
EPSS
0.0%
CVE-2024-31197 HIGH This Week

Improper Null Termination vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libfluid Msg
NVD
CVSS 3.1
7.5
EPSS
0.3%
EPSS 0% CVSS 3.9
LOW PATCH Monitor

Buffer overflow via improper null termination in Pardus Pen affects versions up to and including 4.1.5, with a fix available in 4.2.1. A local, low-privileged user who interacts with crafted input can trigger a CWE-170 null termination error causing out-of-bounds memory reads, resulting in limited confidentiality exposure and availability disruption. No public exploit code and no CISA KEV listing are associated with this CVE; the vulnerability was disclosed by TR-CERT (Turkey's national CERT) and carries a low CVSS base score of 3.9.

Buffer Overflow Pardus Pen
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Remote code execution and denial of service in Zephyr RTOS HTTP server (versions 3.7.0 through 4.3.0) allow unauthenticated network attackers to corrupt stack memory by sending a crafted Sec-WebSocket-Key header during WebSocket upgrade. The flaw is a CWE-170 improper NUL-termination issue where a bounded copy fails to terminate the header buffer, causing strlen() and subsequent concatenation to read and write past stack bounds. No public exploit identified at time of analysis, but the CVSS 9.8 rating and trivially reachable attack surface make this a high-priority issue for any Zephyr deployment with CONFIG_HTTP_SERVER_WEBSOCKET enabled.

Denial Of Service Buffer Overflow RCE +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Silent password truncation in the Perl module Crypt::OpenSSL::PKCS12 versions up to and including 1.94 causes any password bytes at or after the first embedded NULL byte to be dropped without warning. The flaw stems from password parameters being declared as char* in PKCS12.xs, routing through Perl's default typemap to SvPV_nolen and discarding the Perl-known length before C strlen() truncates the buffer. The result is severe entropy loss for binary, KDF-derived, or HMAC-derived passwords used to protect PKCS12 keystores, with no public exploit identified at time of analysis.

OpenSSL Information Disclosure
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Improper null termination and out-of-bounds read vulnerability in Apache HTTP Server through version 2.4.66 allows remote unauthenticated attackers to trigger information disclosure with low complexity exploitation. The vulnerability has a CVSS score of 5.3 (medium) with network-accessible attack vector and no user interaction required, though technical impact is limited to confidentiality (partial information disclosure). Vendor-released patch: version 2.4.67 addresses the issue.

Red Hat Suse Apache +2
NVD VulDB
EPSS 0% CVSS 3.5
LOW Monitor

Missing null terminator in libgphoto2's ptp_unpack_Canon_FE() function allows out-of-bounds memory reads when processing Canon camera filenames. Versions up to 2.5.33 are vulnerable when a 13-byte filename without null termination is supplied, causing subsequent string operations to read beyond buffer boundaries. The vulnerability requires physical camera access and results in information disclosure or denial of service, not remote code execution.

Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 2.8
LOW PATCH Monitor

GIMP's PSD file parser crashes when processing specially crafted Photoshop documents due to improper null-termination in the fread_pascal_string function, allowing local authenticated users to trigger a denial of service. The vulnerability affects GIMP across Red Hat Enterprise Linux 7, 8, and 9, as well as multiple Debian and Ubuntu releases tracked by their respective security teams. While the CVSS score is low (2.8), the widespread distribution across major Linux vendors and confirmed advisory issuance from Red Hat, Debian, and SUSE indicates this merits coordinated patching despite limited exploitability constraints.

Buffer Overflow Denial Of Service Red Hat Enterprise Linux 7 +2
NVD
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Miniaudio versions 0.11.25 and earlier are vulnerable to a heap out-of-bounds read in the WAV BEXT metadata parser when processing specially crafted WAV files. An attacker can exploit improper null-termination handling in the coding history field to trigger memory access violations, causing application crashes or denial of service. No patch is currently available for affected Debian and Miniaudio distributions.

Buffer Overflow Denial Of Service Miniaudio
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of-bounds read due to improper null termination of a blockwise transfer path. blockwise_transfer_init() accepts a path whose length equals CONFIG_GOLIOTH_COAP_MAX_PATH_LEN and copies it using strncpy() without guaranteeing a trailing NUL byte, leaving ctx->path unterminated. A later strlen() on this bu...

Denial Of Service Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 5.0
MEDIUM POC PATCH This Month

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy’s mTLS certificate matcher for match_typed_subject_alt_names may incorrectly treat certificates containing an embedded null byte (\0) inside an OTHERNAME SAN value as valid matches.

Information Disclosure Debian Envoy +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Improper Null Termination vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libfluid Msg
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy