Skip to main content

CWE-626

Null Byte Interaction Error (Poison Null Byte)

3 CVEs Avg CVSS 8.0 MITRE
2
CRITICAL
0
HIGH
1
MEDIUM
0
LOW
0
POC
0
KEV

Monthly

CVE-2026-42010 CRITICAL PATCH Act Now

Authentication bypass in GnuTLS affects servers that enable the RSA-PSK key exchange, where the PSK identity comparison treats a username containing an embedded NUL byte as equal to a legitimate truncated username. Remote attackers can send a crafted username to circumvent pre-shared-key authentication and gain unauthorized access. There is no public exploit identified at time of analysis, the EPSS probability is low (0.15%), and CISA SSVC scores exploitation as none - indicating high theoretical severity but no observed real-world abuse.

Authentication Bypass Gnutls Hardened Images Openshift Container Platform Enterprise Linux
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2020-10773 MEDIUM PATCH This Month

A stack information leak flaw was found in s390/s390x in the Linux kernel’s memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2019-11936 CRITICAL PATCH Act Now

Various APC functions accept keys containing null bytes as input, leading to premature truncation of input.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Hhvm
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Authentication bypass in GnuTLS affects servers that enable the RSA-PSK key exchange, where the PSK identity comparison treats a username containing an embedded NUL byte as equal to a legitimate truncated username. Remote attackers can send a crafted username to circumvent pre-shared-key authentication and gain unauthorized access. There is no public exploit identified at time of analysis, the EPSS probability is low (0.15%), and CISA SSVC scores exploitation as none - indicating high theoretical severity but no observed real-world abuse.

Authentication Bypass Gnutls Hardened Images +2
NVD VulDB
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

A stack information leak flaw was found in s390/s390x in the Linux kernel’s memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Various APC functions accept keys containing null bytes as input, leading to premature truncation of input.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Hhvm
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy