Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
4DescriptionCVE.org
In Alinto SOPE SOGo 2.0.2 through 5.12.2, sope-core/NGExtensions/NGHashMap.m allows a NULL pointer dereference and SOGo crash via a request in which a parameter in the query string is a duplicate of a parameter in the POST body.
Analysis
In Alinto SOPE SOGo 2.0.2 through 5.12.2, sope-core/NGExtensions/NGHashMap.m allows a NULL pointer dereference and SOGo crash via a request in which a parameter in the query string is a duplicate of a parameter in the POST body.
Technical ContextAI
A NULL pointer dereference occurs when the application attempts to use a pointer that has not been initialized or has been set to NULL.
RemediationAI
Add NULL checks before pointer dereference operations. Use static analysis to identify potential NULL pointer issues. Enable compiler warnings.
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Null Pointer Dereference
View allVendor StatusVendor
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| xenial | needs-triage | - |
| bionic | needs-triage | - |
| focal | needs-triage | - |
| jammy | needs-triage | - |
| noble | DNE | - |
| upstream | needs-triage | - |
| oracular | ignored | end of life, was needs-triage |
| plucky | ignored | end of life, was needs-triage |
| questing | needs-triage | - |
Debian
Bug #1108798| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | fixed | 5.0.1-2+deb11u1 | - |
| bullseye (security) | fixed | 5.0.1-2+deb11u1 | - |
| bookworm, bookworm (security) | fixed | 5.8.0-1+deb12u1 | - |
| trixie | fixed | 5.12.1-2 | - |
| forky, sid | fixed | 5.12.4-1 | - |
| bookworm | fixed | 5.8.0-1+deb12u1 | - |
| (unstable) | fixed | 5.12.1-2 | - |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-20097