Skip to main content

Ncmdump EUVDEUVD-2026-14700

| CVE-2026-4743 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-03-24 GovTech CSG GHSA-695c-rc34-8h4v
5.2
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.2 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
A
Scope
N

Lifecycle Timeline

4
EUVD ID Assigned
Mar 24, 2026 - 03:30 euvd
EUVD-2026-14700
Analysis Generated
Mar 24, 2026 - 03:30 vuln.today
Patch released
Mar 24, 2026 - 03:30 nvd
Patch available
CVE Published
Mar 24, 2026 - 03:25 nvd
MEDIUM 5.2

DescriptionCVE.org

NULL Pointer Dereference vulnerability in taurusxin ncmdump (‎src/utils‎ modules). This vulnerability is associated with program files cJSON.Cpp‎.

This issue affects ncmdump: before 1.4.0.

AnalysisAI

ncmdump versions before 1.4.0 contain a null pointer dereference vulnerability in the cJSON.cpp module that allows local attackers to cause a denial of service through application crash. An attacker with local access and user interaction can trigger this vulnerability to disable the affected ncmdump utility. A patch is available for affected users.

Technical ContextAI

The vulnerability is rooted in CWE-476 (Null Pointer Dereference), a memory safety defect where the application attempts to dereference a null pointer without proper validation. The affected component is cJSON.cpp, which is a JSON parsing library commonly used in C/C++ applications. The ncmdump utility, as identified via CPE cpe:2.3:a:taurusxin:ncmdump:*:*:*:*:*:*:*:*, is a command-line tool that likely processes JSON structures during its normal operation. When the cJSON library fails to properly initialize or validate pointer values before dereferencing them—particularly when handling malformed or unexpected JSON input—the null pointer dereference occurs in the src/utils modules, leading to an application crash.

RemediationAI

Upgrade taurusxin ncmdump to version 1.4.0 or later, which includes the patch available at https://github.com/taurusxin/ncmdump/pull/52. For organizations unable to immediately upgrade, implement input validation and sanitization checks prior to passing JSON data to ncmdump, and restrict network access to the application to trusted sources only. If ncmdump processes files from external sources, enforce file type validation and consider running the application in a sandboxed environment with resource limits to minimize the impact of a denial of service condition.

Share

EUVD-2026-14700 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy