CWE-822(Untrusted Pointer Dereference)は各種脆弱性データベースや評価で用いられる弱点タイプを説明します。定義・背景・対応する CVE は以下の各セクションを参照してください。
The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.
| 種別 | 名称 | クラス | 普遍性 | OS / CPE |
|---|---|---|---|---|
| language | — | Memory-Unsafe | Undetermined | — |
| language | C | — | Undetermined | — |
| language | C++ | — | Undetermined | — |
これらの CVE は本データベースでこの弱点に対応付けられており、追跡と検索のために保持されています。
| CVE | 公開 | 概要 |
|---|---|---|
| CVE-2026-8835 | 2026-05-26 | IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to expose sensitive informati… |
| CVE-2025-62627 | 2026-05-13 | An untrusted pointer dereference in the ionic cloud driver for VMWare ESXi could allow an attacker with an unprivileged VM to read kernel memory or co-located guest VM memory, potentially resulting in… |
| CVE-2026-40369 | 2026-05-12 | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. |
| CVE-2026-40367 | 2026-05-12 | Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
| CVE-2026-20738 | 2026-05-12 | Untrusted pointer dereference for some Intel(R) QuickAssist Adapter 8960 software before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adver… |
| CVE-2025-47408 | 2026-05-04 | Memory corruption when another driver calls an IOCTL with invalid input/output buffer. |
| CVE-2025-47405 | 2026-05-04 | Memory corruption when processing camera sensor input/output control codes with invalid output buffers. |
| CVE-2026-33120 | 2026-04-14 | Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network. |
| CVE-2026-33114 | 2026-04-14 | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
| CVE-2026-32222 | 2026-04-14 | Untrusted pointer dereference in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. |
| CVE-2026-32077 | 2026-04-14 | Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally. |
| CVE-2026-27920 | 2026-04-14 | Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally. |
| CVE-2026-27919 | 2026-04-14 | Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally. |
| CVE-2026-26161 | 2026-04-14 | Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally. |
| CVE-2026-23670 | 2026-04-14 | Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally. |
| CVE-2026-26113 | 2026-03-10 | Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally. |
| CVE-2026-26112 | 2026-03-10 | Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| CVE-2021-26410 | 2026-02-10 | Improper syscall input validation in ASP (AMD Secure Processor) may force the kernel into reading syscall parameter values from its own memory space allowing an attacker to infer the contents of the k… |
| CVE-2026-21250 | 2026-02-10 | Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally. |
| CVE-2026-21232 | 2026-02-10 | Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally. |
| 日付 | 名称 | バージョン | 重要度 | コメント |
|---|---|---|---|---|
| 2011-03-29 | CWE Content Team | 1.12 | — | updated Description |
| 2011-06-01 | CWE Content Team | 1.13 | — | updated Common_Consequences |
| 2011-06-27 | CWE Content Team | 2.0 | — | updated Related_Attack_Patterns, Relationships |
| 2011-09-13 | CWE Content Team | 2.1 | — | updated Relationships, Taxonomy_Mappings |
| 2012-05-11 | CWE Content Team | 2.2 | — | updated Relationships |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Taxonomy_Mappings |
| 2019-06-20 | CWE Content Team | 3.3 | — | updated Related_Attack_Patterns |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated Relationships |
| 2020-08-20 | CWE Content Team | 4.2 | — | updated Relationships |
| 2020-12-10 | CWE Content Team | 4.3 | — | updated Relationships |
| 2022-04-28 | CWE Content Team | 4.7 | — | updated Research_Gaps |
| 2023-01-31 | CWE Content Team | 4.10 | — | updated Common_Consequences, Description |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2025-09-09 | CWE Content Team | 4.18 | — | updated Affected_Resources, Functional_Areas |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Applicable_Platforms, Detection_Factors, References, Time_of_Introduction, Weakness_Ordinalities |