CWE-822(Untrusted Pointer Dereference)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。
The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.
| 類型 | 名稱 | 類 | 普遍性 | OS / CPE |
|---|---|---|---|---|
| language | — | Memory-Unsafe | Undetermined | — |
| language | C | — | Undetermined | — |
| language | C++ | — | Undetermined | — |
下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。
| CVE | 公開時間 | 摘要 |
|---|---|---|
| CVE-2026-15029 | 2026-07-14 | Untrusted Pointer Dereference in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to perform arbitrary physical memory read and w… |
| CVE-2026-48340 | 2026-07-14 | Bridge is affected by an Untrusted Pointer Dereference vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interact… |
| CVE-2026-55138 | 2026-07-14 | Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. |
| CVE-2026-55136 | 2026-07-14 | Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| CVE-2026-50479 | 2026-07-14 | Untrusted pointer dereference in Windows USB Hub Driver allows an authorized attacker to elevate privileges locally. |
| CVE-2026-50441 | 2026-07-14 | Untrusted pointer dereference in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally. |
| CVE-2026-50424 | 2026-07-14 | Untrusted pointer dereference in Windows Domain Controller allows an unauthorized attacker to deny service over a network. |
| CVE-2026-50382 | 2026-07-14 | Untrusted pointer dereference in Windows DirectX allows an authorized attacker to execute code locally. |
| CVE-2026-50367 | 2026-07-14 | Incorrect access of indexable resource ('range error') in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally. |
| CVE-2026-48580 | 2026-07-14 | Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. |
| CVE-2026-58596 | 2026-07-12 | Untrusted pointer dereference in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network. |
| CVE-2026-48137 | 2026-06-19 | There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, potentially resulting in remot… |
| CVE-2026-45645 | 2026-06-09 | Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally. |
| CVE-2026-45643 | 2026-06-09 | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
| CVE-2026-45471 | 2026-06-09 | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
| CVE-2026-44805 | 2026-06-09 | Use after free in Windows Network Controller (NC) Host Agent allows an authorized attacker to deny service locally. |
| CVE-2026-8835 | 2026-05-26 | IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to expose sensitive informati… |
| CVE-2025-62627 | 2026-05-13 | An untrusted pointer dereference in the ionic cloud driver for VMWare ESXi could allow an attacker with an unprivileged VM to read kernel memory or co-located guest VM memory, potentially resulting in… |
| CVE-2026-40369 | 2026-05-12 | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. |
| CVE-2026-40367 | 2026-05-12 | Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
| 日期 | 名稱 | 版本 | 重要性 | 評論 |
|---|---|---|---|---|
| 2011-03-29 | CWE Content Team | 1.12 | — | updated Description |
| 2011-06-01 | CWE Content Team | 1.13 | — | updated Common_Consequences |
| 2011-06-27 | CWE Content Team | 2.0 | — | updated Related_Attack_Patterns, Relationships |
| 2011-09-13 | CWE Content Team | 2.1 | — | updated Relationships, Taxonomy_Mappings |
| 2012-05-11 | CWE Content Team | 2.2 | — | updated Relationships |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Taxonomy_Mappings |
| 2019-06-20 | CWE Content Team | 3.3 | — | updated Related_Attack_Patterns |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated Relationships |
| 2020-08-20 | CWE Content Team | 4.2 | — | updated Relationships |
| 2020-12-10 | CWE Content Team | 4.3 | — | updated Relationships |
| 2022-04-28 | CWE Content Team | 4.7 | — | updated Research_Gaps |
| 2023-01-31 | CWE Content Team | 4.10 | — | updated Common_Consequences, Description |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2025-09-09 | CWE Content Team | 4.18 | — | updated Affected_Resources, Functional_Areas |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Applicable_Platforms, Detection_Factors, References, Time_of_Introduction, Weakness_Ordinalities |