Skip to content

Possible vulnerability in C extensions: missing arguments and redundant null pointers

Low
alexlancaster published GHSA-p4m5-32pr-2hqr Feb 25, 2024

Package

pip pypop-genomics (pip)

Affected versions

<1.0.2

Patched versions

1.0.2

Description

Impact

Code scanning revealed possible vulnerability in C extensions for PyPop: incorrect function calls (missing arguments or wrongly typed arguments) and redundant null pointers.

Patches

The problem has been patched and fixed in the latest release of PyPop: 1.0.2. Please upgrade your PyPop installation via:

pip install -U pypop-genomics

Workarounds

No. Upgrade to the latest package: 1.0.2.

References

N/A

Severity

Low

CVE ID

No known CVE

Weaknesses

Failure to Handle Missing Parameter

If too few arguments are sent to a function, the function will still pop the expected number of arguments from the stack. Potentially, a variable number of arguments could be exhausted in a function as well. Learn more on MITRE.

NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. Learn more on MITRE.

Function Call With Incorrect Argument Type

The product calls a function, procedure, or routine, but the caller specifies an argument that is the wrong data type, which may lead to resultant weaknesses. Learn more on MITRE.