Description
NULL Pointer Dereference vulnerability in taurusxin ncmdump (‎src/utils‎ modules). This vulnerability is associated with program files cJSON.Cpp‎.

This issue affects ncmdump: before 1.4.0.
Published: 2026-03-24
Score: 5.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via Null Pointer Dereference
Action: Patch Now
AI Analysis

Impact

A null pointer dereference was found in the utilities of the open‑source ncmdump tool, specifically in the module that handles JSON parsing with cJSON.Cpp. When malformed or specially crafted input reaches this module, the program attempts to read through a null pointer, causing it to crash. The flaw can lead to a denial of service for users relying on ncmdump but does not provide any code execution or data exfiltration capability. The weakness is classified as CWE‑476.

Affected Systems

The vendor is taurusxin, and the affected product is the ncmdump utility. All releases of ncmdump prior to version 1.4.0 contain the vulnerable code path. The tool is often used by network analysts and automation scripts to decode packet capture data, so any deployment that routinely processes external data could be impacted.

Risk and Exploitability

The CVSS score is 5.2, indicating a moderate severity. No EPSS score is published and the vulnerability is not listed in the CISA KEV catalog, suggesting limited public exploitation data. An attacker would need to run the ncmdump binary and supply crafted input that triggers the unsafe JSON parsing; therefore the attack vector is local or requires the tool to process untrusted packets. While it cannot enable remote code execution, repeated crashes could disrupt automated workflows or deny service to users.

Generated by OpenCVE AI on March 24, 2026 at 05:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to ncmdump 1.4.0 or newer.
  • If an upgrade is not possible, ensure that untrusted or malformed packet data is not processed by the existing installation.
  • Keep monitoring the ncmdump GitHub repository for further patches or release notes.
  • Consider switching to an alternative packet decoding utility until the vulnerability is resolved.

Generated by OpenCVE AI on March 24, 2026 at 05:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Taurusxin
Taurusxin ncmdump
Vendors & Products Taurusxin
Taurusxin ncmdump

Tue, 24 Mar 2026 03:30:00 +0000

Type Values Removed Values Added
Description NULL Pointer Dereference vulnerability in taurusxin ncmdump (‎src/utils‎ modules). This vulnerability is associated with program files cJSON.Cpp‎. This issue affects ncmdump: before 1.4.0.
Title Null-Pointer Dereference Vulnerability in taurusxin/ncmdump
Weaknesses CWE-476
References
Metrics cvssV4_0

{'score': 5.2, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/S:N/AU:N/R:U/V:D/RE:L/U:Green'}

Subscriptions

Taurusxin Ncmdump
cve-icon MITRE

Status: PUBLISHED

Assigner: GovTech CSG

Published:

Updated: 2026-03-24T14:33:16.182Z

Reserved: 2026-03-24T03:24:40.510Z

Link: CVE-2026-4743

cve-icon Vulnrichment

Updated: 2026-03-24T14:33:12.513Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-24T04:17:31.497

Modified: 2026-03-24T15:53:48.067

Link: CVE-2026-4743

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T20:40:16Z

Weaknesses