CVE-2026-1990
Null Pointer Dereference in oatpp ObjectWrapper Function
Publication date: 2026-02-06
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oatpp | oatpp | to 1.3.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-1990 is a null pointer dereference vulnerability in the oatpp library, specifically affecting the copy constructor of the template class oatpp::data::type::ObjectWrapper when copying an oatpp::String object.
The vulnerability occurs because the source oatpp::String object being copied is in an invalid or corrupted state, possibly due to malformed JSON input or a null pointer cast. This causes the std::shared_ptr mechanism inside ObjectWrapper to attempt to increment the reference count of a NULL control block pointer, leading to a segmentation fault (crash) due to a read memory access violation.
Exploitation requires local access and involves triggering the fault by providing corrupted input that causes the invalid state in the oatpp::String object.
How can this vulnerability impact me? :
This vulnerability can cause the affected application to crash or exit unexpectedly due to a segmentation fault caused by a null pointer dereference.
The impact is primarily on availability, as the application becomes unavailable when the fault is triggered.
Since exploitation requires local access, remote attackers cannot exploit this vulnerability directly, but local users or processes with access could trigger the crash.
No patches or mitigations are currently available, and the maintainers have not responded to the issue, so affected users are advised to consider replacing oatpp with an alternative.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability manifests as a segmentation fault caused by a NULL pointer dereference in the oatpp library when copying an invalid or corrupted oatpp::String object. Detection involves monitoring for application crashes or segmentation faults related to the oatpp::data::type::ObjectWrapper copy constructor.'}, {'type': 'paragraph', 'content': 'One way to detect the issue is to run the application with AddressSanitizer (ASAN) enabled, which can catch the NULL pointer dereference and provide detailed reports including stack traces pointing to src/oatpp/data/type/Type.hpp line 172.'}, {'type': 'paragraph', 'content': 'A practical detection method is to reproduce the fault by feeding malformed JSON input that corrupts the oatpp::String object, such as the proof-of-concept JSON: {"title":"Test","tags":["a","b"],"children":[null{"name":"child1","id":1}]}'}, {'type': 'paragraph', 'content': 'Suggested commands include running the oatpp application or test harness with ASAN enabled and providing the malformed JSON input to trigger and observe the segmentation fault.'}] [1, 4]
What immediate steps should I take to mitigate this vulnerability?
Currently, there are no patches or official mitigations available for this vulnerability as the oatpp project has not responded to the issue report.
Immediate mitigation steps include restricting local access to the affected systems since the attack requires local access.
Consider avoiding processing untrusted or malformed JSON inputs that could corrupt oatpp::String objects.
As a longer-term mitigation, it is suggested to consider replacing oatpp with an alternative library or framework that does not have this vulnerability.