CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-26FX-C7CW-5JH4
Vulnerability from github – Published: 2023-05-31 00:31 – Updated: 2024-04-04 04:24A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.
{
"affected": [],
"aliases": [
"CVE-2023-2953"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-30T22:15:10Z",
"severity": "HIGH"
},
"details": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.",
"id": "GHSA-26fx-c7cw-5jh4",
"modified": "2024-04-04T04:24:03Z",
"published": "2023-05-31T00:31:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-2953"
},
{
"type": "WEB",
"url": "https://bugs.openldap.org/show_bug.cgi?id=9904"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230703-0005"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213843"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213844"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213845"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Jul/47"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Jul/48"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Jul/52"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-26HV-67M6-QJFF
Vulnerability from github – Published: 2025-07-07 03:30 – Updated: 2025-07-07 03:30Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.
{
"affected": [],
"aliases": [
"CVE-2025-53179"
],
"database_specific": {
"cwe_ids": [
"CWE-122",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-07T03:15:29Z",
"severity": "MODERATE"
},
"details": "Null pointer dereference vulnerability in the PDF preview module\nImpact: Successful exploitation of this vulnerability may affect function stability.",
"id": "GHSA-26hv-67m6-qjff",
"modified": "2025-07-07T03:30:23Z",
"published": "2025-07-07T03:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53179"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2025/7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-26PQ-6HF6-MH32
Vulnerability from github – Published: 2025-06-02 03:30 – Updated: 2025-06-02 18:30In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413200; Issue ID: MSV-3304.
{
"affected": [],
"aliases": [
"CVE-2025-20673"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-02T03:15:24Z",
"severity": "MODERATE"
},
"details": "In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413200; Issue ID: MSV-3304.",
"id": "GHSA-26pq-6hf6-mh32",
"modified": "2025-06-02T18:30:42Z",
"published": "2025-06-02T03:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20673"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/June-2025"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-26RG-MQ58-RXVM
Vulnerability from github – Published: 2022-05-24 17:36 – Updated: 2022-05-24 17:36An issue was discovered in Xen through 4.14.x. A bounds check common to most operation time functions specific to FIFO event channels depends on the CPU observing consistent state. While the producer side uses appropriately ordered writes, the consumer side isn't protected against re-ordered reads, and may hence end up de-referencing a NULL pointer. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. Only Arm systems may be vulnerable. Whether a system is vulnerable depends on the specific CPU. x86 systems are not vulnerable.
{
"affected": [],
"aliases": [
"CVE-2020-29571"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-15T17:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Xen through 4.14.x. A bounds check common to most operation time functions specific to FIFO event channels depends on the CPU observing consistent state. While the producer side uses appropriately ordered writes, the consumer side isn\u0027t protected against re-ordered reads, and may hence end up de-referencing a NULL pointer. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. Only Arm systems may be vulnerable. Whether a system is vulnerable depends on the specific CPU. x86 systems are not vulnerable.",
"id": "GHSA-26rg-mq58-rxvm",
"modified": "2022-05-24T17:36:34Z",
"published": "2022-05-24T17:36:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29571"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202107-30"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4812"
},
{
"type": "WEB",
"url": "https://xenbits.xenproject.org/xsa/advisory-359.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-26X4-V2C2-Q7RX
Vulnerability from github – Published: 2022-05-17 03:02 – Updated: 2022-05-17 03:02VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging a missing NULL pointer check.
{
"affected": [],
"aliases": [
"CVE-2016-10025"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-01-26T15:59:00Z",
"severity": "MODERATE"
},
"details": "VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging a missing NULL pointer check.",
"id": "GHSA-26x4-v2c2-q7rx",
"modified": "2022-05-17T03:02:39Z",
"published": "2022-05-17T03:02:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10025"
},
{
"type": "WEB",
"url": "https://support.citrix.com/article/CTX219378"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/95026"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1037518"
},
{
"type": "WEB",
"url": "http://xenbits.xen.org/xsa/advisory-203.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-273C-F2CX-C649
Vulnerability from github – Published: 2024-03-15 21:30 – Updated: 2025-02-27 03:33In the Linux kernel, the following vulnerability has been resolved:
efi/fdt: fix panic when no valid fdt found
setup_arch() would invoke efi_init()->efi_get_fdt_params(). If no valid fdt found then initial_boot_params will be null. So we should stop further fdt processing here. I encountered this issue on risc-v.
{
"affected": [],
"aliases": [
"CVE-2021-47134"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-15T21:15:07Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi/fdt: fix panic when no valid fdt found\n\nsetup_arch() would invoke efi_init()-\u003eefi_get_fdt_params(). If no\nvalid fdt found then initial_boot_params will be null. So we\nshould stop further fdt processing here. I encountered this\nissue on risc-v.",
"id": "GHSA-273c-f2cx-c649",
"modified": "2025-02-27T03:33:55Z",
"published": "2024-03-15T21:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47134"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5148066edbdc89c6fe5bc419c31a5c22e5f83bdb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/668a84c1bfb2b3fd5a10847825a854d63fac7baa"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8a7e8b4e5631a03ea2fee27957857a56612108ca"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-273P-M2CW-6833
Vulnerability from github – Published: 2026-01-22 18:41 – Updated: 2026-01-23 15:46Summary
Rekor’s cose v0.0.1 entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message. validate() returns nil (success) when message is empty, leaving sign1Msg uninitialized, and Canonicalize() later dereferences v.sign1Msg.Payload.
Impact
A malformed proposed entry of the cose/v0.0.1 type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error message and service still continues, so the availability impact of this is minimal.
Patches
Upgrade to v1.5.0
Workarounds
None
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.4.3"
},
"package": {
"ecosystem": "Go",
"name": "github.com/sigstore/rekor"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-23831"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": true,
"github_reviewed_at": "2026-01-22T18:41:23Z",
"nvd_published_at": "2026-01-22T22:16:19Z",
"severity": "MODERATE"
},
"details": "## Summary\n\nRekor\u2019s cose v0.0.1 entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty `spec.message`. `validate()` returns nil (success) when `message` is empty, leaving `sign1Msg` uninitialized, and `Canonicalize()` later dereferences `v.sign1Msg.Payload`.\n\n## Impact\n\nA malformed proposed entry of the `cose/v0.0.1` type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error message and service still continues, so the availability impact of this is minimal.\n\n## Patches\n\nUpgrade to v1.5.0\n\n## Workarounds\n\nNone",
"id": "GHSA-273p-m2cw-6833",
"modified": "2026-01-23T15:46:17Z",
"published": "2026-01-22T18:41:23Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/sigstore/rekor/security/advisories/GHSA-273p-m2cw-6833"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23831"
},
{
"type": "WEB",
"url": "https://github.com/sigstore/rekor/commit/39bae3d192bce48ef4ef2cbd1788fb5770fee8cd"
},
{
"type": "PACKAGE",
"url": "https://github.com/sigstore/rekor"
},
{
"type": "WEB",
"url": "https://github.com/sigstore/rekor/releases/tag/v1.5.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "Rekor\u0027s COSE v0.0.1 entry type nil pointer dereference in Canonicalize via empty Message"
}
GHSA-274J-J2JX-H7HF
Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-05-24 19:15An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function check_POLYLINE_handles() located in decode.c. It allows an attacker to cause Denial of Service.
{
"affected": [],
"aliases": [
"CVE-2021-39523"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-20T16:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function check_POLYLINE_handles() located in decode.c. It allows an attacker to cause Denial of Service.",
"id": "GHSA-274j-j2jx-h7hf",
"modified": "2022-05-24T19:15:10Z",
"published": "2022-05-24T19:15:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39523"
},
{
"type": "WEB",
"url": "https://github.com/LibreDWG/libredwg/issues/251"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-2767-G28H-69JV
Vulnerability from github – Published: 2025-01-21 12:30 – Updated: 2025-02-03 15:32In the Linux kernel, the following vulnerability has been resolved:
fgraph: Add READ_ONCE() when accessing fgraph_array[]
In __ftrace_return_to_handler(), a loop iterates over the fgraph_array[] elements, which are fgraph_ops. The loop checks if an element is a fgraph_stub to prevent using a fgraph_stub afterward.
However, if the compiler reloads fgraph_array[] after this check, it might race with an update to fgraph_array[] that introduces a fgraph_stub. This could result in the stub being processed, but the stub contains a null "func_hash" field, leading to a NULL pointer dereference.
To ensure that the gops compared against the fgraph_stub matches the gops processed later, add a READ_ONCE(). A similar patch appears in commit 63a8dfb ("function_graph: Add READ_ONCE() when accessing fgraph_array[]").
{
"affected": [],
"aliases": [
"CVE-2024-57934"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-21T12:15:27Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfgraph: Add READ_ONCE() when accessing fgraph_array[]\n\nIn __ftrace_return_to_handler(), a loop iterates over the fgraph_array[]\nelements, which are fgraph_ops. The loop checks if an element is a\nfgraph_stub to prevent using a fgraph_stub afterward.\n\nHowever, if the compiler reloads fgraph_array[] after this check, it might\nrace with an update to fgraph_array[] that introduces a fgraph_stub. This\ncould result in the stub being processed, but the stub contains a null\n\"func_hash\" field, leading to a NULL pointer dereference.\n\nTo ensure that the gops compared against the fgraph_stub matches the gops\nprocessed later, add a READ_ONCE(). A similar patch appears in commit\n63a8dfb (\"function_graph: Add READ_ONCE() when accessing fgraph_array[]\").",
"id": "GHSA-2767-g28h-69jv",
"modified": "2025-02-03T15:32:01Z",
"published": "2025-01-21T12:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57934"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b68b2a3fbacc7be720ef589d489bcacdd05c6d38"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d65474033740ded0a4fe9a097fce72328655b41d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2778-CFX6-G2XP
Vulnerability from github – Published: 2023-04-19 21:30 – Updated: 2024-04-04 03:35Avast and AVG Antivirus for Windows were susceptible to a NULL pointer dereference issue via RPC-interface. The issue was fixed with Avast and AVG Antivirus version 22.11
{
"affected": [],
"aliases": [
"CVE-2023-1587"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-19T19:15:07Z",
"severity": "MODERATE"
},
"details": "Avast and AVG Antivirus for Windows were susceptible to a NULL pointer dereference issue via RPC-interface. The issue was fixed with Avast and AVG Antivirus version 22.11",
"id": "GHSA-2778-cfx6-g2xp",
"modified": "2024-04-04T03:35:22Z",
"published": "2023-04-19T21:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1587"
},
{
"type": "WEB",
"url": "https://support.norton.com/sp/static/external/tools/security-advisories.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.