CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-29RG-H6C8-H6XH
Vulnerability from github – Published: 2022-05-13 01:24 – Updated: 2022-05-13 01:24browser/worker_host/message_port_dispatcher.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle certain postMessage calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code that creates a web worker.
{
"affected": [],
"aliases": [
"CVE-2010-4576"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-12-22T01:00:00Z",
"severity": "MODERATE"
},
"details": "browser/worker_host/message_port_dispatcher.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle certain postMessage calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code that creates a web worker.",
"id": "GHSA-29rg-h6c8-h6xh",
"modified": "2022-05-13T01:24:59Z",
"published": "2022-05-13T01:24:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4576"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14161"
},
{
"type": "WEB",
"url": "http://code.google.com/p/chromium/issues/detail?id=63529"
},
{
"type": "WEB",
"url": "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/42648"
},
{
"type": "WEB",
"url": "http://src.chromium.org/viewvc/chrome?view=rev\u0026revision=66620"
},
{
"type": "WEB",
"url": "http://www.gentoo.org/security/en/glsa/glsa-201012-01.xml"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/45390"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-29WP-Q2R7-4JQV
Vulnerability from github – Published: 2022-05-13 01:11 – Updated: 2025-04-20 03:40JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.
{
"affected": [],
"aliases": [
"CVE-2017-1000050"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-17T13:18:00Z",
"severity": "HIGH"
},
"details": "JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.",
"id": "GHSA-29wp-q2r7-4jqv",
"modified": "2025-04-20T03:40:45Z",
"published": "2022-05-13T01:11:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000050"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3253"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201908-03"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3693-1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2017/03/06/1"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/96595"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-29X9-4344-PX4H
Vulnerability from github – Published: 2025-09-05 18:31 – Updated: 2026-05-12 15:31In the Linux kernel, the following vulnerability has been resolved:
media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb()
In dib7090p_rw_on_apb, msg is controlled by user. When msg[0].buf is null and msg[0].len is zero, former checks on msg[0].buf would be passed. If accessing msg[0].buf[2] without sanity check, null pointer deref would happen. We add check on msg[0].len to prevent crash. Similar issue occurs when access msg[1].buf[0] and msg[1].buf[1].
Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()")
{
"affected": [],
"aliases": [
"CVE-2025-38694"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-04T16:15:37Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb()\n\nIn dib7090p_rw_on_apb, msg is controlled by user. When msg[0].buf is null and\nmsg[0].len is zero, former checks on msg[0].buf would be passed. If accessing\nmsg[0].buf[2] without sanity check, null pointer deref would happen. We add\ncheck on msg[0].len to prevent crash. Similar issue occurs when access\nmsg[1].buf[0] and msg[1].buf[1].\n\nSimilar commit: commit 0ed554fd769a (\"media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()\")",
"id": "GHSA-29x9-4344-px4h",
"modified": "2026-05-12T15:31:00Z",
"published": "2025-09-05T18:31:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38694"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/09906650484a09b3a4d4b3d3065395856810becd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0bb32863426afe0badac25c28d59021f211d0f48"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/19eb5d8e6aa1169d368a4d69aae5572950deb89d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/529fd5593b721e6f4370c591f5086649ed149ff6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a0f744d6cdde81d7382e183f77a4080a39b206cd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bc07cae4f36bb18d5b6a9ed835c1278ca44ec82e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c33280d6bd668dbdc5a5f07887cc63a52ab4789c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ce5cac69b2edac3e3246fee03e8f4c2a1075238b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ce8b7c711b9c4f040b5419729d0972db8e374324"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-29XX-HCV2-C4CP
Vulnerability from github – Published: 2023-02-08 22:23 – Updated: 2025-11-04 22:09An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.
The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in OpenSSL does not call this function however third party applications might call these functions on untrusted data.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "openssl-src"
},
"ranges": [
{
"events": [
{
"introduced": "300.0.0"
},
{
"fixed": "300.0.12"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-0216"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": true,
"github_reviewed_at": "2023-02-08T22:23:39Z",
"nvd_published_at": "2023-02-08T20:15:00Z",
"severity": "HIGH"
},
"details": "An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the `d2i_PKCS7()`, `d2i_PKCS7_bio()` or `d2i_PKCS7_fp()` functions.\n\nThe result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in OpenSSL does not call this function however third party applications might call these functions on untrusted data.",
"id": "GHSA-29xx-hcv2-c4cp",
"modified": "2025-11-04T22:09:03Z",
"published": "2023-02-08T22:23:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0216"
},
{
"type": "WEB",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6"
},
{
"type": "WEB",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2023-0011.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202402-08"
},
{
"type": "WEB",
"url": "https://www.openssl.org/news/secadv/20230207.txt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "openssl-src subject to Invalid pointer dereference in `d2i_PKCS7` functions"
}
GHSA-2C46-3V56-P8MQ
Vulnerability from github – Published: 2022-05-13 01:24 – Updated: 2022-05-13 01:24The raw_release function in net/can/raw.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation.
{
"affected": [],
"aliases": [
"CVE-2011-1748"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-05-09T22:55:00Z",
"severity": "MODERATE"
},
"details": "The raw_release function in net/can/raw.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation.",
"id": "GHSA-2c46-3v56-p8mq",
"modified": "2022-05-13T01:24:48Z",
"published": "2022-05-13T01:24:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1748"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=698057"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=10022a6c66e199d8f61d9044543f38785713cbbd"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=10022a6c66e199d8f61d9044543f38785713cbbd"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2011/04/20/7"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2011/04/21/1"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2011/04/21/2"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2011/04/21/7"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2011/04/22/2"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2011/04/25/4"
},
{
"type": "WEB",
"url": "http://permalink.gmane.org/gmane.linux.network/192974"
},
{
"type": "WEB",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.39-rc6"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/47835"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-2C4F-VGWR-82Q6
Vulnerability from github – Published: 2023-07-21 21:30 – Updated: 2024-04-04 06:18A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was not being checked for failure. This will likely crash the authenticated user's sftp server connection (if implemented as forking as recommended). For thread-based servers, this might also cause DoS for legitimate users.
Given this code is not in any released versions, no security releases have been issued.
{
"affected": [],
"aliases": [
"CVE-2023-3603"
],
"database_specific": {
"cwe_ids": [
"CWE-476",
"CWE-770"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-21T20:15:16Z",
"severity": "MODERATE"
},
"details": "A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was not being checked for failure. This will likely crash the authenticated user\u0027s sftp server connection (if implemented as forking as recommended). For thread-based servers, this might also cause DoS for legitimate users.\n\nGiven this code is not in any released versions, no security releases have been issued.",
"id": "GHSA-2c4f-vgwr-82q6",
"modified": "2024-04-04T06:18:44Z",
"published": "2023-07-21T21:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3603"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-3603"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221791"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-2C7P-HJRR-CXQ7
Vulnerability from github – Published: 2022-05-13 01:26 – Updated: 2025-04-20 03:37The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive.
{
"affected": [],
"aliases": [
"CVE-2017-8847"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-05-08T14:29:00Z",
"severity": "MODERATE"
},
"details": "The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive.",
"id": "GHSA-2c7p-hjrr-cxq7",
"modified": "2025-04-20T03:37:20Z",
"published": "2022-05-13T01:26:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8847"
},
{
"type": "WEB",
"url": "https://github.com/ckolivas/lrzip/issues/67"
},
{
"type": "WEB",
"url": "https://blogs.gentoo.org/ago/2017/05/07/lrzip-null-pointer-dereference-in-bufreadget-libzpaq-h"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202005-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2C7R-JXV5-347C
Vulnerability from github – Published: 2025-05-09 09:33 – Updated: 2025-11-12 21:31In the Linux kernel, the following vulnerability has been resolved:
s390/sclp: Add check for get_zeroed_page()
Add check for the return value of get_zeroed_page() in sclp_console_init() to prevent null pointer dereference. Furthermore, to solve the memory leak caused by the loop allocation, add a free helper to do the free job.
{
"affected": [],
"aliases": [
"CVE-2025-37883"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-09T07:16:09Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/sclp: Add check for get_zeroed_page()\n\nAdd check for the return value of get_zeroed_page() in\nsclp_console_init() to prevent null pointer dereference.\nFurthermore, to solve the memory leak caused by the loop\nallocation, add a free helper to do the free job.",
"id": "GHSA-2c7r-jxv5-347c",
"modified": "2025-11-12T21:31:03Z",
"published": "2025-05-09T09:33:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37883"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/28e5a867aa542e369e211c2baba7044228809a99"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/397254706eba9d8f99fd237feede7ab3169a7f9a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3b3aa72636a6205933609ec274a8747720c1ee3f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3db42c75a921854a99db0a2775814fef97415bac"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e1e00dc45648125ef7cb87ebc3b581ac224e7b39"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f69f8a93aacf6e99af7b1cc992d8ca2cc07b96fb"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2C9Q-JGX6-2QX7
Vulnerability from github – Published: 2024-04-23 09:30 – Updated: 2024-07-03 18:36QuickJS before c4cdd61 has a build_for_in_iterator NULL pointer dereference because of an erroneous lexical scope of "this" with eval.
{
"affected": [],
"aliases": [
"CVE-2023-48183"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-23T07:15:42Z",
"severity": "HIGH"
},
"details": "QuickJS before c4cdd61 has a build_for_in_iterator NULL pointer dereference because of an erroneous lexical scope of \"this\" with eval.",
"id": "GHSA-2c9q-jgx6-2qx7",
"modified": "2024-07-03T18:36:36Z",
"published": "2024-04-23T09:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48183"
},
{
"type": "WEB",
"url": "https://github.com/bellard/quickjs/issues/192"
},
{
"type": "WEB",
"url": "https://github.com/bellard/quickjs/commit/c4cdd61a3ed284cd760faf6b00bbf0cb908da077"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2CFF-2PFQ-X5V9
Vulnerability from github – Published: 2022-05-14 01:20 – Updated: 2022-05-14 01:20poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation fault) when parsing an invalid PDF file.
{
"affected": [],
"aliases": [
"CVE-2017-9083"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-05-19T16:29:00Z",
"severity": "MODERATE"
},
"details": "poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation fault) when parsing an invalid PDF file.",
"id": "GHSA-2cff-2pfq-x5v9",
"modified": "2022-05-14T01:20:24Z",
"published": "2022-05-14T01:20:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9083"
},
{
"type": "WEB",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=101084"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201801-17"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.