Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-HCH6-HFVX-H3MW

Vulnerability from github – Published: 2024-12-24 06:30 – Updated: 2024-12-24 06:30
VLAI
Details

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the

NVR

. An attacker enters a special value for a specific URL parameter, resulting in a NULL pointer reference and a reboot of the NVR. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-41883"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-24T06:15:33Z",
    "severity": "MODERATE"
  },
  "details": "Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the \n\nNVR\n\n.\u00a0An attacker enters a special value for a specific URL parameter, resulting in a NULL pointer reference and a reboot of the NVR.\u00a0The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.",
  "id": "GHSA-hch6-hfvx-h3mw",
  "modified": "2024-12-24T06:30:43Z",
  "published": "2024-12-24T06:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41883"
    },
    {
      "type": "WEB",
      "url": "https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-HCHJ-593H-JX3R

Vulnerability from github – Published: 2024-05-17 15:31 – Updated: 2025-09-19 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

efi: fix panic in kdump kernel

Check if get_next_variable() is actually valid pointer before calling it. In kdump kernel this method is set to NULL that causes panic during the kexec-ed kernel boot.

Tested with QEMU and OVMF firmware.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-35800"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-17T14:15:12Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi: fix panic in kdump kernel\n\nCheck if get_next_variable() is actually valid pointer before\ncalling it. In kdump kernel this method is set to NULL that causes\npanic during the kexec-ed kernel boot.\n\nTested with QEMU and OVMF firmware.",
  "id": "GHSA-hchj-593h-jx3r",
  "modified": "2025-09-19T18:31:16Z",
  "published": "2024-05-17T15:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35800"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/090d2b4515ade379cd592fbc8931344945978210"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/62b71cd73d41ddac6b1760402bbe8c4932e23531"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7784135f134c13af17d9ffb39a57db8500bc60ff"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9114ba9987506bcfbb454f6e68558d68cb1abbde"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b9d103aca85f082a343b222493f3cab1219aaaf4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HCHP-9M8J-V8CP

Vulnerability from github – Published: 2022-05-14 01:19 – Updated: 2025-04-20 03:36
VLAI
Details

The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-7994"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-21T16:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.",
  "id": "GHSA-hchp-9m8j-v8cp",
  "modified": "2025-04-20T03:36:28Z",
  "published": "2022-05-14T01:19:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7994"
    },
    {
      "type": "WEB",
      "url": "https://github.com/icepng/PoC/tree/master/PoC1"
    },
    {
      "type": "WEB",
      "url": "https://icepng.github.io/2017/04/21/PoDoFo-1"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/97980"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HCR8-X92W-Q652

Vulnerability from github – Published: 2026-02-14 18:30 – Updated: 2026-03-17 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work

hci_uart_set_proto() sets HCI_UART_PROTO_INIT before calling hci_uart_register_dev(), which calls proto->open() to initialize hu->priv. However, if a TTY write wakeup occurs during this window, hci_uart_tx_wakeup() may schedule write_work before hu->priv is initialized, leading to a NULL pointer dereference in hci_uart_write_work() when proto->dequeue() accesses hu->priv.

The race condition is:

CPU0 CPU1 ---- ---- hci_uart_set_proto() set_bit(HCI_UART_PROTO_INIT) hci_uart_register_dev() tty write wakeup hci_uart_tty_wakeup() hci_uart_tx_wakeup() schedule_work(&hu->write_work) proto->open(hu) // initializes hu->priv hci_uart_write_work() hci_uart_dequeue() proto->dequeue(hu) // accesses hu->priv (NULL!)

Fix this by moving set_bit(HCI_UART_PROTO_INIT) after proto->open() succeeds, ensuring hu->priv is initialized before any work can be scheduled.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23146"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-14T16:15:54Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work\n\nhci_uart_set_proto() sets HCI_UART_PROTO_INIT before calling\nhci_uart_register_dev(), which calls proto-\u003eopen() to initialize\nhu-\u003epriv. However, if a TTY write wakeup occurs during this window,\nhci_uart_tx_wakeup() may schedule write_work before hu-\u003epriv is\ninitialized, leading to a NULL pointer dereference in\nhci_uart_write_work() when proto-\u003edequeue() accesses hu-\u003epriv.\n\nThe race condition is:\n\n  CPU0                              CPU1\n  ----                              ----\n  hci_uart_set_proto()\n    set_bit(HCI_UART_PROTO_INIT)\n    hci_uart_register_dev()\n                                    tty write wakeup\n                                      hci_uart_tty_wakeup()\n                                        hci_uart_tx_wakeup()\n                                          schedule_work(\u0026hu-\u003ewrite_work)\n      proto-\u003eopen(hu)\n        // initializes hu-\u003epriv\n                                    hci_uart_write_work()\n                                      hci_uart_dequeue()\n                                        proto-\u003edequeue(hu)\n                                          // accesses hu-\u003epriv (NULL!)\n\nFix this by moving set_bit(HCI_UART_PROTO_INIT) after proto-\u003eopen()\nsucceeds, ensuring hu-\u003epriv is initialized before any work can be\nscheduled.",
  "id": "GHSA-hcr8-x92w-q652",
  "modified": "2026-03-17T21:31:41Z",
  "published": "2026-02-14T18:30:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23146"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/03e8c90c62233382042b7bd0fa8b8900552fdb62"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0c3cd7a0b862c37acbee6d9502107146cc944398"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/186d147cf7689ba1f9b3ddb753ab634a84940cc9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/53e54cb31e667fca05b1808b990eac0807d1dab0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/937a573423ce5a96fdb1fd425dc6b8d8d4ab5779"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b0a900939e7e4866d9b90e9112514b72c451e873"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ccc683f597ceb28deb966427ae948e5ac739a909"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HCWH-JPM3-477R

Vulnerability from github – Published: 2022-05-13 01:40 – Updated: 2022-05-13 01:40
VLAI
Details

A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34231231.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-0686"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-07-06T20:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34231231.",
  "id": "GHSA-hcwh-jpm3-477r",
  "modified": "2022-05-13T01:40:28Z",
  "published": "2022-05-13T01:40:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0686"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2017-07-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99478"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HCXG-6FFH-5MQJ

Vulnerability from github – Published: 2022-05-14 01:44 – Updated: 2022-05-14 01:44
VLAI
Details

An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-5806"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-07T22:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An error within the \"leaf_hdr_load_raw()\" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference.",
  "id": "GHSA-hcxg-6ffh-5mqj",
  "modified": "2022-05-14T01:44:33Z",
  "published": "2022-05-14T01:44:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5806"
    },
    {
      "type": "WEB",
      "url": "https://github.com/LibRaw/LibRaw/commit/9f26ce37f5be86ea11bfc6831366558650b1f6ff"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3065"
    },
    {
      "type": "WEB",
      "url": "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt"
    },
    {
      "type": "WEB",
      "url": "https://secuniaresearch.flexerasoftware.com/advisories/81000"
    },
    {
      "type": "WEB",
      "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HCXQ-V393-38JH

Vulnerability from github – Published: 2025-03-27 18:31 – Updated: 2025-04-14 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

trace_events_hist: add check for return value of 'create_hist_field'

Function 'create_hist_field' is called recursively at trace_events_hist.c:1954 and can return NULL-value that's why we have to check it to avoid null pointer dereference.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53005"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-27T17:15:49Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntrace_events_hist: add check for return value of \u0027create_hist_field\u0027\n\nFunction \u0027create_hist_field\u0027 is called recursively at\ntrace_events_hist.c:1954 and can return NULL-value that\u0027s why we have\nto check it to avoid null pointer dereference.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
  "id": "GHSA-hcxq-v393-38jh",
  "modified": "2025-04-14T21:32:23Z",
  "published": "2025-03-27T18:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53005"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/31b2414abeaa6de0490e85164badc6dcb1bb8ec9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/592ba7116fa620425725ff0972691f352ba3caf6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/886aa449235f478e262bbd5dcdee6ed6bc202949"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8b152e9150d07a885f95e1fd401fc81af202d9a4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b4e7e81b4fdfcf457daee6b7a61769f62198d840"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d2d1ada58e7cc100b8d7d6b082d19321ba4a700a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HF37-CC25-65X2

Vulnerability from github – Published: 2022-12-21 18:30 – Updated: 2022-12-21 18:30
VLAI
Details

In cd_SsParseMsg of cd_SsCodec.c, there is a possible crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-244448906References: N/A

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-42527"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-16T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "In cd_SsParseMsg of cd_SsCodec.c, there is a possible crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-244448906References: N/A",
  "id": "GHSA-hf37-cc25-65x2",
  "modified": "2022-12-21T18:30:24Z",
  "published": "2022-12-21T18:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42527"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2022-12-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HF4V-9M67-RPRW

Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-05-24 19:15
VLAI
Details

Null pointer dereference in SuiteLink server while processing command 0x0b

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-32987"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-23T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "Null pointer dereference in SuiteLink server while processing command 0x0b",
  "id": "GHSA-hf4v-9m67-rprw",
  "modified": "2022-05-24T19:15:33Z",
  "published": "2022-05-24T19:15:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32987"
    },
    {
      "type": "WEB",
      "url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-003.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-HF5C-HJGX-RMRW

Vulnerability from github – Published: 2024-04-16 18:31 – Updated: 2024-08-22 18:31
VLAI
Details

It was possible to mutate a JavaScript object so that the JIT could crash while tracing it. This vulnerability affects Firefox < 125.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-3858"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-16T16:15:08Z",
    "severity": "HIGH"
  },
  "details": "It was possible to mutate a JavaScript object so that the JIT could crash while tracing it. This vulnerability affects Firefox \u003c 125.",
  "id": "GHSA-hf5c-hjgx-rmrw",
  "modified": "2024-08-22T18:31:19Z",
  "published": "2024-04-16T18:31:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3858"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1888892"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-18"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.