CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-HV87-379M-CRRP
Vulnerability from github – Published: 2024-12-07 00:31 – Updated: 2024-12-12 03:33Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_smac_planner().
{
"affected": [],
"aliases": [
"CVE-2024-44856"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-06T22:15:21Z",
"severity": "HIGH"
},
"details": "Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_smac_planner().",
"id": "GHSA-hv87-379m-crrp",
"modified": "2024-12-12T03:33:00Z",
"published": "2024-12-07T00:31:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44856"
},
{
"type": "WEB",
"url": "https://github.com/ros-navigation/navigation2/issues/4468"
},
{
"type": "WEB",
"url": "https://github.com/ros-navigation/navigation2/pull/4463"
},
{
"type": "WEB",
"url": "https://github.com/GoesM/ROS-CVE-CNVDs"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HV9J-GPHM-3PPH
Vulnerability from github – Published: 2022-05-17 02:36 – Updated: 2022-05-17 02:36An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2016-9443"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-12-12T02:59:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",
"id": "GHSA-hv9j-gphm-3pph",
"modified": "2022-05-17T02:36:43Z",
"published": "2022-05-17T02:36:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9443"
},
{
"type": "WEB",
"url": "https://github.com/tats/w3m/issues/28"
},
{
"type": "WEB",
"url": "https://github.com/tats/w3m/blob/master/ChangeLog"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201701-08"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/11/18/3"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/94407"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HV9Q-CH73-572P
Vulnerability from github – Published: 2026-05-06 12:30 – Updated: 2026-05-12 21:31In the Linux kernel, the following vulnerability has been resolved:
fs/buffer: add alert in try_to_free_buffers() for folios without buffers
try_to_free_buffers() can be called on folios with no buffers attached when filemap_release_folio() is invoked on a folio belonging to a mapping with AS_RELEASE_ALWAYS set but no release_folio operation defined.
In such cases, folio_needs_release() returns true because of the AS_RELEASE_ALWAYS flag, but the folio has no private buffer data. This causes try_to_free_buffers() to call drop_buffers() on a folio with no buffers, leading to a null pointer dereference.
Adding a check in try_to_free_buffers() to return early if the folio has no buffers attached, with WARN_ON_ONCE() to alert about the misconfiguration. This provides defensive hardening.
{
"affected": [],
"aliases": [
"CVE-2025-71295"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-06T12:16:28Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/buffer: add alert in try_to_free_buffers() for folios without buffers\n\ntry_to_free_buffers() can be called on folios with no buffers attached\nwhen filemap_release_folio() is invoked on a folio belonging to a mapping\nwith AS_RELEASE_ALWAYS set but no release_folio operation defined.\n\nIn such cases, folio_needs_release() returns true because of the\nAS_RELEASE_ALWAYS flag, but the folio has no private buffer data. This\ncauses try_to_free_buffers() to call drop_buffers() on a folio with no\nbuffers, leading to a null pointer dereference.\n\nAdding a check in try_to_free_buffers() to return early if the folio has no\nbuffers attached, with WARN_ON_ONCE() to alert about the misconfiguration.\nThis provides defensive hardening.",
"id": "GHSA-hv9q-ch73-572p",
"modified": "2026-05-12T21:31:26Z",
"published": "2026-05-06T12:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71295"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1b111a69a6e33a922622bf9870e4e63fb2b649c8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/42c32d7571ccd8ef32351cac506f00b0fae99fd2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/727e5140e0cf83b4ce6a11b89bb73bff5d96f8f3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b68f91ef3b3fe82ad78c417de71b675699a8467c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c1b6227555c52781178132b7a06466711855795c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c6246ca15999053d2632fbcc7b86e6eef7f077cb"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HVG9-786F-W3WP
Vulnerability from github – Published: 2022-05-17 02:42 – Updated: 2022-05-17 02:42All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges.
{
"affected": [],
"aliases": [
"CVE-2017-0351"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-05-09T21:29:00Z",
"severity": "HIGH"
},
"details": "All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges.",
"id": "GHSA-hvg9-786f-w3wp",
"modified": "2022-05-17T02:42:44Z",
"published": "2022-05-17T02:42:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0351"
},
{
"type": "WEB",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4462"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/98497"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HVHV-H3PP-3PVW
Vulnerability from github – Published: 2022-01-04 00:01 – Updated: 2022-01-13 00:01Possible null pointer dereference in thread profile trap handler due to lack of thread ID validation before dereferencing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
{
"affected": [],
"aliases": [
"CVE-2021-30270"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-03T08:15:00Z",
"severity": "HIGH"
},
"details": "Possible null pointer dereference in thread profile trap handler due to lack of thread ID validation before dereferencing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",
"id": "GHSA-hvhv-h3pp-3pvw",
"modified": "2022-01-13T00:01:49Z",
"published": "2022-01-04T00:01:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30270"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/december-2021-bulletin"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-HVMW-VM8C-CC9J
Vulnerability from github – Published: 2023-03-01 15:30 – Updated: 2023-03-10 03:30libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the mc_chroma function at motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.
{
"affected": [],
"aliases": [
"CVE-2023-24751"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-01T15:15:00Z",
"severity": "MODERATE"
},
"details": "libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the mc_chroma function at motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.",
"id": "GHSA-hvmw-vm8c-cc9j",
"modified": "2023-03-10T03:30:15Z",
"published": "2023-03-01T15:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24751"
},
{
"type": "WEB",
"url": "https://github.com/strukturag/libde265/issues/379"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00004.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HVRX-6458-M9JR
Vulnerability from github – Published: 2025-12-02 03:31 – Updated: 2025-12-02 15:30In Modem, there is a possible application crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00628396; Issue ID: MSV-4775.
{
"affected": [],
"aliases": [
"CVE-2025-20755"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-02T03:16:16Z",
"severity": "MODERATE"
},
"details": "In Modem, there is a possible application crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00628396; Issue ID: MSV-4775.",
"id": "GHSA-hvrx-6458-m9jr",
"modified": "2025-12-02T15:30:30Z",
"published": "2025-12-02T03:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20755"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/December-2025"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HVVV-J3J9-XHR9
Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2022-05-24 19:10arch/powerpc/perf/core-book3s.c in the Linux kernel before 5.12.13, on systems with perf_event_paranoid=-1 and no specific PMU driver support registered, allows local users to cause a denial of service (perf_instruction_pointer NULL pointer dereference and OOPS) via a "perf record" command.
{
"affected": [],
"aliases": [
"CVE-2021-38200"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-08T20:15:00Z",
"severity": "MODERATE"
},
"details": "arch/powerpc/perf/core-book3s.c in the Linux kernel before 5.12.13, on systems with perf_event_paranoid=-1 and no specific PMU driver support registered, allows local users to cause a denial of service (perf_instruction_pointer NULL pointer dereference and OOPS) via a \"perf record\" command.",
"id": "GHSA-hvvv-j3j9-xhr9",
"modified": "2022-05-24T19:10:24Z",
"published": "2022-05-24T19:10:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38200"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/60b7ed54a41b550d50caf7f2418db4a7e75b5bdc"
},
{
"type": "WEB",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.13"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-HVVW-753H-39JV
Vulnerability from github – Published: 2022-05-17 01:17 – Updated: 2025-04-20 03:44In Wireshark 2.4.0, the Modbus dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/packet-mbtcp.c by adding length validation.
{
"affected": [],
"aliases": [
"CVE-2017-13764"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-30T09:29:00Z",
"severity": "HIGH"
},
"details": "In Wireshark 2.4.0, the Modbus dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/packet-mbtcp.c by adding length validation.",
"id": "GHSA-hvvw-753h-39jv",
"modified": "2025-04-20T03:44:09Z",
"published": "2022-05-17T01:17:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13764"
},
{
"type": "WEB",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13925"
},
{
"type": "WEB",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=b87ffbd12bddf64582c0a6e082b462744474de94"
},
{
"type": "WEB",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b87ffbd12bddf64582c0a6e082b462744474de94"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2017-40.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/100545"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039254"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HW2X-PP4F-VG99
Vulnerability from github – Published: 2022-05-14 01:45 – Updated: 2022-05-14 01:45There is a NULL pointer dereference at function sixel_helper_set_additional_message (status.c) in libsixel 1.8.2 that will cause a denial of service.
{
"affected": [],
"aliases": [
"CVE-2018-19757"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-11-30T03:29:00Z",
"severity": "MODERATE"
},
"details": "There is a NULL pointer dereference at function sixel_helper_set_additional_message (status.c) in libsixel 1.8.2 that will cause a denial of service.",
"id": "GHSA-hw2x-pp4f-vg99",
"modified": "2022-05-14T01:45:29Z",
"published": "2022-05-14T01:45:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19757"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649197"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.