Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-HV87-379M-CRRP

Vulnerability from github – Published: 2024-12-07 00:31 – Updated: 2024-12-12 03:33
VLAI
Details

Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_smac_planner().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-44856"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-06T22:15:21Z",
    "severity": "HIGH"
  },
  "details": "Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_smac_planner().",
  "id": "GHSA-hv87-379m-crrp",
  "modified": "2024-12-12T03:33:00Z",
  "published": "2024-12-07T00:31:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44856"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ros-navigation/navigation2/issues/4468"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ros-navigation/navigation2/pull/4463"
    },
    {
      "type": "WEB",
      "url": "https://github.com/GoesM/ROS-CVE-CNVDs"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HV9J-GPHM-3PPH

Vulnerability from github – Published: 2022-05-17 02:36 – Updated: 2022-05-17 02:36
VLAI
Details

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-9443"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-12-12T02:59:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",
  "id": "GHSA-hv9j-gphm-3pph",
  "modified": "2022-05-17T02:36:43Z",
  "published": "2022-05-17T02:36:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9443"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tats/w3m/issues/28"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tats/w3m/blob/master/ChangeLog"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201701-08"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/11/18/3"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94407"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HV9Q-CH73-572P

Vulnerability from github – Published: 2026-05-06 12:30 – Updated: 2026-05-12 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

fs/buffer: add alert in try_to_free_buffers() for folios without buffers

try_to_free_buffers() can be called on folios with no buffers attached when filemap_release_folio() is invoked on a folio belonging to a mapping with AS_RELEASE_ALWAYS set but no release_folio operation defined.

In such cases, folio_needs_release() returns true because of the AS_RELEASE_ALWAYS flag, but the folio has no private buffer data. This causes try_to_free_buffers() to call drop_buffers() on a folio with no buffers, leading to a null pointer dereference.

Adding a check in try_to_free_buffers() to return early if the folio has no buffers attached, with WARN_ON_ONCE() to alert about the misconfiguration. This provides defensive hardening.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-71295"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-06T12:16:28Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/buffer: add alert in try_to_free_buffers() for folios without buffers\n\ntry_to_free_buffers() can be called on folios with no buffers attached\nwhen filemap_release_folio() is invoked on a folio belonging to a mapping\nwith AS_RELEASE_ALWAYS set but no release_folio operation defined.\n\nIn such cases, folio_needs_release() returns true because of the\nAS_RELEASE_ALWAYS flag, but the folio has no private buffer data. This\ncauses try_to_free_buffers() to call drop_buffers() on a folio with no\nbuffers, leading to a null pointer dereference.\n\nAdding a check in try_to_free_buffers() to return early if the folio has no\nbuffers attached, with WARN_ON_ONCE() to alert about the misconfiguration.\nThis provides defensive hardening.",
  "id": "GHSA-hv9q-ch73-572p",
  "modified": "2026-05-12T21:31:26Z",
  "published": "2026-05-06T12:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71295"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1b111a69a6e33a922622bf9870e4e63fb2b649c8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/42c32d7571ccd8ef32351cac506f00b0fae99fd2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/727e5140e0cf83b4ce6a11b89bb73bff5d96f8f3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b68f91ef3b3fe82ad78c417de71b675699a8467c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c1b6227555c52781178132b7a06466711855795c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c6246ca15999053d2632fbcc7b86e6eef7f077cb"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HVG9-786F-W3WP

Vulnerability from github – Published: 2022-05-17 02:42 – Updated: 2022-05-17 02:42
VLAI
Details

All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-0351"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-05-09T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges.",
  "id": "GHSA-hvg9-786f-w3wp",
  "modified": "2022-05-17T02:42:44Z",
  "published": "2022-05-17T02:42:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0351"
    },
    {
      "type": "WEB",
      "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4462"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/98497"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HVHV-H3PP-3PVW

Vulnerability from github – Published: 2022-01-04 00:01 – Updated: 2022-01-13 00:01
VLAI
Details

Possible null pointer dereference in thread profile trap handler due to lack of thread ID validation before dereferencing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-30270"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-03T08:15:00Z",
    "severity": "HIGH"
  },
  "details": "Possible null pointer dereference in thread profile trap handler due to lack of thread ID validation before dereferencing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",
  "id": "GHSA-hvhv-h3pp-3pvw",
  "modified": "2022-01-13T00:01:49Z",
  "published": "2022-01-04T00:01:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30270"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2021-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-HVMW-VM8C-CC9J

Vulnerability from github – Published: 2023-03-01 15:30 – Updated: 2023-03-10 03:30
VLAI
Details

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the mc_chroma function at motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-24751"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-01T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the mc_chroma function at motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.",
  "id": "GHSA-hvmw-vm8c-cc9j",
  "modified": "2023-03-10T03:30:15Z",
  "published": "2023-03-01T15:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24751"
    },
    {
      "type": "WEB",
      "url": "https://github.com/strukturag/libde265/issues/379"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00004.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HVRX-6458-M9JR

Vulnerability from github – Published: 2025-12-02 03:31 – Updated: 2025-12-02 15:30
VLAI
Details

In Modem, there is a possible application crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00628396; Issue ID: MSV-4775.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-20755"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-02T03:16:16Z",
    "severity": "MODERATE"
  },
  "details": "In Modem, there is a possible application crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00628396; Issue ID: MSV-4775.",
  "id": "GHSA-hvrx-6458-m9jr",
  "modified": "2025-12-02T15:30:30Z",
  "published": "2025-12-02T03:31:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20755"
    },
    {
      "type": "WEB",
      "url": "https://corp.mediatek.com/product-security-bulletin/December-2025"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HVVV-J3J9-XHR9

Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2022-05-24 19:10
VLAI
Details

arch/powerpc/perf/core-book3s.c in the Linux kernel before 5.12.13, on systems with perf_event_paranoid=-1 and no specific PMU driver support registered, allows local users to cause a denial of service (perf_instruction_pointer NULL pointer dereference and OOPS) via a "perf record" command.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-38200"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-08T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "arch/powerpc/perf/core-book3s.c in the Linux kernel before 5.12.13, on systems with perf_event_paranoid=-1 and no specific PMU driver support registered, allows local users to cause a denial of service (perf_instruction_pointer NULL pointer dereference and OOPS) via a \"perf record\" command.",
  "id": "GHSA-hvvv-j3j9-xhr9",
  "modified": "2022-05-24T19:10:24Z",
  "published": "2022-05-24T19:10:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38200"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/60b7ed54a41b550d50caf7f2418db4a7e75b5bdc"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.13"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-HVVW-753H-39JV

Vulnerability from github – Published: 2022-05-17 01:17 – Updated: 2025-04-20 03:44
VLAI
Details

In Wireshark 2.4.0, the Modbus dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/packet-mbtcp.c by adding length validation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-13764"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-08-30T09:29:00Z",
    "severity": "HIGH"
  },
  "details": "In Wireshark 2.4.0, the Modbus dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/packet-mbtcp.c by adding length validation.",
  "id": "GHSA-hvvw-753h-39jv",
  "modified": "2025-04-20T03:44:09Z",
  "published": "2022-05-17T01:17:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13764"
    },
    {
      "type": "WEB",
      "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13925"
    },
    {
      "type": "WEB",
      "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=b87ffbd12bddf64582c0a6e082b462744474de94"
    },
    {
      "type": "WEB",
      "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b87ffbd12bddf64582c0a6e082b462744474de94"
    },
    {
      "type": "WEB",
      "url": "https://www.wireshark.org/security/wnpa-sec-2017-40.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/100545"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039254"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HW2X-PP4F-VG99

Vulnerability from github – Published: 2022-05-14 01:45 – Updated: 2022-05-14 01:45
VLAI
Details

There is a NULL pointer dereference at function sixel_helper_set_additional_message (status.c) in libsixel 1.8.2 that will cause a denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-19757"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-11-30T03:29:00Z",
    "severity": "MODERATE"
  },
  "details": "There is a NULL pointer dereference at function sixel_helper_set_additional_message (status.c) in libsixel 1.8.2 that will cause a denial of service.",
  "id": "GHSA-hw2x-pp4f-vg99",
  "modified": "2022-05-14T01:45:29Z",
  "published": "2022-05-14T01:45:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19757"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649197"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.