Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-M66M-H4R9-WJP8

Vulnerability from github – Published: 2022-05-13 01:11 – Updated: 2022-05-13 01:11
VLAI
Details

In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-14928"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-09-30T01:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document.",
  "id": "GHSA-m66m-h4r9-wjp8",
  "modified": "2022-05-13T01:11:15Z",
  "published": "2022-05-13T01:11:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14928"
    },
    {
      "type": "WEB",
      "url": "https://bugs.freedesktop.org/show_bug.cgi?id=102607"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M68Q-HXMP-JH9G

Vulnerability from github – Published: 2025-10-01 12:30 – Updated: 2026-01-20 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry()

This condition needs to match the previous "if (epcp->state == LISTEN) {" exactly to avoid a NULL dereference of either "listen_ep" or "ep". The problem is that "epcp" has been re-assigned so just testing "if (epcp->state == LISTEN) {" a second time is not sufficient.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53476"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-01T12:15:49Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\niw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry()\n\nThis condition needs to match the previous \"if (epcp-\u003estate == LISTEN) {\"\nexactly to avoid a NULL dereference of either \"listen_ep\" or \"ep\". The\nproblem is that \"epcp\" has been re-assigned so just testing\n\"if (epcp-\u003estate == LISTEN) {\" a second time is not sufficient.",
  "id": "GHSA-m68q-hxmp-jh9g",
  "modified": "2026-01-20T18:31:52Z",
  "published": "2025-10-01T12:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53476"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/24278dc380aab6a1aef0a75317f57ad4c2453cf6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4ca446b127c568b59cb8d9748b6f70499624bb18"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/76e0396313c79ecd0df44ee3c18745cfac52b3e6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dd55240e4364d64befcc575b0d33091881524f42"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M6C4-7R62-X4HM

Vulnerability from github – Published: 2024-08-14 15:31 – Updated: 2024-08-14 15:31
VLAI
Details

Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS) condition. An attacker could exploit this vulnerability to crash the application, resulting in a DoS. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-34137"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-14T15:15:20Z",
    "severity": "MODERATE"
  },
  "details": "Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS) condition. An attacker could exploit this vulnerability to crash the application, resulting in a DoS. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-m6c4-7r62-x4hm",
  "modified": "2024-08-14T15:31:17Z",
  "published": "2024-08-14T15:31:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34137"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/illustrator/apsb24-45.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M6CW-M47W-WQ2G

Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2022-05-24 17:47
VLAI
Details

The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-31260"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-19T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.",
  "id": "GHSA-m6cw-m47w-wq2g",
  "modified": "2022-05-24T17:47:52Z",
  "published": "2022-05-24T17:47:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31260"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/issues/1736"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/commit/df8fffd839fe5ae9acd82d26fd48280a397411d9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-M6F7-Q6M8-788V

Vulnerability from github – Published: 2022-05-14 02:03 – Updated: 2022-05-14 02:03
VLAI
Details

The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of service (get_acl NULL pointer dereference and system crash) via a crafted ext4 image.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-1095"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-04-02T03:29:00Z",
    "severity": "HIGH"
  },
  "details": "The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of service (get_acl NULL pointer dereference and system crash) via a crafted ext4 image.",
  "id": "GHSA-m6f7-q6m8-788v",
  "modified": "2022-05-14T02:03:05Z",
  "published": "2022-05-14T02:03:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1095"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:2948"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2018-1095"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.kernel.org/show_bug.cgi?id=199185"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560793"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=ce3fd194fcc6fbdc00ce095a852f22df97baa401"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3695-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3695-2"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2018/03/29/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M6M4-PPMJ-PPV3

Vulnerability from github – Published: 2022-05-13 01:17 – Updated: 2022-05-13 01:17
VLAI
Details

The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-2678"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-04-01T06:35:00Z",
    "severity": "MODERATE"
  },
  "details": "The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.",
  "id": "GHSA-m6m4-ppmj-ppv3",
  "modified": "2022-05-13T01:17:56Z",
  "published": "2022-05-13T01:17:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2678"
    },
    {
      "type": "WEB",
      "url": "https://lkml.org/lkml/2014/3/29/188"
    },
    {
      "type": "WEB",
      "url": "http://linux.oracle.com/errata/ELSA-2014-0926-1.html"
    },
    {
      "type": "WEB",
      "url": "http://linux.oracle.com/errata/ELSA-2014-0926.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131276.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59386"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60130"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60471"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2014/03/31/10"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/66543"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-M6Q7-6HRV-F732

Vulnerability from github – Published: 2025-03-17 21:30 – Updated: 2025-03-17 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: sparx5: switchdev: fix possible NULL pointer dereference

As the possible failure of the allocation, devm_kzalloc() may return NULL pointer. Therefore, it should be better to check the 'db' in order to prevent the dereference of NULL pointer.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49184"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:00:55Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sparx5: switchdev: fix possible NULL pointer dereference\n\nAs the possible failure of the allocation, devm_kzalloc() may return NULL\npointer.\nTherefore, it should be better to check the \u0027db\u0027 in order to prevent\nthe dereference of NULL pointer.",
  "id": "GHSA-m6q7-6hrv-f732",
  "modified": "2025-03-17T21:30:31Z",
  "published": "2025-03-17T21:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49184"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0906f3a3df07835e37077d8971aac65347f2ed57"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b375ea083fa649092cd016ac1f89a2d1fd8f8e8b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c346791877e6ce923bb21e34b30c6f99326aa5a8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e7e1fff76c4c57688dc7d53a3b6212182d5628d0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M6QQ-C4RP-76FQ

Vulnerability from github – Published: 2022-05-17 00:12 – Updated: 2022-05-17 00:12
VLAI
Details

K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x95002570 DeviceIoControl request.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-17464"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-12-08T05:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x95002570 DeviceIoControl request.",
  "id": "GHSA-m6qq-c4rp-76fq",
  "modified": "2022-05-17T00:12:30Z",
  "published": "2022-05-17T00:12:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17464"
    },
    {
      "type": "WEB",
      "url": "https://github.com/k0keoyo/Driver-Loaded-PoC/tree/master/K7-Antivirus/K7Anti_Nullptr_Dereference_0x95002570"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M6R3-9WWQ-X2MJ

Vulnerability from github – Published: 2023-08-22 21:30 – Updated: 2024-04-04 07:06
VLAI
Details

A null pointer deference in __core_anal_fcn function in radare2 5.4.2 and 5.4.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-28070"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-22T19:16:22Z",
    "severity": "HIGH"
  },
  "details": "A null pointer deference in __core_anal_fcn function in radare2 5.4.2 and 5.4.0.",
  "id": "GHSA-m6r3-9wwq-x2mj",
  "modified": "2024-04-04T07:06:59Z",
  "published": "2023-08-22T21:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28070"
    },
    {
      "type": "WEB",
      "url": "https://github.com/radareorg/radare2/commit/4aff1bb00224de4f5bc118f987dfd5d2fe3450d0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M6RJ-HX92-C739

Vulnerability from github – Published: 2022-05-13 01:26 – Updated: 2022-05-13 01:26
VLAI
Details

zephyr-rtos version 1.12.0 contains a NULL base pointer reference vulnerability in sys_ring_buf_put(), sys_ring_buf_get() that can result in CPU Page Fault (error code 0x00000010). This attack appear to be exploitable via a malicious application call the vulnerable kernel APIs (system sys_ring_buf_get() and sys_ring_buf_put).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-1000800"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-06T17:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "zephyr-rtos version 1.12.0 contains a NULL base pointer reference vulnerability in sys_ring_buf_put(), sys_ring_buf_get() that can result in CPU Page Fault (error code 0x00000010). This attack appear to be exploitable via a malicious application call the vulnerable kernel APIs (system sys_ring_buf_get() and sys_ring_buf_put).",
  "id": "GHSA-m6rj-hx92-c739",
  "modified": "2022-05-13T01:26:35Z",
  "published": "2022-05-13T01:26:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000800"
    },
    {
      "type": "WEB",
      "url": "https://github.com/zephyrproject-rtos/zephyr/issues/7638"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.