CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-P9XP-VCH3-FPJP
Vulnerability from github – Published: 2024-05-01 15:30 – Updated: 2024-12-23 15:30In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()'
The 'stream' pointer is used in dcn10_set_output_transfer_func() before the check if 'stream' is NULL.
Fixes the below: drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn10/dcn10_hwseq.c:1892 dcn10_set_output_transfer_func() warn: variable dereferenced before check 'stream' (see line 1875)
{
"affected": [],
"aliases": [
"CVE-2024-27044"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-01T13:15:49Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix potential NULL pointer dereferences in \u0027dcn10_set_output_transfer_func()\u0027\n\nThe \u0027stream\u0027 pointer is used in dcn10_set_output_transfer_func() before\nthe check if \u0027stream\u0027 is NULL.\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn10/dcn10_hwseq.c:1892 dcn10_set_output_transfer_func() warn: variable dereferenced before check \u0027stream\u0027 (see line 1875)",
"id": "GHSA-p9xp-vch3-fpjp",
"modified": "2024-12-23T15:30:47Z",
"published": "2024-05-01T15:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27044"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/14613d52bc7fc180df6d2c65ba65fc921fc1dda7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/29fde8895b2fcc33f44aea28c644ce2d9b62f9e0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2d9fe7787af01188dc470a649bdbb842d6511fd7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/330caa061af53ea6d287d7c43d0703714e510e08"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6ac7c7a3a9ab57aba0fe78ecb922d2b20e16efeb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7874ab3105ca4657102fee1cc14b0af70883c484"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9ccfe80d022df7c595f1925afb31de2232900656"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e019d87e02f1e539ae48b99187f253847744ca7a"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PC25-5426-Q5X9
Vulnerability from github – Published: 2024-08-14 15:31 – Updated: 2024-08-14 15:31Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2024-34136"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-14T15:15:20Z",
"severity": "MODERATE"
},
"details": "Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-pc25-5426-q5x9",
"modified": "2024-08-14T15:31:17Z",
"published": "2024-08-14T15:31:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34136"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/illustrator/apsb24-45.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PC2H-32RH-XHFP
Vulnerability from github – Published: 2025-06-10 18:32 – Updated: 2025-06-10 18:32InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2025-30321"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-10T17:21:21Z",
"severity": "MODERATE"
},
"details": "InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-pc2h-32rh-xhfp",
"modified": "2025-06-10T18:32:27Z",
"published": "2025-06-10T18:32:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30321"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/indesign/apsb25-53.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PC87-MH9V-2H38
Vulnerability from github – Published: 2022-05-14 01:18 – Updated: 2022-05-14 01:18An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (earlier than CVE-2019-9776).
{
"affected": [],
"aliases": [
"CVE-2019-9779"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-03-14T09:29:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (earlier than CVE-2019-9776).",
"id": "GHSA-pc87-mh9v-2h38",
"modified": "2022-05-14T01:18:15Z",
"published": "2022-05-14T01:18:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9779"
},
{
"type": "WEB",
"url": "https://github.com/LibreDWG/libredwg/issues/99"
},
{
"type": "WEB",
"url": "https://savannah.gnu.org/bugs/index.php?55893"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/107447"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PCCV-XJC7-M5QV
Vulnerability from github – Published: 2022-11-07 12:00 – Updated: 2025-05-05 18:32handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
{
"affected": [],
"aliases": [
"CVE-2022-44792"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-07T03:15:00Z",
"severity": "MODERATE"
},
"details": "handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.",
"id": "GHSA-pccv-xjc7-m5qv",
"modified": "2025-05-05T18:32:28Z",
"published": "2022-11-07T12:00:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44792"
},
{
"type": "WEB",
"url": "https://github.com/net-snmp/net-snmp/issues/474"
},
{
"type": "WEB",
"url": "https://gist.github.com/menglong2234/b7bc13ae1a144f47cc3c95a7ea062428"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00010.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230223-0011"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PCF2-F983-H6W2
Vulnerability from github – Published: 2025-01-22 00:33 – Updated: 2025-01-23 21:31An uninitialized pointer dereference in the ngap_handle_pdu_session_resource_setup_response routine of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDU Session Resource Setup Response.
{
"affected": [],
"aliases": [
"CVE-2024-24443"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-21T23:15:12Z",
"severity": "MODERATE"
},
"details": "An uninitialized pointer dereference in the ngap_handle_pdu_session_resource_setup_response routine of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDU Session Resource Setup Response.",
"id": "GHSA-pcf2-f983-h6w2",
"modified": "2025-01-23T21:31:51Z",
"published": "2025-01-22T00:33:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24443"
},
{
"type": "WEB",
"url": "https://cellularsecurity.org/ransacked"
},
{
"type": "WEB",
"url": "http://openairinterface.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PCH2-664M-XCCV
Vulnerability from github – Published: 2022-05-24 17:39 – Updated: 2022-08-06 00:00Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
{
"affected": [],
"aliases": [
"CVE-2021-1274"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-20T20:15:00Z",
"severity": "HIGH"
},
"details": "Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. ",
"id": "GHSA-pch2-664m-xccv",
"modified": "2022-08-06T00:00:38Z",
"published": "2022-05-24T17:39:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1274"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-dosmulti-48jJuEUP"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PCM6-6X97-2MRC
Vulnerability from github – Published: 2022-05-02 06:21 – Updated: 2022-05-02 06:21The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.
{
"affected": [],
"aliases": [
"CVE-2010-1321"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-05-19T18:30:00Z",
"severity": "MODERATE"
},
"details": "The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator\u0027s checksum field is missing.",
"id": "GHSA-pcm6-6x97-2mrc",
"modified": "2022-05-02T06:21:31Z",
"published": "2022-05-02T06:21:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1321"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11604"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7198"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7450"
},
{
"type": "WEB",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041615.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041645.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041654.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
},
{
"type": "WEB",
"url": "http://osvdb.org/64744"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/39762"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/39784"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/39799"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/39818"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/39849"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/40346"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/40685"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/41967"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/42432"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/42974"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/43335"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/44954"
},
{
"type": "WEB",
"url": "http://support.avaya.com/css/P8/documents/100114315"
},
{
"type": "WEB",
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-005.txt"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2010/dsa-2052"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:100"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0423.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0935.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0152.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/511331/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/40235"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-940-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-940-2"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html"
},
{
"type": "WEB",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1177"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1192"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1193"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1196"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1222"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1574"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1882"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/3112"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0134"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-PCP6-2JQ5-M5CF
Vulnerability from github – Published: 2025-07-22 18:30 – Updated: 2025-11-03 21:34A null pointer dereference vulnerability exists in the net_connectmsg Protocol Buffer Message functionality of Bloomberg Comdb2 8.1. A specially crafted network packets can lead to a denial of service. An attacker can send packets to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2025-36520"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-22T16:15:27Z",
"severity": "HIGH"
},
"details": "A null pointer dereference vulnerability exists in the net_connectmsg Protocol Buffer Message functionality of Bloomberg Comdb2 8.1. A specially crafted network packets can lead to a denial of service. An attacker can send packets to trigger this vulnerability.",
"id": "GHSA-pcp6-2jq5-m5cf",
"modified": "2025-11-03T21:34:10Z",
"published": "2025-07-22T18:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36520"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2197"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2197"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PCQC-C89R-492H
Vulnerability from github – Published: 2024-02-26 18:30 – Updated: 2024-04-17 21:30In the Linux kernel, the following vulnerability has been resolved:
crypto: rsa - add a check for allocation failure
Static checkers insist that the mpi_alloc() allocation can fail so add a check to prevent a NULL dereference. Small allocations like this can't actually fail in current kernels, but adding a check is very simple and makes the static checkers happy.
{
"affected": [],
"aliases": [
"CVE-2023-52472"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-26T16:27:48Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: rsa - add a check for allocation failure\n\nStatic checkers insist that the mpi_alloc() allocation can fail so add\na check to prevent a NULL dereference. Small allocations like this\ncan\u0027t actually fail in current kernels, but adding a check is very\nsimple and makes the static checkers happy.",
"id": "GHSA-pcqc-c89r-492h",
"modified": "2024-04-17T21:30:45Z",
"published": "2024-02-26T18:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52472"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2831f4d3bfa68e64c5f83e96688be779c87b3511"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/95ad8b6879e2e49d02e3bfc0e1fb46421633fe2a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d872ca165cb67112f2841ef9c37d51ef7e63d1e4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.