Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-PJ7H-HW7V-PG79

Vulnerability from github – Published: 2025-07-25 15:30 – Updated: 2025-11-19 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

Input: cs40l50-vibra - fix potential NULL dereference in cs40l50_upload_owt()

The cs40l50_upload_owt() function allocates memory via kmalloc() without checking for allocation failure, which could lead to a NULL pointer dereference.

Return -ENOMEM in case allocation fails.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38381"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-25T13:15:27Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: cs40l50-vibra - fix potential NULL dereference in cs40l50_upload_owt()\n\nThe cs40l50_upload_owt() function allocates memory via kmalloc()\nwithout checking for allocation failure, which could lead to a\nNULL pointer dereference.\n\nReturn -ENOMEM in case allocation fails.",
  "id": "GHSA-pj7h-hw7v-pg79",
  "modified": "2025-11-19T21:31:16Z",
  "published": "2025-07-25T15:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38381"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4cf65845fdd09d711fc7546d60c9abe010956922"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e87fc697fa4be5164e47cfba4ddd4732499adc60"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ea20568895c1122f15b6fc9e8d02c6cbe22964f8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PJ84-FGGF-8PF6

Vulnerability from github – Published: 2026-05-06 12:30 – Updated: 2026-05-08 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/pm: Fix null pointer dereference issue

If SMU is disabled, during RAS initialization, there will be null pointer dereference issue here.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-43131"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-06T12:16:30Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Fix null pointer dereference issue\n\nIf SMU is disabled, during RAS initialization,\nthere will be null pointer dereference issue here.",
  "id": "GHSA-pj84-fggf-8pf6",
  "modified": "2026-05-08T18:31:27Z",
  "published": "2026-05-06T12:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43131"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1197366cca89a4c44c541ddedb8ce8bf0757993d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8e035505fa0e5b7c4306fd3f4e27f8e8f5bfad8c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PJ8G-XGCW-9P63

Vulnerability from github – Published: 2024-08-08 09:30 – Updated: 2025-03-24 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

io_uring: fix error pbuf checking

Syz reports a problem, which boils down to NULL vs IS_ERR inconsistent error handling in io_alloc_pbuf_ring().

KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] RIP: 0010:__io_remove_buffers+0xac/0x700 io_uring/kbuf.c:341 Call Trace: io_put_bl io_uring/kbuf.c:378 [inline] io_destroy_buffers+0x14e/0x490 io_uring/kbuf.c:392 io_ring_ctx_free+0xa00/0x1070 io_uring/io_uring.c:2613 io_ring_exit_work+0x80f/0x8a0 io_uring/io_uring.c:2844 process_one_work kernel/workqueue.c:3231 [inline] process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312 worker_thread+0x86d/0xd40 kernel/workqueue.c:3390 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-42254"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-08T09:15:08Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix error pbuf checking\n\nSyz reports a problem, which boils down to NULL vs IS_ERR inconsistent\nerror handling in io_alloc_pbuf_ring().\n\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nRIP: 0010:__io_remove_buffers+0xac/0x700 io_uring/kbuf.c:341\nCall Trace:\n \u003cTASK\u003e\n io_put_bl io_uring/kbuf.c:378 [inline]\n io_destroy_buffers+0x14e/0x490 io_uring/kbuf.c:392\n io_ring_ctx_free+0xa00/0x1070 io_uring/io_uring.c:2613\n io_ring_exit_work+0x80f/0x8a0 io_uring/io_uring.c:2844\n process_one_work kernel/workqueue.c:3231 [inline]\n process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312\n worker_thread+0x86d/0xd40 kernel/workqueue.c:3390\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244",
  "id": "GHSA-pj8g-xgcw-9p63",
  "modified": "2025-03-24T18:30:43Z",
  "published": "2024-08-08T09:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42254"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/68d19af95a353f5e2b021602180b65b303eba99d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/78aefac7efdffddf7889405b7c08e6e0f030fa35"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bcc87d978b834c298bbdd9c52454c5d0a946e97e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PJFG-6MWR-J367

Vulnerability from github – Published: 2022-05-13 01:12 – Updated: 2022-05-13 01:12
VLAI
Details

An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-6942"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-02-13T05:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.",
  "id": "GHSA-pjfg-6mwr-j367",
  "modified": "2022-05-13T01:12:00Z",
  "published": "2022-05-13T01:12:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6942"
    },
    {
      "type": "WEB",
      "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736"
    },
    {
      "type": "WEB",
      "url": "https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3572-1"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00054.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PJV9-3C8F-MR4H

Vulnerability from github – Published: 2022-05-17 02:52 – Updated: 2022-05-17 02:52
VLAI
Details

The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PE file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-7274"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-03-27T17:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PE file.",
  "id": "GHSA-pjv9-3c8f-mr4h",
  "modified": "2022-05-17T02:52:23Z",
  "published": "2022-05-17T02:52:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7274"
    },
    {
      "type": "WEB",
      "url": "https://github.com/radare/radare2/issues/7152"
    },
    {
      "type": "WEB",
      "url": "https://github.com/radare/radare2/commit/7ab66cca5bbdf6cb2d69339ef4f513d95e532dbf"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/97181"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PJW3-8X26-XPWM

Vulnerability from github – Published: 2024-03-27 06:30 – Updated: 2025-11-04 21:31
VLAI
Details

TeX Live 944e257 allows a NULL pointer dereference in texk/web2c/pdftexdir/tounicode.c. NOTE: this is disputed because it should be categorized as a usability problem.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-46051"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-27T06:15:10Z",
    "severity": "LOW"
  },
  "details": "TeX Live 944e257 allows a NULL pointer dereference in texk/web2c/pdftexdir/tounicode.c. NOTE: this is disputed because it should be categorized as a usability problem.",
  "id": "GHSA-pjw3-8x26-xpwm",
  "modified": "2025-11-04T21:31:23Z",
  "published": "2024-03-27T06:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46051"
    },
    {
      "type": "WEB",
      "url": "https://tug.org/pipermail/tex-live/2023-August/049406.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/176822/tex-live-944e257-Null-Pointer.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Jan/68"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PJWQ-6682-PV8R

Vulnerability from github – Published: 2022-05-13 01:42 – Updated: 2022-05-13 01:42
VLAI
Details

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, as a result of a race condition between two userspace processes that interact with the driver concurrently, a null pointer dereference can potentially occur.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-11063"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-10T20:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, as a result of a race condition between two userspace processes that interact with the driver concurrently, a null pointer dereference can potentially occur.",
  "id": "GHSA-pjwq-6682-pv8r",
  "modified": "2022-05-13T01:42:07Z",
  "published": "2022-05-13T01:42:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11063"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2017-10-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101160"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PJWQ-HG2P-9VW7

Vulnerability from github – Published: 2024-04-03 18:30 – Updated: 2025-01-07 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Fix potential null pointer dereference in dc_dmub_srv

Fixes potential null pointer dereference warnings in the dc_dmub_srv_cmd_list_queue_execute() and dc_dmub_srv_is_hw_pwr_up() functions.

In both functions, the 'dc_dmub_srv' variable was being dereferenced before it was checked for null. This could lead to a null pointer dereference if 'dc_dmub_srv' is null. The fix is to check if 'dc_dmub_srv' is null before dereferencing it.

Thus moving the null checks for 'dc_dmub_srv' to the beginning of the functions to ensure that 'dc_dmub_srv' is not null when it is dereferenced.

Found by smatch & thus fixing the below: drivers/gpu/drm/amd/amdgpu/../display/dc/dc_dmub_srv.c:133 dc_dmub_srv_cmd_list_queue_execute() warn: variable dereferenced before check 'dc_dmub_srv' (see line 128) drivers/gpu/drm/amd/amdgpu/../display/dc/dc_dmub_srv.c:1167 dc_dmub_srv_is_hw_pwr_up() warn: variable dereferenced before check 'dc_dmub_srv' (see line 1164)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26729"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-03T17:15:50Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix potential null pointer dereference in dc_dmub_srv\n\nFixes potential null pointer dereference warnings in the\ndc_dmub_srv_cmd_list_queue_execute() and dc_dmub_srv_is_hw_pwr_up()\nfunctions.\n\nIn both functions, the \u0027dc_dmub_srv\u0027 variable was being dereferenced\nbefore it was checked for null. This could lead to a null pointer\ndereference if \u0027dc_dmub_srv\u0027 is null. The fix is to check if\n\u0027dc_dmub_srv\u0027 is null before dereferencing it.\n\nThus moving the null checks for \u0027dc_dmub_srv\u0027 to the beginning of the\nfunctions to ensure that \u0027dc_dmub_srv\u0027 is not null when it is\ndereferenced.\n\nFound by smatch \u0026 thus fixing the below:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dc_dmub_srv.c:133 dc_dmub_srv_cmd_list_queue_execute() warn: variable dereferenced before check \u0027dc_dmub_srv\u0027 (see line 128)\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dc_dmub_srv.c:1167 dc_dmub_srv_is_hw_pwr_up() warn: variable dereferenced before check \u0027dc_dmub_srv\u0027 (see line 1164)",
  "id": "GHSA-pjwq-hg2p-9vw7",
  "modified": "2025-01-07T21:30:54Z",
  "published": "2024-04-03T18:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26729"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/351080ba3414c96afff0f1338b4aeb2983195b80"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d2b48f340d9e4a8fbeb1cdc84cd8da6ad143a907"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PJX8-96CX-2PJW

Vulnerability from github – Published: 2024-10-21 21:30 – Updated: 2025-11-04 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Check null pointer before dereferencing se

[WHAT & HOW] se is null checked previously in the same function, indicating it might be null; therefore, it must be checked when used again.

This fixes 1 FORWARD_NULL issue reported by Coverity.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-50049"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T20:15:17Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null pointer before dereferencing se\n\n[WHAT \u0026 HOW]\nse is null checked previously in the same function, indicating\nit might be null; therefore, it must be checked when used again.\n\nThis fixes 1 FORWARD_NULL issue reported by Coverity.",
  "id": "GHSA-pjx8-96cx-2pjw",
  "modified": "2025-11-04T00:31:46Z",
  "published": "2024-10-21T21:30:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50049"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/65b2d49e55fe13ae56da3a7685bdccadca31134a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/97a79933fb08a002ba9400d1a7a5df707ecdb896"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a9b4fd1946678fa0e069e442f3c5a7d3fa446fac"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c643ef59390e49f1dfab35e8ea65f5db5e527d64"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f4149eec960110ffd5bcb161075dd9f1d7773075"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ff599ef6970ee000fa5bc38d02fa5ff5f3fc7575"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PJXR-6C7R-HPJF

Vulnerability from github – Published: 2022-05-14 01:42 – Updated: 2022-05-14 01:42
VLAI
Details

A NULL pointer dereference in dhd_prot_txdata_write_flush in drivers/net/wireless/bcmdhd4358/dhd_msgbuf.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to cause the device to reboot. The Samsung ID is SVE-2018-11783.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-14853"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-17T19:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A NULL pointer dereference in dhd_prot_txdata_write_flush in drivers/net/wireless/bcmdhd4358/dhd_msgbuf.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to cause the device to reboot. The Samsung ID is SVE-2018-11783.",
  "id": "GHSA-pjxr-6c7r-hpjf",
  "modified": "2022-05-14T01:42:27Z",
  "published": "2022-05-14T01:42:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14853"
    },
    {
      "type": "WEB",
      "url": "https://github.com/securesystemslab/periscope/blob/master/bugs-found/CVE-2018-14853.md"
    },
    {
      "type": "WEB",
      "url": "https://people.cs.kuleuven.be/~stijn.volckaert/papers/2019_NDSS_PeriScope.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.