Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-QC73-3QQX-FC2Q

Vulnerability from github – Published: 2026-05-08 15:31 – Updated: 2026-05-20 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

rxrpc, afs: Fix missing error pointer check after rxrpc_kernel_lookup_peer()

rxrpc_kernel_lookup_peer() can also return error pointers in addition to NULL, so just checking for NULL is not sufficient.

Fix this by:

(1) Changing rxrpc_kernel_lookup_peer() to return -ENOMEM rather than NULL on allocation failure.

(2) Making the callers in afs use IS_ERR() and PTR_ERR() to pass on the error code returned.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-43463"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-08T15:16:59Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc, afs: Fix missing error pointer check after rxrpc_kernel_lookup_peer()\n\nrxrpc_kernel_lookup_peer() can also return error pointers in addition to\nNULL, so just checking for NULL is not sufficient.\n\nFix this by:\n\n (1) Changing rxrpc_kernel_lookup_peer() to return -ENOMEM rather than NULL\n     on allocation failure.\n\n (2) Making the callers in afs use IS_ERR() and PTR_ERR() to pass on the\n     error code returned.",
  "id": "GHSA-qc73-3qqx-fc2q",
  "modified": "2026-05-20T21:31:28Z",
  "published": "2026-05-08T15:31:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43463"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4245a79003adf30e67f8e9060915bd05cb31d142"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/54331c5dcc6d97683d7ca2788e7ef9c9505e1477"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d55fa7cd4b19ba91b34b307d769c149e56ad0a75"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QC77-246G-GJ7G

Vulnerability from github – Published: 2026-06-24 18:32 – Updated: 2026-07-15 15:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net/sched: sch_dualpi2: drain both C-queue and L-queue in dualpi2_change()

Fix dualpi2_change() to correctly enforce updated limit and memlimit values after a configuration change of the dualpi2 qdisc.

Before this patch, dualpi2_change() always attempted to dequeue packets via the root qdisc (C-queue) when reducing backlog or memory usage, and unconditionally assumed that a valid skb will be returned. When traffic classification results in packets being queued in the L-queue while the C-queue is empty, this leads to a NULL skb dereference during limit or memlimit enforcement.

This is fixed by first dequeuing from the C-queue path if it is non-empty. Once the C-queue is empty, packets are dequeued directly from the L-queue. Return values from qdisc_dequeue_internal() are checked for both queues. When dequeuing from the L-queue, the parent qdisc qlen and backlog counters are updated explicitly to keep overall qdisc statistics consistent.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-52997"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-24T17:17:10Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_dualpi2: drain both C-queue and L-queue in dualpi2_change()\n\nFix dualpi2_change() to correctly enforce updated limit and memlimit\nvalues after a configuration change of the dualpi2 qdisc.\n\nBefore this patch, dualpi2_change() always attempted to dequeue packets\nvia the root qdisc (C-queue) when reducing backlog or memory usage, and\nunconditionally assumed that a valid skb will be returned. When traffic\nclassification results in packets being queued in the L-queue while the\nC-queue is empty, this leads to a NULL skb dereference during limit or\nmemlimit enforcement.\n\nThis is fixed by first dequeuing from the C-queue path if it is\nnon-empty. Once the C-queue is empty, packets are dequeued directly from\nthe L-queue. Return values from qdisc_dequeue_internal() are checked for\nboth queues. When dequeuing from the L-queue, the parent qdisc qlen and\nbacklog counters are updated explicitly to keep overall qdisc statistics\nconsistent.",
  "id": "GHSA-qc77-246g-gj7g",
  "modified": "2026-07-15T15:32:43Z",
  "published": "2026-06-24T18:32:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-52997"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3042add80c2c50bd127d570b83319af612efde65"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/478ed6b7d2577439c610f91fa8759a4c878a4264"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/86cf2eba2056bcf9c41fba260e599bd95bf9943b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QC8J-8WV9-XCFG

Vulnerability from github – Published: 2022-12-31 00:30 – Updated: 2023-01-06 21:30
VLAI
Details

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause a null-pointer dereference, which may lead to denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-34678"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-30T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause a null-pointer dereference, which may lead to denial of service.",
  "id": "GHSA-qc8j-8wv9-xcfg",
  "modified": "2023-01-06T21:30:40Z",
  "published": "2022-12-31T00:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34678"
    },
    {
      "type": "WEB",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202310-02"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QC8X-J8R7-6J42

Vulnerability from github – Published: 2022-11-15 12:00 – Updated: 2022-11-18 00:30
VLAI
Details

Denial of service due to null pointer dereference when GATT is disconnected in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-25710"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-15T10:15:00Z",
    "severity": "HIGH"
  },
  "details": "Denial of service due to null pointer dereference when GATT is disconnected in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music",
  "id": "GHSA-qc8x-j8r7-6j42",
  "modified": "2022-11-18T00:30:22Z",
  "published": "2022-11-15T12:00:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25710"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/november-2022-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QCC4-GJX4-JHPH

Vulnerability from github – Published: 2022-01-04 00:00 – Updated: 2025-05-22 21:30
VLAI
Details

The HwNearbyMain module has a NULL Pointer Dereference vulnerability.Successful exploitation of this vulnerability may cause a process to restart.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-39977"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-03T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "The HwNearbyMain module has a NULL Pointer Dereference vulnerability.Successful exploitation of this vulnerability may cause a process to restart.",
  "id": "GHSA-qcc4-gjx4-jhph",
  "modified": "2025-05-22T21:30:32Z",
  "published": "2022-01-04T00:00:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39977"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202111-0000001217889667"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QCF5-MJ4W-X99V

Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-24 18:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: bridge: use a stable FDB dst snapshot in RCU readers

Local FDB entries can be rewritten in place by fdb_delete_local(), which updates f->dst to another port or to NULL while keeping the entry alive. Several bridge RCU readers inspect f->dst, including br_fdb_fillbuf() through the brforward_read() sysfs path.

These readers currently load f->dst multiple times and can therefore observe inconsistent values across the check and later dereference. In br_fdb_fillbuf(), this means a concurrent local-FDB update can change f->dst after the NULL check and before the port_no dereference, leading to a NULL-ptr-deref.

Fix this by taking a single READ_ONCE() snapshot of f->dst in each affected RCU reader and using that snapshot for the rest of the access sequence. Also publish the in-place f->dst updates in fdb_delete_local() with WRITE_ONCE() so the readers and writer use matching access patterns.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-46086"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-27T14:17:30Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: use a stable FDB dst snapshot in RCU readers\n\nLocal FDB entries can be rewritten in place by `fdb_delete_local()`, which\nupdates `f-\u003edst` to another port or to `NULL` while keeping the entry\nalive. Several bridge RCU readers inspect `f-\u003edst`, including\n`br_fdb_fillbuf()` through the `brforward_read()` sysfs path.\n\nThese readers currently load `f-\u003edst` multiple times and can therefore\nobserve inconsistent values across the check and later dereference.\nIn `br_fdb_fillbuf()`, this means a concurrent local-FDB update can change\n`f-\u003edst` after the NULL check and before the `port_no` dereference,\nleading to a NULL-ptr-deref.\n\nFix this by taking a single `READ_ONCE()` snapshot of `f-\u003edst` in each\naffected RCU reader and using that snapshot for the rest of the access\nsequence. Also publish the in-place `f-\u003edst` updates in `fdb_delete_local()`\nwith `WRITE_ONCE()` so the readers and writer use matching access patterns.",
  "id": "GHSA-qcf5-mj4w-x99v",
  "modified": "2026-06-24T18:32:31Z",
  "published": "2026-05-27T15:33:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46086"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0b9e4bbfb7c949151e3acd44ed4aa33614d2e110"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1406c4e0ed1eaf8a29801ab1163d00fb7ee4359a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5424e678f9b304e148cf5dcc047cffc7a56a3bb5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/81af4137a30c4c2dc694dea8cacb180bd66000ef"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9a2d9d4e657b23dc21f24cf139e3aeff0b61341f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a6ae4511c07b91f597e461406c6330f0d4ff810e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c502fa9f094cb03d1d1685c71e2105ab359bc2b8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/df4601653201de21b487c3e7fffd464790cab808"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QCFF-4J87-MV7G

Vulnerability from github – Published: 2025-03-17 18:31 – Updated: 2025-03-17 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

pinctrl: renesas: core: Fix possible null-ptr-deref in sh_pfc_map_resources()

It will cause null-ptr-deref when using 'res', if platform_get_resource() returns NULL, so move using 'res' after devm_ioremap_resource() that will check it to avoid null-ptr-deref. And use devm_platform_get_and_ioremap_resource() to simplify code.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49445"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:20Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: renesas: core: Fix possible null-ptr-deref in sh_pfc_map_resources()\n\nIt will cause null-ptr-deref when using \u0027res\u0027, if platform_get_resource()\nreturns NULL, so move using \u0027res\u0027 after devm_ioremap_resource() that\nwill check it to avoid null-ptr-deref.\nAnd use devm_platform_get_and_ioremap_resource() to simplify code.",
  "id": "GHSA-qcff-4j87-mv7g",
  "modified": "2025-03-17T18:31:47Z",
  "published": "2025-03-17T18:31:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49445"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5376e3d904532e657fd7ca1a9b1ff3d351527b90"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5ed0519d425619b435150372cce2ffeec71581fa"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e3a1ad8fd0ac11f4fa1260c23b5db71a25473254"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f991879762392c19661af5b722578089a12b305f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fb4f022b3ad1f3ff3cafdbc7d51896090ae17701"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QCM7-VMFG-H8XW

Vulnerability from github – Published: 2024-09-04 21:30 – Updated: 2024-12-09 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute

[Why] When unplug one of monitors connected after mst hub, encounter null pointer dereference.

It's due to dc_sink get released immediately in early_unregister() or detect_ctx(). When commit new state which directly referring to info stored in dc_sink will cause null pointer dereference.

[how] Remove redundant checking condition. Relevant condition should already be covered by checking if dsc_aux is null or not. Also reset dsc_aux to NULL when the connector is disconnected.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-44955"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-04T19:15:30Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Don\u0027t refer to dc_sink in is_dsc_need_re_compute\n\n[Why]\nWhen unplug one of monitors connected after mst hub, encounter null pointer dereference.\n\nIt\u0027s due to dc_sink get released immediately in early_unregister() or detect_ctx(). When\ncommit new state which directly referring to info stored in dc_sink will cause null pointer\ndereference.\n\n[how]\nRemove redundant checking condition. Relevant condition should already be covered by checking\nif dsc_aux is null or not. Also reset dsc_aux to NULL when the connector is disconnected.",
  "id": "GHSA-qcm7-vmfg-h8xw",
  "modified": "2024-12-09T15:31:33Z",
  "published": "2024-09-04T21:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44955"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/39b217193729aa45eded8de24d9245468a0c0263"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c7e65cab54a89f4df54110f0b44c4ade93d1a911"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fcf6a49d79923a234844b8efe830a61f3f0584e4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QCMJ-VF57-9376

Vulnerability from github – Published: 2022-05-14 02:01 – Updated: 2022-05-14 02:01
VLAI
Details

JerryScript version Tested on commit f86d7459d195c8ba58479d1861b0cc726c8b3793. Analysing history it seems that the issue has been present since commit 64a340ffeb8809b2b66bbe32fd443a8b79fdd860 contains a CWE-476: NULL Pointer Dereference vulnerability in Triggering undefined behavior at jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-typedarray-prototype.c:598 (passing NULL to memcpy as 2nd argument) results in null pointer dereference (segfault) at jerry-core/jmem/jmem-heap.c:463 that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute specially crafted javascript code. This vulnerability appears to have been fixed in after commit 87897849f6879df10e8ad68a41bf8cf507edf710.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-1000636"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-08-20T19:31:00Z",
    "severity": "MODERATE"
  },
  "details": "JerryScript version Tested on commit f86d7459d195c8ba58479d1861b0cc726c8b3793. Analysing history it seems that the issue has been present since commit 64a340ffeb8809b2b66bbe32fd443a8b79fdd860 contains a CWE-476: NULL Pointer Dereference vulnerability in Triggering undefined behavior at jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-typedarray-prototype.c:598 (passing NULL to memcpy as 2nd argument) results in null pointer dereference (segfault) at jerry-core/jmem/jmem-heap.c:463 that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute specially crafted javascript code. This vulnerability appears to have been fixed in after commit 87897849f6879df10e8ad68a41bf8cf507edf710.",
  "id": "GHSA-qcmj-vf57-9376",
  "modified": "2022-05-14T02:01:21Z",
  "published": "2022-05-14T02:01:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000636"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jerryscript-project/jerryscript/issues/2435"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QCP2-5RV3-RR4W

Vulnerability from github – Published: 2022-05-17 00:35 – Updated: 2025-04-20 03:46
VLAI
Details

The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-14974"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-02T01:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.",
  "id": "GHSA-qcp2-5rv3-rr4w",
  "modified": "2025-04-20T03:46:06Z",
  "published": "2022-05-17T00:35:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14974"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22163"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=e70c19e3a4c26e9c1ebf0c9170d105039b56d7cf"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e70c19e3a4c26e9c1ebf0c9170d105039b56d7cf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.