CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-QCQ5-35C7-7HVW
Vulnerability from github – Published: 2022-05-14 00:58 – Updated: 2022-05-14 00:58An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service.
{
"affected": [],
"aliases": [
"CVE-2018-19432"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-11-22T05:29:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service.",
"id": "GHSA-qcq5-35c7-7hvw",
"modified": "2022-05-14T00:58:33Z",
"published": "2022-05-14T00:58:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19432"
},
{
"type": "WEB",
"url": "https://github.com/erikd/libsndfile/issues/427"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4013-1"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105996"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QCWM-W563-M65J
Vulnerability from github – Published: 2022-05-14 01:14 – Updated: 2025-04-20 03:44In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function paste_tokens() in preproc.c, aka a NULL pointer dereference. It will lead to remote denial of service.
{
"affected": [],
"aliases": [
"CVE-2017-14228"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-09-09T08:29:00Z",
"severity": "MODERATE"
},
"details": "In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function paste_tokens() in preproc.c, aka a NULL pointer dereference. It will lead to remote denial of service.",
"id": "GHSA-qcwm-w563-m65j",
"modified": "2025-04-20T03:44:35Z",
"published": "2022-05-14T01:14:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14228"
},
{
"type": "WEB",
"url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392423"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201903-19"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3694-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QF5Q-FM5C-HC2P
Vulnerability from github – Published: 2024-10-21 18:30 – Updated: 2024-10-28 18:31In the Linux kernel, the following vulnerability has been resolved:
bpftool: Fix undefined behavior in qsort(NULL, 0, ...)
When netfilter has no entry to display, qsort is called with qsort(NULL, 0, ...). This results in undefined behavior, as UBSan reports:
net.c:827:2: runtime error: null pointer passed as argument 1, which is declared to never be null
Although the C standard does not explicitly state whether calling qsort with a NULL pointer when the size is 0 constitutes undefined behavior, Section 7.1.4 of the C standard (Use of library functions) mentions:
"Each of the following statements applies unless explicitly stated otherwise in the detailed descriptions that follow: If an argument to a function has an invalid value (such as a value outside the domain of the function, or a pointer outside the address space of the program, or a null pointer, or a pointer to non-modifiable storage when the corresponding parameter is not const-qualified) or a type (after promotion) not expected by a function with variable number of arguments, the behavior is undefined."
To avoid this, add an early return when nf_link_info is NULL to prevent calling qsort with a NULL pointer.
{
"affected": [],
"aliases": [
"CVE-2024-49987"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T18:15:19Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpftool: Fix undefined behavior in qsort(NULL, 0, ...)\n\nWhen netfilter has no entry to display, qsort is called with\nqsort(NULL, 0, ...). This results in undefined behavior, as UBSan\nreports:\n\nnet.c:827:2: runtime error: null pointer passed as argument 1, which is declared to never be null\n\nAlthough the C standard does not explicitly state whether calling qsort\nwith a NULL pointer when the size is 0 constitutes undefined behavior,\nSection 7.1.4 of the C standard (Use of library functions) mentions:\n\n\"Each of the following statements applies unless explicitly stated\notherwise in the detailed descriptions that follow: If an argument to a\nfunction has an invalid value (such as a value outside the domain of\nthe function, or a pointer outside the address space of the program, or\na null pointer, or a pointer to non-modifiable storage when the\ncorresponding parameter is not const-qualified) or a type (after\npromotion) not expected by a function with variable number of\narguments, the behavior is undefined.\"\n\nTo avoid this, add an early return when nf_link_info is NULL to prevent\ncalling qsort with a NULL pointer.",
"id": "GHSA-qf5q-fm5c-hc2p",
"modified": "2024-10-28T18:31:39Z",
"published": "2024-10-21T18:30:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49987"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2e0f6f33f2aa87493b365a38a8fd87b8854b7734"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c208b02827eb642758cef65641995fd3f38c89af"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c2d9f9a7837ab29ccae0c42252f17d436bf0a501"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f04e2ad394e2755d0bb2d858ecb5598718bf00d5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QF9H-WVGW-CQH6
Vulnerability from github – Published: 2025-04-01 18:30 – Updated: 2025-11-03 21:33In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params
Null pointer dereference issue could occur when pipe_ctx->plane_state is null. The fix adds a check to ensure 'pipe_ctx->plane_state' is not null before accessing. This prevents a null pointer dereference.
Found by code review.
(cherry picked from commit 63e6a77ccf239337baa9b1e7787cde9fa0462092)
{
"affected": [],
"aliases": [
"CVE-2025-21941"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-01T16:15:24Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix null check for pipe_ctx-\u003eplane_state in resource_build_scaling_params\n\nNull pointer dereference issue could occur when pipe_ctx-\u003eplane_state\nis null. The fix adds a check to ensure \u0027pipe_ctx-\u003eplane_state\u0027 is not\nnull before accessing. This prevents a null pointer dereference.\n\nFound by code review.\n\n(cherry picked from commit 63e6a77ccf239337baa9b1e7787cde9fa0462092)",
"id": "GHSA-qf9h-wvgw-cqh6",
"modified": "2025-11-03T21:33:24Z",
"published": "2025-04-01T18:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21941"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/265422915416468ba91bffa56addbff45e18342a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3748fad09d89e9a5290e1738fd6872a79f794743"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/374c9faac5a763a05bc3f68ad9f73dab3c6aec90"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3b3c2be58d5275aa59d8b4810a59f173f2f5bac1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c1e54752dc12e90305eb0475ca908f42f5b369ca"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e0345c3478f185ca840daac7f08a1fcd4ebec3e9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f435192e00bc4d5d4134356b93212670ec47fa8d"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QFJ5-RCVF-98CF
Vulnerability from github – Published: 2025-05-13 18:30 – Updated: 2025-05-13 18:30Animate versions 24.0.8, 23.0.11 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2025-30329"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-13T18:15:39Z",
"severity": "MODERATE"
},
"details": "Animate versions 24.0.8, 23.0.11 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-qfj5-rcvf-98cf",
"modified": "2025-05-13T18:30:58Z",
"published": "2025-05-13T18:30:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30329"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/animate/apsb25-42.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QFM5-V3G4-XR9M
Vulnerability from github – Published: 2022-05-14 01:52 – Updated: 2022-05-14 01:52An issue has been found in libIEC61850 v1.3. It is a NULL pointer dereference in ClientDataSet_getValues in client/ied_connection.c.
{
"affected": [],
"aliases": [
"CVE-2018-18937"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-11-05T09:29:00Z",
"severity": "HIGH"
},
"details": "An issue has been found in libIEC61850 v1.3. It is a NULL pointer dereference in ClientDataSet_getValues in client/ied_connection.c.",
"id": "GHSA-qfm5-v3g4-xr9m",
"modified": "2022-05-14T01:52:00Z",
"published": "2022-05-14T01:52:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18937"
},
{
"type": "WEB",
"url": "https://github.com/mz-automation/libiec61850/issues/82"
},
{
"type": "WEB",
"url": "https://github.com/fouzhe/security/tree/master/libiec61850#segv-in-function-clientdataset_getvalues"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QFPM-Q7VW-VGQQ
Vulnerability from github – Published: 2025-03-10 21:31 – Updated: 2025-03-10 21:31In the Linux kernel, the following vulnerability has been resolved:
ALSA: jack: Access input_dev under mutex
It is possible when using ASoC that input_dev is unregistered while calling snd_jack_report, which causes NULL pointer dereference. In order to prevent this serialize access to input_dev using mutex lock.
{
"affected": [],
"aliases": [
"CVE-2022-49538"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:29Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: jack: Access input_dev under mutex\n\nIt is possible when using ASoC that input_dev is unregistered while\ncalling snd_jack_report, which causes NULL pointer dereference.\nIn order to prevent this serialize access to input_dev using mutex lock.",
"id": "GHSA-qfpm-q7vw-vgqq",
"modified": "2025-03-10T21:31:09Z",
"published": "2025-03-10T21:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49538"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1b6a6fc5280e97559287b61eade2d4b363e836f2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/582aea6084cc59fec881204f026816d1219f2348"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5cc6f623f4818c7d7e9e966a45ebf324901ca9c5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/74bab3bcf422593c582e47130aa8eb41ebb2dc09"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8487a88136d54a1a4d3f26f1399685db648ab879"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9e6a73b0c0f2014eb89249fb1640c5a3d58221c4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c093b62c40027c21d649c5534ad7aa3605a99b00"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e2b8681769f6e205382f026b907d28aa5ec9d59a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f68bed124c7699e23ffb4ce4fcc84671e9193cde"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QFV4-QXW7-G29F
Vulnerability from github – Published: 2026-01-13 18:31 – Updated: 2026-07-14 15:31In the Linux kernel, the following vulnerability has been resolved:
ip6_gre: make ip6gre_header() robust
Over the years, syzbot found many ways to crash the kernel in ip6gre_header() [1].
This involves team or bonding drivers ability to dynamically change their dev->needed_headroom and/or dev->hard_header_len
In this particular crash mld_newpack() allocated an skb with a too small reserve/headroom, and by the time mld_sendpack() was called, syzbot managed to attach an ip6gre device.
[1] skbuff: skb_under_panic: text:ffffffff8a1d69a8 len:136 put:40 head:ffff888059bc7000 data:ffff888059bc6fe8 tail:0x70 end:0x6c0 dev:team0 ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:213 ! skb_under_panic net/core/skbuff.c:223 [inline] skb_push+0xc3/0xe0 net/core/skbuff.c:2641 ip6gre_header+0xc8/0x790 net/ipv6/ip6_gre.c:1371 dev_hard_header include/linux/netdevice.h:3436 [inline] neigh_connected_output+0x286/0x460 net/core/neighbour.c:1618 neigh_output include/net/neighbour.h:556 [inline] ip6_finish_output2+0xfb3/0x1480 net/ipv6/ip6_output.c:136 __ip6_finish_output net/ipv6/ip6_output.c:-1 [inline] ip6_finish_output+0x234/0x7d0 net/ipv6/ip6_output.c:220 NF_HOOK_COND include/linux/netfilter.h:307 [inline] ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247 NF_HOOK+0x9e/0x380 include/linux/netfilter.h:318 mld_sendpack+0x8d4/0xe60 net/ipv6/mcast.c:1855 mld_send_cr net/ipv6/mcast.c:2154 [inline] mld_ifc_work+0x83e/0xd60 net/ipv6/mcast.c:2693
{
"affected": [],
"aliases": [
"CVE-2025-71098"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-13T16:16:09Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nip6_gre: make ip6gre_header() robust\n\nOver the years, syzbot found many ways to crash the kernel\nin ip6gre_header() [1].\n\nThis involves team or bonding drivers ability to dynamically\nchange their dev-\u003eneeded_headroom and/or dev-\u003ehard_header_len\n\nIn this particular crash mld_newpack() allocated an skb\nwith a too small reserve/headroom, and by the time mld_sendpack()\nwas called, syzbot managed to attach an ip6gre device.\n\n[1]\nskbuff: skb_under_panic: text:ffffffff8a1d69a8 len:136 put:40 head:ffff888059bc7000 data:ffff888059bc6fe8 tail:0x70 end:0x6c0 dev:team0\n------------[ cut here ]------------\n kernel BUG at net/core/skbuff.c:213 !\n \u003cTASK\u003e\n skb_under_panic net/core/skbuff.c:223 [inline]\n skb_push+0xc3/0xe0 net/core/skbuff.c:2641\n ip6gre_header+0xc8/0x790 net/ipv6/ip6_gre.c:1371\n dev_hard_header include/linux/netdevice.h:3436 [inline]\n neigh_connected_output+0x286/0x460 net/core/neighbour.c:1618\n neigh_output include/net/neighbour.h:556 [inline]\n ip6_finish_output2+0xfb3/0x1480 net/ipv6/ip6_output.c:136\n __ip6_finish_output net/ipv6/ip6_output.c:-1 [inline]\n ip6_finish_output+0x234/0x7d0 net/ipv6/ip6_output.c:220\n NF_HOOK_COND include/linux/netfilter.h:307 [inline]\n ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247\n NF_HOOK+0x9e/0x380 include/linux/netfilter.h:318\n mld_sendpack+0x8d4/0xe60 net/ipv6/mcast.c:1855\n mld_send_cr net/ipv6/mcast.c:2154 [inline]\n mld_ifc_work+0x83e/0xd60 net/ipv6/mcast.c:2693",
"id": "GHSA-qfv4-qxw7-g29f",
"modified": "2026-07-14T15:31:31Z",
"published": "2026-01-13T18:31:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71098"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1717357007db150c2d703f13f5695460e960f26c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/17e7386234f740f3e7d5e58a47b5847ea34c3bc2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/41a1a3140aff295dee8063906f70a514548105e8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5fe210533e3459197eabfdbf97327dacbdc04d60"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/91a2b25be07ce1a7549ceebbe82017551d2eec92"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/adee129db814474f2f81207bd182bf343832a52e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/db5b4e39c4e63700c68a7e65fc4e1f1375273476"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QFXC-FJVG-2QGM
Vulnerability from github – Published: 2024-09-13 09:30 – Updated: 2024-09-19 15:30In the Linux kernel, the following vulnerability has been resolved:
drm/xe: reset mmio mappings with devm
Set our various mmio mappings to NULL. This should make it easier to catch something rogue trying to mess with mmio after device removal. For example, we might unmap everything and then start hitting some mmio address which has already been unmamped by us and then remapped by something else, causing all kinds of carnage.
{
"affected": [],
"aliases": [
"CVE-2024-46705"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-13T07:15:05Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: reset mmio mappings with devm\n\nSet our various mmio mappings to NULL. This should make it easier to\ncatch something rogue trying to mess with mmio after device removal. For\nexample, we might unmap everything and then start hitting some mmio\naddress which has already been unmamped by us and then remapped by\nsomething else, causing all kinds of carnage.",
"id": "GHSA-qfxc-fjvg-2qgm",
"modified": "2024-09-19T15:30:49Z",
"published": "2024-09-13T09:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46705"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b1c9fbed3884d3883021d699c7cdf5253a65543a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c7117419784f612d59ee565145f722e8b5541fe6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QG37-G6PV-G327
Vulnerability from github – Published: 2022-05-05 00:29 – Updated: 2023-12-13 15:30slim has NULL pointer dereference when using crypt() method from glibc 2.17
{
"affected": [],
"aliases": [
"CVE-2013-4412"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-11-04T13:15:00Z",
"severity": "MODERATE"
},
"details": "slim has NULL pointer dereference when using crypt() method from glibc 2.17",
"id": "GHSA-qg37-g6pv-g327",
"modified": "2023-12-13T15:30:54Z",
"published": "2022-05-05T00:29:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4412"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/cve-2013-4412"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4412"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89675"
},
{
"type": "WEB",
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4412"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2013/10/09/6"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/62906"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.