Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-R4W6-XFP9-GGJ2

Vulnerability from github – Published: 2024-07-12 15:31 – Updated: 2026-01-19 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool()

Clang static checker (scan-build) warning: net/ethtool/ioctl.c:line 2233, column 2 Called function pointer is null (null dereference).

Return '-EOPNOTSUPP' when 'ops->get_ethtool_phy_stats' is NULL to fix this typo error.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-40928"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-12T13:15:15Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool()\n\nClang static checker (scan-build) warning:\nnet/ethtool/ioctl.c:line 2233, column 2\nCalled function pointer is null (null dereference).\n\nReturn \u0027-EOPNOTSUPP\u0027 when \u0027ops-\u003eget_ethtool_phy_stats\u0027 is NULL to fix\nthis typo error.",
  "id": "GHSA-r4w6-xfp9-ggj2",
  "modified": "2026-01-19T15:30:31Z",
  "published": "2024-07-12T15:31:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40928"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0dcc53abf58d572d34c5313de85f607cd33fc691"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/25504f7fe60058b2a9553a9e424fb7dd9683843e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6548d543a27449a1a3d8079925de93f5764d6f22"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/92196be82a4eb61813833dc62876fd198ae51ab1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c3ba0557ab2ef15a3663e2fb9b1a3d628a8c3daa"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f9e57e7ca77393b5b7072800370370b02eaad0f8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R4X5-77VP-HGVG

Vulnerability from github – Published: 2023-08-16 18:30 – Updated: 2024-04-04 07:00
VLAI
Details

A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap.c in the journaling file system (JFS) in the Linux Kernel. This issue may allow a local attacker to crash the system due to a missing sanity check.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-4385"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-16T17:15:11Z",
    "severity": "MODERATE"
  },
  "details": "A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap.c in the journaling file system (JFS) in the Linux Kernel. This issue may allow a local attacker to crash the system due to a missing sanity check.",
  "id": "GHSA-r4x5-77vp-hgvg",
  "modified": "2024-04-04T07:00:11Z",
  "published": "2023-08-16T18:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4385"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/0d4837fdb796f99369cf7691d33de1b856bcaf1f"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2023-4385"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219272"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R527-4R6F-FJR3

Vulnerability from github – Published: 2025-04-17 21:30 – Updated: 2025-04-17 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe

platform_get_resource() may fail and return NULL, so we should better check it's return value to avoid a NULL pointer dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49392"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:15Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe\n\nplatform_get_resource() may fail and return NULL, so we should\nbetter check it\u0027s return value to avoid a NULL pointer dereference.",
  "id": "GHSA-r527-4r6f-fjr3",
  "modified": "2025-04-17T21:30:44Z",
  "published": "2025-04-17T21:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49392"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0e0fd55719fa081de6f9e5d9e6cef48efb04d34a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/90a6b6fc52bfdcfe9698454bf5bea26112abbcd1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/923d34ce069e8e51a4d003caa6b66a8cd6ecd0ed"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d5f1275f101e0e8a172d300d897f5a12e87e3485"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R529-G827-7GF5

Vulnerability from github – Published: 2026-05-06 12:30 – Updated: 2026-05-08 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data()

We need to check __in6_dev_get() for possible NULL value, as suggested by Yiming Qian.

Also add skb_dst_dev_rcu() instead of skb_dst_dev(), and two missing READ_ONCE().

Note that @dev can't be NULL.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-43101"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-06T10:16:23Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data()\n\nWe need to check __in6_dev_get() for possible NULL value, as\nsuggested by Yiming Qian.\n\nAlso add skb_dst_dev_rcu() instead of skb_dst_dev(),\nand two missing READ_ONCE().\n\nNote that @dev can\u0027t be NULL.",
  "id": "GHSA-r529-g827-7gf5",
  "modified": "2026-05-08T15:31:15Z",
  "published": "2026-05-06T12:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43101"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3719c234fa94c37c955b1ecd3742ef280ec135e6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4198aab6f000b4febb18ea820fea20634dd789c7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4e65a8b8daa18d63255ec58964dd192c7fdd9f8b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R54V-H92M-5V94

Vulnerability from github – Published: 2022-05-14 00:57 – Updated: 2022-05-14 00:57
VLAI
Details

The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a NULL pointer dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-12648"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-06-22T13:29:00Z",
    "severity": "HIGH"
  },
  "details": "The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a NULL pointer dereference.",
  "id": "GHSA-r54v-h92m-5v94",
  "modified": "2022-05-14T00:57:26Z",
  "published": "2022-05-14T00:57:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12648"
    },
    {
      "type": "WEB",
      "url": "https://bugs.freedesktop.org/show_bug.cgi?id=106981"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00070.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00075.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R57G-7W2J-CXMF

Vulnerability from github – Published: 2025-07-10 09:32 – Updated: 2025-11-18 18:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

serial: jsm: fix NPE during jsm_uart_port_init

No device was set which caused serial_base_ctrl_add to crash.

BUG: kernel NULL pointer dereference, address: 0000000000000050 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 16 UID: 0 PID: 368 Comm: (udev-worker) Not tainted 6.12.25-amd64 #1 Debian 6.12.25-1 RIP: 0010:serial_base_ctrl_add+0x96/0x120 Call Trace: serial_core_register_port+0x1a0/0x580 ? __setup_irq+0x39c/0x660 ? __kmalloc_cache_noprof+0x111/0x310 jsm_uart_port_init+0xe8/0x180 [jsm] jsm_probe_one+0x1f4/0x410 [jsm] local_pci_probe+0x42/0x90 pci_device_probe+0x22f/0x270 really_probe+0xdb/0x340 ? pm_runtime_barrier+0x54/0x90 ? __pfxdriverattach+0x10/0x10 driver_probe_device+0x78/0x110 driver_probe_device+0x1f/0xa0 __driver_attach+0xba/0x1c0 bus_for_each_dev+0x8c/0xe0 bus_add_driver+0x112/0x1f0 driver_register+0x72/0xd0 jsm_init_module+0x36/0xff0 [jsm] ? __pfx_jsm_init_module+0x10/0x10 [jsm] do_one_initcall+0x58/0x310 do_init_module+0x60/0x230

Tested with Digi Neo PCIe 8 port card.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38265"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-10T08:15:24Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: jsm: fix NPE during jsm_uart_port_init\n\nNo device was set which caused serial_base_ctrl_add to crash.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000050\n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 16 UID: 0 PID: 368 Comm: (udev-worker) Not tainted 6.12.25-amd64 #1  Debian 6.12.25-1\n RIP: 0010:serial_base_ctrl_add+0x96/0x120\n Call Trace:\n  \u003cTASK\u003e\n  serial_core_register_port+0x1a0/0x580\n  ? __setup_irq+0x39c/0x660\n  ? __kmalloc_cache_noprof+0x111/0x310\n  jsm_uart_port_init+0xe8/0x180 [jsm]\n  jsm_probe_one+0x1f4/0x410 [jsm]\n  local_pci_probe+0x42/0x90\n  pci_device_probe+0x22f/0x270\n  really_probe+0xdb/0x340\n  ? pm_runtime_barrier+0x54/0x90\n  ? __pfx___driver_attach+0x10/0x10\n  __driver_probe_device+0x78/0x110\n  driver_probe_device+0x1f/0xa0\n  __driver_attach+0xba/0x1c0\n  bus_for_each_dev+0x8c/0xe0\n  bus_add_driver+0x112/0x1f0\n  driver_register+0x72/0xd0\n  jsm_init_module+0x36/0xff0 [jsm]\n  ? __pfx_jsm_init_module+0x10/0x10 [jsm]\n  do_one_initcall+0x58/0x310\n  do_init_module+0x60/0x230\n\nTested with Digi Neo PCIe 8 port card.",
  "id": "GHSA-r57g-7w2j-cxmf",
  "modified": "2025-11-18T18:32:48Z",
  "published": "2025-07-10T09:32:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38265"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3258d7ff8ebfa451426662b23e8f2b51b129afe1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/985961dd2688a527a4847300d41beaad475ab7af"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a14c0d2eb3f0b1836fdec22908b87ecffd2ac844"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/abaecb2a4ad021c2f2426e9b2a9c020aef57aca9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e3975aa899c0a3bbc10d035e699b142cd1373a71"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R58J-66XV-Q95W

Vulnerability from github – Published: 2025-06-11 18:35 – Updated: 2025-06-11 18:35
VLAI
Details

Null pointer exception vulnerabilities were reported in the fingerprint sensor service that could allow a local attacker to cause a denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-1698"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-11T17:15:41Z",
    "severity": "LOW"
  },
  "details": "Null pointer exception vulnerabilities were reported in the fingerprint sensor service that could allow a local attacker to cause a denial of service.",
  "id": "GHSA-r58j-66xv-q95w",
  "modified": "2025-06-11T18:35:43Z",
  "published": "2025-06-11T18:35:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1698"
    },
    {
      "type": "WEB",
      "url": "https://en-us.support.motorola.com/app/answers/detail/a_id/186728"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-R58R-MMGC-MR7F

Vulnerability from github – Published: 2026-01-26 03:30 – Updated: 2026-02-23 09:31
VLAI
Details

A vulnerability was identified in GPAC up to 2.4.0. Affected is the function gf_media_export_webvtt_metadata of the file src/media_tools/media_export.c. The manipulation of the argument Name leads to null pointer dereference. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is af951b892dfbaaa38336ba2eba6d6a42c25810fd. To fix this issue, it is recommended to deploy a patch.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-1415"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-404",
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-26T03:15:49Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was identified in GPAC up to 2.4.0. Affected is the function gf_media_export_webvtt_metadata of the file src/media_tools/media_export.c. The manipulation of the argument Name leads to null pointer dereference. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is af951b892dfbaaa38336ba2eba6d6a42c25810fd. To fix this issue, it is recommended to deploy a patch.",
  "id": "GHSA-r58r-mmgc-mr7f",
  "modified": "2026-02-23T09:31:22Z",
  "published": "2026-01-26T03:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1415"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/issues/3428"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/issues/3428#issue-3802223345"
    },
    {
      "type": "WEB",
      "url": "https://github.com/enocknt/gpac/commit/af951b892dfbaaa38336ba2eba6d6a42c25810fd"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.342804"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.342804"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.736541"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-R58X-7F7V-85GG

Vulnerability from github – Published: 2026-05-12 18:30 – Updated: 2026-05-12 18:30
VLAI
Details

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-40414"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-12T18:17:19Z",
    "severity": "HIGH"
  },
  "details": "Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.",
  "id": "GHSA-r58x-7f7v-85gg",
  "modified": "2026-05-12T18:30:45Z",
  "published": "2026-05-12T18:30:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40414"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40414"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R596-778H-JPPV

Vulnerability from github – Published: 2024-06-24 15:31 – Updated: 2024-10-30 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

PCI: of_property: Return error for int_map allocation failure

Return -ENOMEM from of_pci_prop_intr_map() if kcalloc() fails to prevent a NULL pointer dereference in this case.

[bhelgaas: commit log]

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-34030"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-24T14:15:11Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: of_property: Return error for int_map allocation failure\n\nReturn -ENOMEM from of_pci_prop_intr_map() if kcalloc() fails to prevent a\nNULL pointer dereference in this case.\n\n[bhelgaas: commit log]",
  "id": "GHSA-r596-778h-jppv",
  "modified": "2024-10-30T21:30:37Z",
  "published": "2024-06-24T15:31:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34030"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/598e4a37a2f8da9144ba1fab04320c32169b6d0d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b5f31d1470c4fdfae368feeb389768ba8d24fb34"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e6f7d27df5d208b50cae817a91d128fb434bb12c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.