Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-R8VG-FPVM-R7HH

Vulnerability from github – Published: 2025-01-23 03:30 – Updated: 2025-01-23 15:31
VLAI
Details

lunasvg v3.0.0 was discovered to contain a segmentation violation via the component blend_transformed_tiled_argb.isra.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-57719"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-23T01:15:26Z",
    "severity": "MODERATE"
  },
  "details": "lunasvg v3.0.0 was discovered to contain a segmentation violation via the component blend_transformed_tiled_argb.isra.0.",
  "id": "GHSA-r8vg-fpvm-r7hh",
  "modified": "2025-01-23T15:31:05Z",
  "published": "2025-01-23T03:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57719"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sammycage/lunasvg/issues/209"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keepinggg/poc/blob/main/poc_of_lunasvg_3.1.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R977-P9G8-M7HX

Vulnerability from github – Published: 2026-05-06 12:30 – Updated: 2026-07-04 12:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: Drop the lock in skb_may_tx_timestamp()

skb_may_tx_timestamp() may acquire sock::sk_callback_lock. The lock must not be taken in IRQ context, only softirq is okay. A few drivers receive the timestamp via a dedicated interrupt and complete the TX timestamp from that handler. This will lead to a deadlock if the lock is already write-locked on the same CPU.

Taking the lock can be avoided. The socket (pointed by the skb) will remain valid until the skb is released. The ->sk_socket and ->file member will be set to NULL once the user closes the socket which may happen before the timestamp arrives. If we happen to observe the pointer while the socket is closing but before the pointer is set to NULL then we may use it because both pointer (and the file's cred member) are RCU freed.

Drop the lock. Use READ_ONCE() to obtain the individual pointer. Add a matching WRITE_ONCE() where the pointer are cleared.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-43216"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-06T12:16:41Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Drop the lock in skb_may_tx_timestamp()\n\nskb_may_tx_timestamp() may acquire sock::sk_callback_lock. The lock must\nnot be taken in IRQ context, only softirq is okay. A few drivers receive\nthe timestamp via a dedicated interrupt and complete the TX timestamp\nfrom that handler. This will lead to a deadlock if the lock is already\nwrite-locked on the same CPU.\n\nTaking the lock can be avoided. The socket (pointed by the skb) will\nremain valid until the skb is released. The -\u003esk_socket and -\u003efile\nmember will be set to NULL once the user closes the socket which may\nhappen before the timestamp arrives.\nIf we happen to observe the pointer while the socket is closing but\nbefore the pointer is set to NULL then we may use it because both\npointer (and the file\u0027s cred member) are RCU freed.\n\nDrop the lock. Use READ_ONCE() to obtain the individual pointer. Add a\nmatching WRITE_ONCE() where the pointer are cleared.",
  "id": "GHSA-r977-p9g8-m7hx",
  "modified": "2026-07-04T12:30:27Z",
  "published": "2026-05-06T12:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43216"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/983512f3a87fd8dc4c94dfa6b596b6e57df5aad7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c770217044d9cbe16a1f7c385cf080ed06a2fc04"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e4c6efb3b70ff87f1df99efce2f8893717695718"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f3e4cceafad27c9363c33622732f86722846ec6f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R98C-6VFM-M459

Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-21 00:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

virtio-gpu: fix a missing check to avoid NULL dereference

'cache_ent' could be set NULL inside virtio_gpu_cmd_get_capset() and it will lead to a NULL dereference by a lately use of it (i.e., ptr = cache_ent->caps_cache). Fix it with a NULL check.

[ kraxel: minor codestyle fixup ]

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50181"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-18T11:15:48Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-gpu: fix a missing check to avoid NULL dereference\n\n\u0027cache_ent\u0027 could be set NULL inside virtio_gpu_cmd_get_capset()\nand it will lead to a NULL dereference by a lately use of it\n(i.e., ptr = cache_ent-\u003ecaps_cache). Fix it with a NULL check.\n\n\n[ kraxel: minor codestyle fixup ]",
  "id": "GHSA-r98c-6vfm-m459",
  "modified": "2025-11-21T00:30:18Z",
  "published": "2025-06-18T12:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50181"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/259773fc874258606c0121767a4a27466ff337eb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/367882a5a9448b5e1ba756125308092d614cb96c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/39caef09666c1d8274abf9472c72bcac236dc5fb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/adbdd21983fa292e53aec3eab97306b2961ea887"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bd63f11f4c3c46afec07d821f74736161ff6e526"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R9G8-XCJ8-CXJ6

Vulnerability from github – Published: 2025-10-03 21:30 – Updated: 2025-10-08 21:30
VLAI
Details

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.

We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-44010"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-03T19:15:42Z",
    "severity": "MODERATE"
  },
  "details": "A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following version:\nQsync Central 5.0.0.1 ( 2025/07/09 ) and later",
  "id": "GHSA-r9g8-xcj8-cxj6",
  "modified": "2025-10-08T21:30:23Z",
  "published": "2025-10-03T21:30:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-44010"
    },
    {
      "type": "WEB",
      "url": "https://www.qnap.com/en/security-advisory/qsa-25-34"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-R9M2-M646-569R

Vulnerability from github – Published: 2022-12-13 18:30 – Updated: 2022-12-15 18:30
VLAI
Details

A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-41279"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-13T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.8), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.4), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.",
  "id": "GHSA-r9m2-m646-569r",
  "modified": "2022-12-15T18:30:17Z",
  "published": "2022-12-13T18:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41279"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R9M4-7H5V-G8H8

Vulnerability from github – Published: 2024-11-12 21:30 – Updated: 2024-11-12 21:30
VLAI
Details

Substance3D - Painter versions 10.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-47439"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-12T20:15:10Z",
    "severity": "MODERATE"
  },
  "details": "Substance3D - Painter versions 10.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-r9m4-7h5v-g8h8",
  "modified": "2024-11-12T21:30:54Z",
  "published": "2024-11-12T21:30:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47439"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R9M7-7GG7-9PPR

Vulnerability from github – Published: 2024-11-19 18:31 – Updated: 2025-11-04 00:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported

acpi_evaluate_object() may return AE_NOT_FOUND (failure), which would result in dereferencing buffer.pointer (obj) while being NULL.

Although this case may be unrealistic for the current code, it is still better to protect against possible bugs.

Bail out also when status is AE_NOT_FOUND.

This fixes 1 FORWARD_NULL issue reported by Coverity Report: CID 1600951: Null pointer dereferences (FORWARD_NULL)

(cherry picked from commit 91c9e221fe2553edf2db71627d8453f083de87a1)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-53060"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-19T18:15:25Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: prevent NULL pointer dereference if ATIF is not supported\n\nacpi_evaluate_object() may return AE_NOT_FOUND (failure), which\nwould result in dereferencing buffer.pointer (obj) while being NULL.\n\nAlthough this case may be unrealistic for the current code, it is\nstill better to protect against possible bugs.\n\nBail out also when status is AE_NOT_FOUND.\n\nThis fixes 1 FORWARD_NULL issue reported by Coverity\nReport: CID 1600951:  Null pointer dereferences  (FORWARD_NULL)\n\n(cherry picked from commit 91c9e221fe2553edf2db71627d8453f083de87a1)",
  "id": "GHSA-r9m7-7gg7-9ppr",
  "modified": "2025-11-04T00:32:05Z",
  "published": "2024-11-19T18:31:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53060"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1a9f55ed5b512f510ccd21ad527d532e60550e80"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/27fc29b5376998c126c85cf9b15d9dfc2afc9cbe"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2ac7f253deada4d449559b65a1c1cd0a6f6f19b7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8d7a28eca7553d35d4ce192fa1f390f2357df41b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a613a392417532ca5aaf3deac6e3277aa7aaef2b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a6dd15981c03f2cdc9a351a278f09b5479d53d2e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b9d9881237afeb52eddd70077b7174bf17e2fa30"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ce8a00a00e36f61f5a1e47734332420b68784c43"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R9Q8-627R-9CJM

Vulnerability from github – Published: 2025-10-03 21:30 – Updated: 2025-10-08 21:30
VLAI
Details

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.

We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-52862"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-03T19:15:48Z",
    "severity": "MODERATE"
  },
  "details": "A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.6.3195 build 20250715 and later\nQuTS hero h5.2.6.3195 build 20250715 and later",
  "id": "GHSA-r9q8-627r-9cjm",
  "modified": "2025-10-08T21:30:24Z",
  "published": "2025-10-03T21:30:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52862"
    },
    {
      "type": "WEB",
      "url": "https://www.qnap.com/en/security-advisory/qsa-25-36"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-R9QM-GM5Q-GX7P

Vulnerability from github – Published: 2022-05-13 01:05 – Updated: 2022-05-13 01:05
VLAI
Details

The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a crafted RAR archive. NOTE: this may be the same as one of the several test cases in the CVE-2017-11189 references.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-14121"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-09-03T20:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a crafted RAR archive. NOTE: this may be the same as one of the several test cases in the CVE-2017-11189 references.",
  "id": "GHSA-r9qm-gm5q-gx7p",
  "modified": "2022-05-13T01:05:38Z",
  "published": "2022-05-13T01:05:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14121"
    },
    {
      "type": "WEB",
      "url": "https://bugs.debian.org/874061"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00026.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2017/08/20/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R9RP-XJ5X-XHGH

Vulnerability from github – Published: 2025-09-10 21:30 – Updated: 2025-09-10 21:30
VLAI
Details

An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) A null pointer dereference vulnerability in the input() constructor function allows an attacker to cause a denial of service. The vulnerability is triggered when the avio_alloc_context() call fails and returns NULL, which is then stored and later dereferenced by the Io struct's Drop implementation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-57613"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-02T16:15:40Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) A null pointer dereference vulnerability in the input() constructor function allows an attacker to cause a denial of service. The vulnerability is triggered when the avio_alloc_context() call fails and returns NULL, which is then stored and later dereferenced by the Io struct\u0027s Drop implementation.",
  "id": "GHSA-r9rp-xj5x-xhgh",
  "modified": "2025-09-10T21:30:18Z",
  "published": "2025-09-10T21:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57613"
    },
    {
      "type": "WEB",
      "url": "https://github.com/meh/rust-ffmpeg/issues/192"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.