CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-RHH4-P2QJ-259F
Vulnerability from github – Published: 2022-05-24 19:19 – Updated: 2022-05-24 19:19A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause kernel crash.
{
"affected": [],
"aliases": [
"CVE-2021-22462"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-28T13:15:00Z",
"severity": "MODERATE"
},
"details": "A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause kernel crash.",
"id": "GHSA-rhh4-p2qj-259f",
"modified": "2022-05-24T19:19:08Z",
"published": "2022-05-24T19:19:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22462"
},
{
"type": "WEB",
"url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202107-0000001123874808"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-RHHP-94CH-9RF5
Vulnerability from github – Published: 2024-11-09 12:30 – Updated: 2024-11-13 21:30In the Linux kernel, the following vulnerability has been resolved:
sock_map: fix a NULL pointer dereference in sock_map_link_update_prog()
The following race condition could trigger a NULL pointer dereference:
sock_map_link_detach(): sock_map_link_update_prog(): mutex_lock(&sockmap_mutex); ... sockmap_link->map = NULL; mutex_unlock(&sockmap_mutex); mutex_lock(&sockmap_mutex); ... sock_map_prog_link_lookup(sockmap_link->map); mutex_unlock(&sockmap_mutex);
Fix it by adding a NULL pointer check. In this specific case, it makes no sense to update a link which is being released.
{
"affected": [],
"aliases": [
"CVE-2024-50260"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-09T11:15:11Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsock_map: fix a NULL pointer dereference in sock_map_link_update_prog()\n\nThe following race condition could trigger a NULL pointer dereference:\n\nsock_map_link_detach():\t\tsock_map_link_update_prog():\n mutex_lock(\u0026sockmap_mutex);\n ...\n sockmap_link-\u003emap = NULL;\n mutex_unlock(\u0026sockmap_mutex);\n \t\t\t\t mutex_lock(\u0026sockmap_mutex);\n\t\t\t\t ...\n\t\t\t\t sock_map_prog_link_lookup(sockmap_link-\u003emap);\n\t\t\t\t mutex_unlock(\u0026sockmap_mutex);\n \u003ccontinue\u003e\n\nFix it by adding a NULL pointer check. In this specific case, it makes\nno sense to update a link which is being released.",
"id": "GHSA-rhhp-94ch-9rf5",
"modified": "2024-11-13T21:30:32Z",
"published": "2024-11-09T12:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50260"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/740be3b9a6d73336f8c7d540842d0831dc7a808b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9afe35fdda16e09d5bd3c49a68ba8c680dd678bd"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RHJ6-7P83-68FM
Vulnerability from github – Published: 2023-02-12 06:30 – Updated: 2023-02-21 21:30In log service, there is a missing permission check. This could lead to local denial of service in log service.
{
"affected": [],
"aliases": [
"CVE-2022-47359"
],
"database_specific": {
"cwe_ids": [
"CWE-476",
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-12T04:15:00Z",
"severity": "MODERATE"
},
"details": "In log service, there is a missing permission check. This could lead to local denial of service in log service.",
"id": "GHSA-rhj6-7p83-68fm",
"modified": "2023-02-21T21:30:19Z",
"published": "2023-02-12T06:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47359"
},
{
"type": "WEB",
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1621031430231134210"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RHJQ-JCF3-F32G
Vulnerability from github – Published: 2022-05-14 00:55 – Updated: 2022-05-14 00:55An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during allocation.
{
"affected": [],
"aliases": [
"CVE-2018-13093"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-03T10:29:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode-\u003ei_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during allocation.",
"id": "GHSA-rhjq-jcf3-f32g",
"modified": "2022-05-14T00:55:05Z",
"published": "2022-05-14T00:55:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13093"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/afca6c5b2595fc44383919fba740c194b0b76aff"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2029"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2043"
},
{
"type": "WEB",
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=199367"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git/commit/?h=for-next\u0026id=afca6c5b2595fc44383919fba740c194b0b76aff"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4094-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4118-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RHM9-MP58-V656
Vulnerability from github – Published: 2022-02-12 00:00 – Updated: 2023-04-19 18:31Possible null pointer dereference due to lack of WDOG structure validation during registration in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
{
"affected": [],
"aliases": [
"CVE-2021-35075"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-11T11:15:00Z",
"severity": "HIGH"
},
"details": "Possible null pointer dereference due to lack of WDOG structure validation during registration in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile",
"id": "GHSA-rhm9-mp58-v656",
"modified": "2023-04-19T18:31:05Z",
"published": "2022-02-12T00:00:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35075"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/february-2022-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RHW2-X7MX-CP6J
Vulnerability from github – Published: 2022-07-27 00:00 – Updated: 2022-07-29 00:00An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_string_char_code_at() in mjs.c.
{
"affected": [],
"aliases": [
"CVE-2021-33445"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-26T13:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_string_char_code_at() in mjs.c.",
"id": "GHSA-rhw2-x7mx-cp6j",
"modified": "2022-07-29T00:00:25Z",
"published": "2022-07-27T00:00:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33445"
},
{
"type": "WEB",
"url": "https://github.com/cesanta/mjs/issues/169"
},
{
"type": "WEB",
"url": "https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RHW8-Q53W-FWW5
Vulnerability from github – Published: 2022-05-14 01:00 – Updated: 2024-09-12 18:31In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service (href_att NULL pointer dereference and application crash) via a crafted svg file, as demonstrated by mupdf-gl.
{
"affected": [],
"aliases": [
"CVE-2018-19882"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-06T00:29:00Z",
"severity": "MODERATE"
},
"details": "In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service (href_att NULL pointer dereference and application crash) via a crafted svg file, as demonstrated by mupdf-gl.",
"id": "GHSA-rhw8-q53w-fww5",
"modified": "2024-09-12T18:31:38Z",
"published": "2022-05-14T01:00:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19882"
},
{
"type": "WEB",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=700342"
},
{
"type": "WEB",
"url": "https://github.com/TeamSeri0us/pocs/tree/master/mupdf/20181203"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNJNEX5EW6YH5OARXXSSXW4HHC5PIBSY"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SEK2EHVNREJ7XZMFF2MXRWKIF4IBHPNE"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CNJNEX5EW6YH5OARXXSSXW4HHC5PIBSY"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEK2EHVNREJ7XZMFF2MXRWKIF4IBHPNE"
},
{
"type": "WEB",
"url": "http://www.ghostscript.com/cgi-bin/findgit.cgi?a7f7d91cdff8d303c11d458fa8b802776f73c8cc"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RHX3-FG8P-F9M4
Vulnerability from github – Published: 2026-01-27 18:32 – Updated: 2026-01-29 15:30Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs.
Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Service.
Some applications call SSL_CIPHER_find() from the client_hello_cb callback on the cipher ID received from the peer. If this is done with an SSL object implementing the QUIC protocol, NULL pointer dereference will happen if the examined cipher ID is unknown or unsupported.
As it is not very common to call this function in applications using the QUIC protocol and the worst outcome is Denial of Service, the issue was assessed as Low severity.
The vulnerable code was introduced in the 3.2 version with the addition of the QUIC protocol support.
The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue, as the QUIC implementation is outside the OpenSSL FIPS module boundary.
OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.
OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.
{
"affected": [],
"aliases": [
"CVE-2025-15468"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-27T16:16:14Z",
"severity": "MODERATE"
},
"details": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.",
"id": "GHSA-rhx3-fg8p-f9m4",
"modified": "2026-01-29T15:30:27Z",
"published": "2026-01-27T18:32:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468"
},
{
"type": "WEB",
"url": "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65"
},
{
"type": "WEB",
"url": "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2"
},
{
"type": "WEB",
"url": "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4"
},
{
"type": "WEB",
"url": "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7"
},
{
"type": "WEB",
"url": "https://openssl-library.org/news/secadv/20260127.txt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RHX5-38HR-WVR9
Vulnerability from github – Published: 2026-04-22 15:31 – Updated: 2026-05-05 21:31In the Linux kernel, the following vulnerability has been resolved:
mm/damon/sysfs: check contexts->nr before accessing contexts_arr[0]
Multiple sysfs command paths dereference contexts_arr[0] without first verifying that kdamond->contexts->nr == 1. A user can set nr_contexts to 0 via sysfs while DAMON is running, causing NULL pointer dereferences.
In more detail, the issue can be triggered by privileged users like below.
First, start DAMON and make contexts directory empty (kdamond->contexts->nr == 0).
# damo start
# cd /sys/kernel/mm/damon/admin/kdamonds/0
# echo 0 > contexts/nr_contexts
Then, each of below commands will cause the NULL pointer dereference.
# echo update_schemes_stats > state
# echo update_schemes_tried_regions > state
# echo update_schemes_tried_bytes > state
# echo update_schemes_effective_quotas > state
# echo update_tuned_intervals > state
Guard all commands (except OFF) at the entry point of damon_sysfs_handle_cmd().
{
"affected": [],
"aliases": [
"CVE-2026-31458"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-22T14:16:41Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/sysfs: check contexts-\u003enr before accessing contexts_arr[0]\n\nMultiple sysfs command paths dereference contexts_arr[0] without first\nverifying that kdamond-\u003econtexts-\u003enr == 1. A user can set nr_contexts to\n0 via sysfs while DAMON is running, causing NULL pointer dereferences.\n\nIn more detail, the issue can be triggered by privileged users like\nbelow.\n\nFirst, start DAMON and make contexts directory empty\n(kdamond-\u003econtexts-\u003enr == 0).\n\n # damo start\n # cd /sys/kernel/mm/damon/admin/kdamonds/0\n # echo 0 \u003e contexts/nr_contexts\n\nThen, each of below commands will cause the NULL pointer dereference.\n\n # echo update_schemes_stats \u003e state\n # echo update_schemes_tried_regions \u003e state\n # echo update_schemes_tried_bytes \u003e state\n # echo update_schemes_effective_quotas \u003e state\n # echo update_tuned_intervals \u003e state\n\nGuard all commands (except OFF) at the entry point of\ndamon_sysfs_handle_cmd().",
"id": "GHSA-rhx5-38hr-wvr9",
"modified": "2026-05-05T21:31:16Z",
"published": "2026-04-22T15:31:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31458"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1bfe9fb5ed2667fb075682408b776b5273162615"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1e8da792672481d603fa7cd0d815577220a3ee27"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/708033c231bd782858f4ddbb46ee874a5a5fbdab"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/aba546061341b56e9ffb37e1eb661a3628b6ec12"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bbe03ad3fb9e714191757ca7b41582f930be7be2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RJ3X-QP7V-5VP5
Vulnerability from github – Published: 2025-10-27 03:30 – Updated: 2025-11-05 00:31A flaw has been found in Kamailio 5.5. The impacted element is the function rve_is_constant of the file src/core/rvalue.c. This manipulation causes null pointer dereference. The attack needs to be launched locally. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-12206"
],
"database_specific": {
"cwe_ids": [
"CWE-404",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-27T03:15:49Z",
"severity": "MODERATE"
},
"details": "A flaw has been found in Kamailio 5.5. The impacted element is the function rve_is_constant of the file src/core/rvalue.c. This manipulation causes null pointer dereference. The attack needs to be launched locally. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-rj3x-qp7v-5vp5",
"modified": "2025-11-05T00:31:30Z",
"published": "2025-10-27T03:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12206"
},
{
"type": "WEB",
"url": "https://shimo.im/docs/aBAYMVMB2jUP9jAj"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.329876"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.329876"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.673240"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2025/10/27/8"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2025/11/02/3"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/10/27/12"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/10/27/8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.