CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-V4H5-8WCV-2MQ2
Vulnerability from github – Published: 2022-06-03 00:01 – Updated: 2022-06-11 00:00In libjpeg 1.63, there is a NULL pointer dereference in Component::SubXOf in component.hpp.
{
"affected": [],
"aliases": [
"CVE-2022-32201"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-02T14:16:00Z",
"severity": "MODERATE"
},
"details": "In libjpeg 1.63, there is a NULL pointer dereference in Component::SubXOf in component.hpp.",
"id": "GHSA-v4h5-8wcv-2mq2",
"modified": "2022-06-11T00:00:28Z",
"published": "2022-06-03T00:01:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32201"
},
{
"type": "WEB",
"url": "https://github.com/thorfdbg/libjpeg/issues/73"
},
{
"type": "WEB",
"url": "https://github.com/thorfdbg/libjpeg/commit/ea6315164b1649ff932a396b7600eac4bffcfaba"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V4MP-339H-9W7F
Vulnerability from github – Published: 2022-05-13 01:13 – Updated: 2022-05-13 01:13asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file.
{
"affected": [],
"aliases": [
"CVE-2018-16517"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-06T23:29:00Z",
"severity": "MODERATE"
},
"details": "asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file.",
"id": "GHSA-v4mp-339h-9w7f",
"modified": "2022-05-13T01:13:42Z",
"published": "2022-05-13T01:13:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16517"
},
{
"type": "WEB",
"url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392513"
},
{
"type": "WEB",
"url": "https://fakhrizulkifli.github.io/CVE-2018-16517.html"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/46726"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/152566/Netwide-Assembler-NASM-2.14rc15-Null-Pointer-Dereference.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V4PR-W75G-WFRF
Vulnerability from github – Published: 2026-03-06 18:31 – Updated: 2026-03-19 15:31GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns early due to parsing errors, the internal all_relocations array may remain partially uninitialized. Later, process_got_section_contents() may attempt to free an invalid r_symbol pointer, triggering memory corruption checks in glibc and causing the program to terminate with SIGABRT. No evidence of further memory corruption or code execution was observed; the impact is limited to denial of service.
{
"affected": [],
"aliases": [
"CVE-2025-69651"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-06T18:16:16Z",
"severity": "MODERATE"
},
"details": "GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns early due to parsing errors, the internal all_relocations array may remain partially uninitialized. Later, process_got_section_contents() may attempt to free an invalid r_symbol pointer, triggering memory corruption checks in glibc and causing the program to terminate with SIGABRT. No evidence of further memory corruption or code execution was observed; the impact is limited to denial of service.",
"id": "GHSA-v4pr-w75g-wfrf",
"modified": "2026-03-19T15:31:10Z",
"published": "2026-03-06T18:31:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69651"
},
{
"type": "WEB",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33698"
},
{
"type": "WEB",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33700"
},
{
"type": "WEB",
"url": "https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=81e90cf63a10ad11772c2437c8f2a88f1a00c739"
},
{
"type": "WEB",
"url": "https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=ea4bc025abdba85a90e26e13f551c16a44bfa92"
},
{
"type": "WEB",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea4bc025abdba85a90e26e13f551c16a44bfa921"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V4V7-F2QJ-8939
Vulnerability from github – Published: 2022-03-22 00:00 – Updated: 2022-03-29 00:01The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases. This can lead to a NULL pointer dereference.
{
"affected": [],
"aliases": [
"CVE-2021-45117"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-21T15:15:00Z",
"severity": "MODERATE"
},
"details": "The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases. This can lead to a NULL pointer dereference.",
"id": "GHSA-v4v7-f2qj-8939",
"modified": "2022-03-29T00:01:27Z",
"published": "2022-03-22T00:00:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45117"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-285795.pdf"
},
{
"type": "WEB",
"url": "https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2021-45117.pdf"
},
{
"type": "WEB",
"url": "https://www.youtube.com/watch?v=qv-RBdCaV4k"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V4VV-7V49-M3WG
Vulnerability from github – Published: 2024-09-13 09:30 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
KVM: arm64: Make ICC_SGI_EL1 undef in the absence of a vGICv3
On a system with a GICv3, if a guest hasn't been configured with GICv3 and that the host is not capable of GICv2 emulation, a write to any of the ICC_SGI_EL1 registers is trapped to EL2.
We therefore try to emulate the SGI access, only to hit a NULL pointer as no private interrupt is allocated (no GIC, remember?).
The obvious fix is to give the guest what it deserves, in the shape of a UNDEF exception.
{
"affected": [],
"aliases": [
"CVE-2024-46707"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-13T07:15:05Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3\n\nOn a system with a GICv3, if a guest hasn\u0027t been configured with\nGICv3 and that the host is not capable of GICv2 emulation,\na write to any of the ICC_*SGI*_EL1 registers is trapped to EL2.\n\nWe therefore try to emulate the SGI access, only to hit a NULL\npointer as no private interrupt is allocated (no GIC, remember?).\n\nThe obvious fix is to give the guest what it deserves, in the\nshape of a UNDEF exception.",
"id": "GHSA-v4vv-7v49-m3wg",
"modified": "2025-11-04T00:31:25Z",
"published": "2024-09-13T09:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46707"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/15818af2f7aa55eff375333cb7689df15d3f24ef"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2073132f6ed3079369e857a8deb33d11bdd983bc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3e6245ebe7ef341639e9a7e402b3ade8ad45a19f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/94d4fbad01b19ec5eab3d6b50aaec4f9db8b2d8d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/96b076e8ee5bc3a1126848c8add0f74bd30dc9d1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9d7629bec5c3f80bd0e3bf8103c06a2f7046bd92"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V4X5-CCFV-7685
Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2024-04-04 00:42An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c.
{
"affected": [],
"aliases": [
"CVE-2019-12218"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-05-20T17:29:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c.",
"id": "GHSA-v4x5-ccfv-7685",
"modified": "2024-04-04T00:42:47Z",
"published": "2022-05-24T16:46:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12218"
},
{
"type": "WEB",
"url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4620"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6FDFPYUJ7YPY3XB5U75VJHBSVRVIKO"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJ2VRD57UOBT72JUC2DIFHEFCH4N64SW"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4238-1"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V524-RC9G-RQ8G
Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-16 15:33In the Linux kernel, the following vulnerability has been resolved:
remoteproc: xlnx: Only access buffer information if IPI is buffered
In the receive callback check if message is NULL to prevent possibility of crash by NULL pointer dereferencing.
{
"affected": [],
"aliases": [
"CVE-2026-46016"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-27T14:17:20Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: xlnx: Only access buffer information if IPI is buffered\n\nIn the receive callback check if message is NULL to prevent\npossibility of crash by NULL pointer dereferencing.",
"id": "GHSA-v524-rc9g-rq8g",
"modified": "2026-06-16T15:33:41Z",
"published": "2026-05-27T15:33:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46016"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/06d0bed2552fd0dae27d374d4492a2b672e24eed"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/38dd6ccfdfbbe865569a52fe1ba9fa1478f672e6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5d1451cb2cf6f3d9884d76035a1460aa9bb4b053"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7ddbf21116770b7011f2bb0a6056b7604b24c497"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8242579859a78c801bb626e9aa4823aca93e28e7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V537-5483-5JM6
Vulnerability from github – Published: 2025-05-08 00:31 – Updated: 2025-05-08 00:31When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
{
"affected": [],
"aliases": [
"CVE-2025-41414"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-07T22:15:20Z",
"severity": "HIGH"
},
"details": "When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate.\u00a0\n\n \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated",
"id": "GHSA-v537-5483-5jm6",
"modified": "2025-05-08T00:31:12Z",
"published": "2025-05-08T00:31:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41414"
},
{
"type": "WEB",
"url": "https://my.f5.com/manage/s/article/K000140968"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-V547-M6PG-PF7W
Vulnerability from github – Published: 2026-05-07 06:31 – Updated: 2026-05-07 06:31An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view.
When resolving a view, the server inspects the aggregation pipeline to determine whether it begins with an Atlas Search stage. For $rankFusion and $scoreFusion, this inspection reads the first element on each stage’s input pipeline array without first verifying that the array is non-empty. Supplying an empty pipeline causes a null pointer dereference and crashes the server.
This issue affects MongoDB Server 8.2 versions prior to 8.2.7.
{
"affected": [],
"aliases": [
"CVE-2026-8063"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-07T06:16:05Z",
"severity": "HIGH"
},
"details": "An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view.\n\nWhen resolving a view, the server inspects the aggregation pipeline to determine whether it begins with an Atlas Search stage. For $rankFusion and $scoreFusion, this inspection reads the first element on each stage\u2019s input pipeline array without first verifying that the array is non-empty. Supplying an empty pipeline causes a null pointer dereference and crashes the server.\n\nThis issue affects MongoDB Server 8.2 versions\u00a0prior to 8.2.7.",
"id": "GHSA-v547-m6pg-pf7w",
"modified": "2026-05-07T06:31:43Z",
"published": "2026-05-07T06:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8063"
},
{
"type": "WEB",
"url": "https://jira.mongodb.org/browse/SERVER-121851"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-V55H-FMCQ-HV7V
Vulnerability from github – Published: 2024-12-27 12:30 – Updated: 2024-12-27 12:30There is a NULL pointer dereference vulnerability in some Huawei products. An attacker may send specially crafted POST messages to the affected products. Due to insufficient validation of some parameter in the message, successful exploit may cause some process abnormal. (Vulnerability ID: HWPSIRT-2017-10105)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9085.
{
"affected": [],
"aliases": [
"CVE-2020-9085"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T10:15:12Z",
"severity": "MODERATE"
},
"details": "There is a NULL pointer dereference vulnerability in some Huawei products. An attacker may send specially crafted POST messages to the affected products. Due to insufficient validation of some parameter in the message, successful exploit may cause some process abnormal. (Vulnerability ID: HWPSIRT-2017-10105)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9085.",
"id": "GHSA-v55h-fmcq-hv7v",
"modified": "2024-12-27T12:30:35Z",
"published": "2024-12-27T12:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9085"
},
{
"type": "WEB",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-01-pointer_en"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.