CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-94CV-F96H-HXFX
Vulnerability from github – Published: 2024-07-31 06:30 – Updated: 2025-09-30 12:30A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.
{
"affected": [],
"aliases": [
"CVE-2024-39948"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-31T04:15:05Z",
"severity": "HIGH"
},
"details": "A vulnerability has been found in Dahua products.\u00a0Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.",
"id": "GHSA-94cv-f96h-hxfx",
"modified": "2025-09-30T12:30:51Z",
"published": "2024-07-31T06:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39948"
},
{
"type": "WEB",
"url": "https://www.dahuasecurity.com/aboutUs/trustedCenter/details/768"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-94FG-6W87-3R57
Vulnerability from github – Published: 2022-05-24 19:14 – Updated: 2022-05-24 19:14Possible null pointer dereference due to lack of validation check for passed pointer during key import in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
{
"affected": [],
"aliases": [
"CVE-2021-1935"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-09T08:15:00Z",
"severity": "MODERATE"
},
"details": "Possible null pointer dereference due to lack of validation check for passed pointer during key import in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
"id": "GHSA-94fg-6w87-3r57",
"modified": "2022-05-24T19:14:05Z",
"published": "2022-05-24T19:14:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1935"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/september-2021-bulletin"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-94M9-VHC7-HV4Q
Vulnerability from github – Published: 2026-03-17 15:36 – Updated: 2026-03-27 09:31NULL Pointer Dereference vulnerability in Softing Industrial Automation GmbH smartLink SW-HT (Webserver modules) allows HTTP DoS.This issue affects smartLink SW-HT: 1.43.
{
"affected": [],
"aliases": [
"CVE-2025-13406"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-17T15:16:15Z",
"severity": "MODERATE"
},
"details": "NULL Pointer Dereference vulnerability in Softing Industrial Automation GmbH smartLink SW-HT (Webserver modules) allows HTTP DoS.This issue affects smartLink SW-HT: 1.43.",
"id": "GHSA-94m9-vhc7-hv4q",
"modified": "2026-03-27T09:31:17Z",
"published": "2026-03-17T15:36:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13406"
},
{
"type": "WEB",
"url": "https://https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-13406.html"
},
{
"type": "WEB",
"url": "https://https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-13406.json"
},
{
"type": "WEB",
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-13406.html"
},
{
"type": "WEB",
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-13406.json"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:L/U:Red",
"type": "CVSS_V4"
}
]
}
GHSA-94MM-G2MV-8P7R
Vulnerability from github – Published: 2023-03-24 21:54 – Updated: 2023-03-30 16:59Impact
The function tf.raw_ops.LookupTableImportV2 cannot handle scalars in the values parameter and gives an NPE.
import tensorflow as tf
v = tf.Variable(1)
@tf.function(jit_compile=True)
def test():
func = tf.raw_ops.LookupTableImportV2
para={'table_handle': v.handle,'keys': [62.98910140991211, 94.36528015136719], 'values': -919}
y = func(**para)
return y
print(test())
Patches
We have patched the issue in GitHub commit 980b22536abcbbe1b4a5642fc940af33d8c19b69.
The fix will be included in TensorFlow 2.12. We will also cherrypick this commit on TensorFlow 2.11.1.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by r3pwnx of 360 AIVul Team
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.11.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.11.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.11.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-25672"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": true,
"github_reviewed_at": "2023-03-24T21:54:55Z",
"nvd_published_at": "2023-03-25T00:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\nThe function `tf.raw_ops.LookupTableImportV2` cannot handle scalars in the `values` parameter and gives an NPE.\n\n```python\nimport tensorflow as tf\n\nv = tf.Variable(1)\n\n@tf.function(jit_compile=True)\ndef test():\n func = tf.raw_ops.LookupTableImportV2\n para={\u0027table_handle\u0027: v.handle,\u0027keys\u0027: [62.98910140991211, 94.36528015136719], \u0027values\u0027: -919}\n\n y = func(**para)\n return y\n\nprint(test())\n```\n\n### Patches\nWe have patched the issue in GitHub commit [980b22536abcbbe1b4a5642fc940af33d8c19b69](https://github.com/tensorflow/tensorflow/commit/980b22536abcbbe1b4a5642fc940af33d8c19b69).\n\nThe fix will be included in TensorFlow 2.12. We will also cherrypick this commit on TensorFlow 2.11.1.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by r3pwnx of 360 AIVul Team\n",
"id": "GHSA-94mm-g2mv-8p7r",
"modified": "2023-03-30T16:59:14Z",
"published": "2023-03-24T21:54:55Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-94mm-g2mv-8p7r"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25672"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/980b22536abcbbe1b4a5642fc940af33d8c19b69"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "TensorFlow has Null Pointer Error in LookupTableImportV2"
}
GHSA-94QH-V8FX-3F78
Vulnerability from github – Published: 2024-03-21 03:36 – Updated: 2024-08-05 21:31In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was detected in the mmsServer_handleFileCloseRequest.c function of src/mms/iso_mms/server/mms_file_service.c. The vulnerability manifests as SEGV and causes the application to crash
{
"affected": [],
"aliases": [
"CVE-2024-28286"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-21T02:52:24Z",
"severity": "HIGH"
},
"details": "In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was detected in the mmsServer_handleFileCloseRequest.c function of src/mms/iso_mms/server/mms_file_service.c. The vulnerability manifests as SEGV and causes the application to crash",
"id": "GHSA-94qh-v8fx-3f78",
"modified": "2024-08-05T21:31:19Z",
"published": "2024-03-21T03:36:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28286"
},
{
"type": "WEB",
"url": "https://github.com/mz-automation/libiec61850/issues/496"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-94QW-585X-W26P
Vulnerability from github – Published: 2025-09-06 21:30 – Updated: 2025-09-06 21:30A NULL pointer dereference in AMD Crash Defender could allow an attacker to write a NULL output to a log file potentially resulting in a system crash and loss of availability.
{
"affected": [],
"aliases": [
"CVE-2025-0009"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-06T19:15:37Z",
"severity": "MODERATE"
},
"details": "A NULL pointer dereference in AMD Crash Defender could allow an attacker to write a NULL output to a log file potentially resulting in a system crash and loss of availability.",
"id": "GHSA-94qw-585x-w26p",
"modified": "2025-09-06T21:30:19Z",
"published": "2025-09-06T21:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0009"
},
{
"type": "WEB",
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6018.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-94RM-55CR-X675
Vulnerability from github – Published: 2022-05-06 00:00 – Updated: 2022-05-14 00:01GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to improper return value handling of GF_SKIP_BOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad.
{
"affected": [],
"aliases": [
"CVE-2022-29340"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-05T13:15:00Z",
"severity": "HIGH"
},
"details": "GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to improper return value handling of GF_SKIP_BOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad.",
"id": "GHSA-94rm-55cr-x675",
"modified": "2022-05-14T00:01:20Z",
"published": "2022-05-06T00:00:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29340"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/issues/2163"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/commit/37592ad86c6ca934d34740012213e467acc4a3b0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-953J-P37P-R755
Vulnerability from github – Published: 2026-01-23 18:31 – Updated: 2026-02-26 21:31In the Linux kernel, the following vulnerability has been resolved:
libceph: make free_choose_arg_map() resilient to partial allocation
free_choose_arg_map() may dereference a NULL pointer if its caller fails after a partial allocation.
For example, in decode_choose_args(), if allocation of arg_map->args fails, execution jumps to the fail label and free_choose_arg_map() is called. Since arg_map->size is updated to a non-zero value before memory allocation, free_choose_arg_map() will iterate over arg_map->args and dereference a NULL pointer.
To prevent this potential NULL pointer dereference and make free_choose_arg_map() more resilient, add checks for pointers before iterating.
{
"affected": [],
"aliases": [
"CVE-2026-22991"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-23T16:15:55Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: make free_choose_arg_map() resilient to partial allocation\n\nfree_choose_arg_map() may dereference a NULL pointer if its caller fails\nafter a partial allocation.\n\nFor example, in decode_choose_args(), if allocation of arg_map-\u003eargs\nfails, execution jumps to the fail label and free_choose_arg_map() is\ncalled. Since arg_map-\u003esize is updated to a non-zero value before memory\nallocation, free_choose_arg_map() will iterate over arg_map-\u003eargs and\ndereference a NULL pointer.\n\nTo prevent this potential NULL pointer dereference and make\nfree_choose_arg_map() more resilient, add checks for pointers before\niterating.",
"id": "GHSA-953j-p37p-r755",
"modified": "2026-02-26T21:31:27Z",
"published": "2026-01-23T18:31:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22991"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8081faaf089db5280c3be820948469f7c58ef8dd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/851241d3f78a5505224dc21c03d8692f530256b4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9b3730dabcf3764bfe3ff07caf55e641a0b45234"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c4c2152a858c0ce4d2bff6ca8c1d5b0ef9f2cbdf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e3fe30e57649c551757a02e1cad073c47e1e075e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ec1850f663da64842614c86b20fe734be070c2ba"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f21c3fdb96833aac2f533506899fe38c19cf49d5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-956P-F3RR-W9V3
Vulnerability from github – Published: 2023-11-14 21:30 – Updated: 2023-11-14 21:30Transient DOS in WLAN Firmware when firmware receives beacon including T2LM IE.
{
"affected": [],
"aliases": [
"CVE-2023-33056"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-07T06:15:11Z",
"severity": "HIGH"
},
"details": "Transient DOS in WLAN Firmware when firmware receives beacon including T2LM IE.",
"id": "GHSA-956p-f3rr-w9v3",
"modified": "2023-11-14T21:30:53Z",
"published": "2023-11-14T21:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33056"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/november-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9573-WPFG-J5FH
Vulnerability from github – Published: 2022-05-14 01:21 – Updated: 2025-04-20 03:34The IofCallDriver function in USBPcap 1.1.0.0 allows local users to gain privileges via a crafted 0x00090028 IOCTL call, which triggers a NULL pointer dereference.
{
"affected": [],
"aliases": [
"CVE-2017-6178"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-20T16:59:00Z",
"severity": "HIGH"
},
"details": "The IofCallDriver function in USBPcap 1.1.0.0 allows local users to gain privileges via a crafted 0x00090028 IOCTL call, which triggers a NULL pointer dereference.",
"id": "GHSA-9573-wpfg-j5fh",
"modified": "2025-04-20T03:34:31Z",
"published": "2022-05-14T01:21:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6178"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/41542"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/141526/USBPcap-1.1.0.0-Privilege-Escalation.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97026"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.