Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-94CV-F96H-HXFX

Vulnerability from github – Published: 2024-07-31 06:30 – Updated: 2025-09-30 12:30
VLAI
Details

A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-39948"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-31T04:15:05Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been found in Dahua products.\u00a0Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.",
  "id": "GHSA-94cv-f96h-hxfx",
  "modified": "2025-09-30T12:30:51Z",
  "published": "2024-07-31T06:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39948"
    },
    {
      "type": "WEB",
      "url": "https://www.dahuasecurity.com/aboutUs/trustedCenter/details/768"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-94FG-6W87-3R57

Vulnerability from github – Published: 2022-05-24 19:14 – Updated: 2022-05-24 19:14
VLAI
Details

Possible null pointer dereference due to lack of validation check for passed pointer during key import in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1935"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-09T08:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Possible null pointer dereference due to lack of validation check for passed pointer during key import in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
  "id": "GHSA-94fg-6w87-3r57",
  "modified": "2022-05-24T19:14:05Z",
  "published": "2022-05-24T19:14:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1935"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/september-2021-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-94M9-VHC7-HV4Q

Vulnerability from github – Published: 2026-03-17 15:36 – Updated: 2026-03-27 09:31
VLAI
Details

NULL Pointer Dereference vulnerability in Softing Industrial Automation GmbH smartLink SW-HT (Webserver modules) allows HTTP DoS.This issue affects smartLink SW-HT: 1.43.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-13406"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-17T15:16:15Z",
    "severity": "MODERATE"
  },
  "details": "NULL Pointer Dereference vulnerability in Softing Industrial Automation GmbH smartLink SW-HT (Webserver modules) allows HTTP DoS.This issue affects smartLink SW-HT: 1.43.",
  "id": "GHSA-94m9-vhc7-hv4q",
  "modified": "2026-03-27T09:31:17Z",
  "published": "2026-03-17T15:36:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13406"
    },
    {
      "type": "WEB",
      "url": "https://https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-13406.html"
    },
    {
      "type": "WEB",
      "url": "https://https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-13406.json"
    },
    {
      "type": "WEB",
      "url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-13406.html"
    },
    {
      "type": "WEB",
      "url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-13406.json"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:L/U:Red",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-94MM-G2MV-8P7R

Vulnerability from github – Published: 2023-03-24 21:54 – Updated: 2023-03-30 16:59
VLAI
Summary
TensorFlow has Null Pointer Error in LookupTableImportV2
Details

Impact

The function tf.raw_ops.LookupTableImportV2 cannot handle scalars in the values parameter and gives an NPE.

import tensorflow as tf

v = tf.Variable(1)

@tf.function(jit_compile=True)
def test():
   func = tf.raw_ops.LookupTableImportV2
   para={'table_handle': v.handle,'keys': [62.98910140991211, 94.36528015136719], 'values': -919}

   y = func(**para)
   return y

print(test())

Patches

We have patched the issue in GitHub commit 980b22536abcbbe1b4a5642fc940af33d8c19b69.

The fix will be included in TensorFlow 2.12. We will also cherrypick this commit on TensorFlow 2.11.1.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by r3pwnx of 360 AIVul Team

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.11.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.11.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.11.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-25672"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-03-24T21:54:55Z",
    "nvd_published_at": "2023-03-25T00:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nThe function `tf.raw_ops.LookupTableImportV2` cannot handle scalars in the `values` parameter and gives an NPE.\n\n```python\nimport tensorflow as tf\n\nv = tf.Variable(1)\n\n@tf.function(jit_compile=True)\ndef test():\n   func = tf.raw_ops.LookupTableImportV2\n   para={\u0027table_handle\u0027: v.handle,\u0027keys\u0027: [62.98910140991211, 94.36528015136719], \u0027values\u0027: -919}\n\n   y = func(**para)\n   return y\n\nprint(test())\n```\n\n### Patches\nWe have patched the issue in GitHub commit [980b22536abcbbe1b4a5642fc940af33d8c19b69](https://github.com/tensorflow/tensorflow/commit/980b22536abcbbe1b4a5642fc940af33d8c19b69).\n\nThe fix will be included in TensorFlow 2.12. We will also cherrypick this commit on TensorFlow 2.11.1.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by r3pwnx of 360 AIVul Team\n",
  "id": "GHSA-94mm-g2mv-8p7r",
  "modified": "2023-03-30T16:59:14Z",
  "published": "2023-03-24T21:54:55Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-94mm-g2mv-8p7r"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25672"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/commit/980b22536abcbbe1b4a5642fc940af33d8c19b69"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tensorflow/tensorflow"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "TensorFlow has Null Pointer Error in LookupTableImportV2"
}

GHSA-94QH-V8FX-3F78

Vulnerability from github – Published: 2024-03-21 03:36 – Updated: 2024-08-05 21:31
VLAI
Details

In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was detected in the mmsServer_handleFileCloseRequest.c function of src/mms/iso_mms/server/mms_file_service.c. The vulnerability manifests as SEGV and causes the application to crash

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-28286"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-21T02:52:24Z",
    "severity": "HIGH"
  },
  "details": "In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was detected in the mmsServer_handleFileCloseRequest.c function of src/mms/iso_mms/server/mms_file_service.c. The vulnerability manifests as SEGV and causes the application to crash",
  "id": "GHSA-94qh-v8fx-3f78",
  "modified": "2024-08-05T21:31:19Z",
  "published": "2024-03-21T03:36:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28286"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mz-automation/libiec61850/issues/496"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-94QW-585X-W26P

Vulnerability from github – Published: 2025-09-06 21:30 – Updated: 2025-09-06 21:30
VLAI
Details

A NULL pointer dereference in AMD Crash Defender could allow an attacker to write a NULL output to a log file potentially resulting in a system crash and loss of availability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-0009"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-06T19:15:37Z",
    "severity": "MODERATE"
  },
  "details": "A NULL pointer dereference in AMD Crash Defender could allow an attacker to write a NULL output to a log file potentially resulting in a system crash and loss of availability.",
  "id": "GHSA-94qw-585x-w26p",
  "modified": "2025-09-06T21:30:19Z",
  "published": "2025-09-06T21:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0009"
    },
    {
      "type": "WEB",
      "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6018.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-94RM-55CR-X675

Vulnerability from github – Published: 2022-05-06 00:00 – Updated: 2022-05-14 00:01
VLAI
Details

GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to improper return value handling of GF_SKIP_BOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-29340"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-05T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to improper return value handling of GF_SKIP_BOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad.",
  "id": "GHSA-94rm-55cr-x675",
  "modified": "2022-05-14T00:01:20Z",
  "published": "2022-05-06T00:00:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29340"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/issues/2163"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/commit/37592ad86c6ca934d34740012213e467acc4a3b0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-953J-P37P-R755

Vulnerability from github – Published: 2026-01-23 18:31 – Updated: 2026-02-26 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

libceph: make free_choose_arg_map() resilient to partial allocation

free_choose_arg_map() may dereference a NULL pointer if its caller fails after a partial allocation.

For example, in decode_choose_args(), if allocation of arg_map->args fails, execution jumps to the fail label and free_choose_arg_map() is called. Since arg_map->size is updated to a non-zero value before memory allocation, free_choose_arg_map() will iterate over arg_map->args and dereference a NULL pointer.

To prevent this potential NULL pointer dereference and make free_choose_arg_map() more resilient, add checks for pointers before iterating.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-22991"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-23T16:15:55Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: make free_choose_arg_map() resilient to partial allocation\n\nfree_choose_arg_map() may dereference a NULL pointer if its caller fails\nafter a partial allocation.\n\nFor example, in decode_choose_args(), if allocation of arg_map-\u003eargs\nfails, execution jumps to the fail label and free_choose_arg_map() is\ncalled. Since arg_map-\u003esize is updated to a non-zero value before memory\nallocation, free_choose_arg_map() will iterate over arg_map-\u003eargs and\ndereference a NULL pointer.\n\nTo prevent this potential NULL pointer dereference and make\nfree_choose_arg_map() more resilient, add checks for pointers before\niterating.",
  "id": "GHSA-953j-p37p-r755",
  "modified": "2026-02-26T21:31:27Z",
  "published": "2026-01-23T18:31:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22991"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8081faaf089db5280c3be820948469f7c58ef8dd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/851241d3f78a5505224dc21c03d8692f530256b4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9b3730dabcf3764bfe3ff07caf55e641a0b45234"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c4c2152a858c0ce4d2bff6ca8c1d5b0ef9f2cbdf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e3fe30e57649c551757a02e1cad073c47e1e075e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ec1850f663da64842614c86b20fe734be070c2ba"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f21c3fdb96833aac2f533506899fe38c19cf49d5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-956P-F3RR-W9V3

Vulnerability from github – Published: 2023-11-14 21:30 – Updated: 2023-11-14 21:30
VLAI
Details

Transient DOS in WLAN Firmware when firmware receives beacon including T2LM IE.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-33056"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-07T06:15:11Z",
    "severity": "HIGH"
  },
  "details": "Transient DOS in WLAN Firmware when firmware receives beacon including T2LM IE.",
  "id": "GHSA-956p-f3rr-w9v3",
  "modified": "2023-11-14T21:30:53Z",
  "published": "2023-11-14T21:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33056"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/november-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9573-WPFG-J5FH

Vulnerability from github – Published: 2022-05-14 01:21 – Updated: 2025-04-20 03:34
VLAI
Details

The IofCallDriver function in USBPcap 1.1.0.0 allows local users to gain privileges via a crafted 0x00090028 IOCTL call, which triggers a NULL pointer dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-6178"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-03-20T16:59:00Z",
    "severity": "HIGH"
  },
  "details": "The IofCallDriver function in USBPcap 1.1.0.0 allows local users to gain privileges via a crafted 0x00090028 IOCTL call, which triggers a NULL pointer dereference.",
  "id": "GHSA-9573-wpfg-j5fh",
  "modified": "2025-04-20T03:34:31Z",
  "published": "2022-05-14T01:21:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6178"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/41542"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/141526/USBPcap-1.1.0.0-Privilege-Escalation.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/97026"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.