Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-9J7P-FVVP-CP57

Vulnerability from github – Published: 2022-05-24 17:24 – Updated: 2022-05-24 17:24
VLAI
Details

libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-16135"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-07-29T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.",
  "id": "GHSA-9j7p-fvvp-cp57",
  "modified": "2022-05-24T17:24:39Z",
  "published": "2022-05-24T17:24:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16135"
    },
    {
      "type": "WEB",
      "url": "https://bugs.libssh.org/T232"
    },
    {
      "type": "WEB",
      "url": "https://bugs.libssh.org/rLIBSSHe631ebb3e2247dd25e9678e6827c20dc73b73238"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/libssh/libssh-mirror/-/merge_requests/120"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00034.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCIKQRKXAAB4HMWM62EPZJ4DVBHIIEG6"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JNW5GBC6JFN76VEWQXMLT5F7VCZ5AJ2E"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202011-05"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4447-1"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9J87-4JMC-MRVG

Vulnerability from github – Published: 2024-07-16 15:30 – Updated: 2024-07-24 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/vrr: Set VRR capable prop only if it is attached to connector

VRR capable property is not attached by default to the connector It is attached only if VRR is supported. So if the driver tries to call drm core set prop function without it being attached that causes NULL dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-48843"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-16T13:15:11Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vrr: Set VRR capable prop only if it is attached to connector\n\nVRR capable property is not attached by default to the connector\nIt is attached only if VRR is supported.\nSo if the driver tries to call drm core set prop function without\nit being attached that causes NULL dereference.",
  "id": "GHSA-9j87-4jmc-mrvg",
  "modified": "2024-07-24T18:31:15Z",
  "published": "2024-07-16T15:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48843"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0ba557d330946c23559aaea2d51ea649fdeca98a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3534c5c005ef99a1804ed50b8a72cdae254cabb5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/62929726ef0ec72cbbe9440c5d125d4278b99894"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/85271e92ae4f13aa679acaa6cf76b3c36bcb7bab"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/941e8bcd2b2ba95490738e33dfeca27168452779"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9JCF-5W87-FMC9

Vulnerability from github – Published: 2026-03-03 18:31 – Updated: 2026-03-04 15:30
VLAI
Details

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400. A NULL pointer dereference of ft_handle in load_fw_utc_vector() causes a denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-62814"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-03T16:16:17Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400. A NULL pointer dereference of ft_handle in load_fw_utc_vector() causes a denial of service.",
  "id": "GHSA-9jcf-5w87-fmc9",
  "modified": "2026-03-04T15:30:33Z",
  "published": "2026-03-03T18:31:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62814"
    },
    {
      "type": "WEB",
      "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates"
    },
    {
      "type": "WEB",
      "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-62814"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9JG5-7C35-VV38

Vulnerability from github – Published: 2025-10-28 15:30 – Updated: 2025-10-28 18:30
VLAI
Details

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_lan_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-61103"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-28T15:16:12Z",
    "severity": "HIGH"
  },
  "details": "FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_lan_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.",
  "id": "GHSA-9jg5-7c35-vv38",
  "modified": "2025-10-28T18:30:28Z",
  "published": "2025-10-28T15:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61103"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FRRouting/frr/issues/19471"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FRRouting/frr/pull/19480"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FRRouting/frr/pull/19480/commits/fdd957408605d4a1766225630aafc7e6b7c3daf3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/s1awwhy/BugList/blob/main/CVE-2025-61103.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9JJ6-2JV6-4CG4

Vulnerability from github – Published: 2022-05-17 01:58 – Updated: 2022-05-17 01:58
VLAI
Details

In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-9072"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-08-18T18:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall.",
  "id": "GHSA-9jj6-2jv6-4cg4",
  "modified": "2022-05-17T01:58:37Z",
  "published": "2022-05-17T01:58:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9072"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2017-07-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99467"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9JJH-93J4-23F2

Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-05-07 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: mac80211: fix general-protection-fault in ieee80211_subif_start_xmit()

When device is running and the interface status is changed, the gpf issue is triggered. The problem triggering process is as follows: Thread A: Thread B ieee80211_runtime_change_iftype() process_one_work() ... ... ieee80211_do_stop() ... ... ... sdata->bss = NULL ... ... ieee80211_subif_start_xmit() ieee80211_multicast_to_unicast //!sdata->bss->multicast_to_unicast cause gpf issue

When the interface status is changed, the sending queue continues to send packets. After the bss is set to NULL, the bss is accessed. As a result, this causes a general-protection-fault issue.

The following is the stack information: general protection fault, probably for non-canonical address 0xdffffc000000002f: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000178-0x000000000000017f] Workqueue: mld mld_ifc_work RIP: 0010:ieee80211_subif_start_xmit+0x25b/0x1310 Call Trace: dev_hard_start_xmit+0x1be/0x990 __dev_queue_xmit+0x2c9a/0x3b60 ip6_finish_output2+0xf92/0x1520 ip6_finish_output+0x6af/0x11e0 ip6_output+0x1ed/0x540 mld_sendpack+0xa09/0xe70 mld_ifc_work+0x71c/0xdb0 process_one_work+0x9bf/0x1710 worker_thread+0x665/0x1080 kthread+0x2e4/0x3a0 ret_from_fork+0x1f/0x30

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49876"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-01T15:16:12Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix general-protection-fault in ieee80211_subif_start_xmit()\n\nWhen device is running and the interface status is changed, the gpf issue\nis triggered. The problem triggering process is as follows:\nThread A:                           Thread B\nieee80211_runtime_change_iftype()   process_one_work()\n    ...                                 ...\n    ieee80211_do_stop()                 ...\n    ...                                 ...\n        sdata-\u003ebss = NULL               ...\n        ...                             ieee80211_subif_start_xmit()\n                                            ieee80211_multicast_to_unicast\n                                    //!sdata-\u003ebss-\u003emulticast_to_unicast\n                                      cause gpf issue\n\nWhen the interface status is changed, the sending queue continues to send\npackets. After the bss is set to NULL, the bss is accessed. As a result,\nthis causes a general-protection-fault issue.\n\nThe following is the stack information:\ngeneral protection fault, probably for non-canonical address\n0xdffffc000000002f: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000178-0x000000000000017f]\nWorkqueue: mld mld_ifc_work\nRIP: 0010:ieee80211_subif_start_xmit+0x25b/0x1310\nCall Trace:\n\u003cTASK\u003e\ndev_hard_start_xmit+0x1be/0x990\n__dev_queue_xmit+0x2c9a/0x3b60\nip6_finish_output2+0xf92/0x1520\nip6_finish_output+0x6af/0x11e0\nip6_output+0x1ed/0x540\nmld_sendpack+0xa09/0xe70\nmld_ifc_work+0x71c/0xdb0\nprocess_one_work+0x9bf/0x1710\nworker_thread+0x665/0x1080\nkthread+0x2e4/0x3a0\nret_from_fork+0x1f/0x30\n\u003c/TASK\u003e",
  "id": "GHSA-9jjh-93j4-23f2",
  "modified": "2025-05-07T15:31:25Z",
  "published": "2025-05-01T15:31:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49876"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/03eb68c72cee249aeb7af7d04a83c033aca3d6d9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/780854186946e0de2be192ee7fa5125666533b3a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9JJR-XWRJ-4CFC

Vulnerability from github – Published: 2026-03-10 21:32 – Updated: 2026-03-10 21:32
VLAI
Details

Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-21363"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-10T19:17:12Z",
    "severity": "MODERATE"
  },
  "details": "Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-9jjr-xwrj-4cfc",
  "modified": "2026-03-10T21:32:14Z",
  "published": "2026-03-10T21:32:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21363"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb26-25.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9JJW-6883-WQJH

Vulnerability from github – Published: 2025-04-14 21:32 – Updated: 2025-04-14 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

rtc: mt6397: check return value after calling platform_get_resource()

It will cause null-ptr-deref if platform_get_resource() returns NULL, we need check the return value.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49375"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:14Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtc: mt6397: check return value after calling platform_get_resource()\n\nIt will cause null-ptr-deref if platform_get_resource() returns NULL,\nwe need check the return value.",
  "id": "GHSA-9jjw-6883-wqjh",
  "modified": "2025-04-14T21:32:23Z",
  "published": "2025-04-14T21:32:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49375"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3867f0bbb94773d41e789257abec0d14f37da217"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/58a729c55ce3a432eb827fdaa24c7909cd3b0a6b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6ecd4d5c28408df36a1a6f0b1973f633c949ac1f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/79fa3f5758d8712df0678df98161f948fc4370e5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/82bfea344e8f7e9a0e0b1bf9af27552baa756620"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/865051de2d9eaa50630e055b73921ceaf3c4a7fc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d3b43eb505bffb8e4cdf6800c15660c001553fe6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d77f28c1bc9d3043a52069fe42e4a26fbf961ebd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/da38e86d6cf6dd3bc65c602d998f357145aa1a0b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9JM3-9X6P-8Q48

Vulnerability from github – Published: 2022-05-13 01:10 – Updated: 2022-05-13 01:10
VLAI
Details

NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-10196"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-05-30T21:29:00Z",
    "severity": "MODERATE"
  },
  "details": "NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.",
  "id": "GHSA-9jm3-9x6p-8q48",
  "modified": "2022-05-13T01:10:19Z",
  "published": "2022-05-13T01:10:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10196"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579254"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/graphviz/graphviz/issues/1367"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00014.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VR2CT3LD52GWAQUZAOSEXSYE3O7HGN"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TWUEEJPMS5LAROYJYY6FREOTI6VPN3M4"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3731-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9JMC-924M-6JGC

Vulnerability from github – Published: 2025-10-15 15:30 – Updated: 2025-10-15 15:30
VLAI
Details

When a per-request policy is configured on a BIG-IP APM portal access virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-61960"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-15T14:15:57Z",
    "severity": "HIGH"
  },
  "details": "When a per-request policy is configured on a BIG-IP APM portal access virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
  "id": "GHSA-9jmc-924m-6jgc",
  "modified": "2025-10-15T15:30:29Z",
  "published": "2025-10-15T15:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61960"
    },
    {
      "type": "WEB",
      "url": "https://my.f5.com/manage/s/article/K000156597"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.