CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-9W76-GR65-HF28
Vulnerability from github – Published: 2022-05-17 00:22 – Updated: 2025-04-20 03:47In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002010. This is due to the input buffer being NULL or the input buffer size being 0 as they are not validated.
{
"affected": [],
"aliases": [
"CVE-2017-15921"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-10-30T15:29:00Z",
"severity": "HIGH"
},
"details": "In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002010. This is due to the input buffer being NULL or the input buffer size being 0 as they are not validated.",
"id": "GHSA-9w76-gr65-hf28",
"modified": "2025-04-20T03:47:50Z",
"published": "2022-05-17T00:22:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15921"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/43058"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/144786/Watchdog-Development-Anti-Malware-Online-Security-Pro-NULL-Pointer-Dereference.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9W8P-MP2M-7QP7
Vulnerability from github – Published: 2026-01-29 21:30 – Updated: 2026-02-03 18:30A NULL pointer dereference in the mk_http_range_parse function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
{
"affected": [],
"aliases": [
"CVE-2025-63655"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-29T20:16:08Z",
"severity": "HIGH"
},
"details": "A NULL pointer dereference in the mk_http_range_parse function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.",
"id": "GHSA-9w8p-mp2m-7qp7",
"modified": "2026-02-03T18:30:31Z",
"published": "2026-01-29T21:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-63655"
},
{
"type": "WEB",
"url": "https://github.com/monkey/monkey/issues/427"
},
{
"type": "WEB",
"url": "https://github.com/archersec/security-advisories/blob/master/monkey/monkey-advisory-2025.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9W9R-VQ29-W437
Vulnerability from github – Published: 2025-01-31 12:33 – Updated: 2025-02-04 18:30In the Linux kernel, the following vulnerability has been resolved:
vsock/bpf: return early if transport is not assigned
Some of the core functions can only be called if the transport has been assigned.
As Michal reported, a socket might have the transport at NULL, for example after a failed connect(), causing the following trace:
BUG: kernel NULL pointer dereference, address: 00000000000000a0
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 12faf8067 P4D 12faf8067 PUD 113670067 PMD 0
Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI
CPU: 15 UID: 0 PID: 1198 Comm: a.out Not tainted 6.13.0-rc2+
RIP: 0010:vsock_connectible_has_data+0x1f/0x40
Call Trace:
vsock_bpf_recvmsg+0xca/0x5e0
sock_recvmsg+0xb9/0xc0
__sys_recvfrom+0xb3/0x130
__x64_sys_recvfrom+0x20/0x30
do_syscall_64+0x93/0x180
entry_SYSCALL_64_after_hwframe+0x76/0x7e
So we need to check the vsk->transport in vsock_bpf_recvmsg(),
especially for connected sockets (stream/seqpacket) as we already
do in __vsock_connectible_recvmsg().
{
"affected": [],
"aliases": [
"CVE-2025-21670"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-31T12:15:28Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/bpf: return early if transport is not assigned\n\nSome of the core functions can only be called if the transport\nhas been assigned.\n\nAs Michal reported, a socket might have the transport at NULL,\nfor example after a failed connect(), causing the following trace:\n\n BUG: kernel NULL pointer dereference, address: 00000000000000a0\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 12faf8067 P4D 12faf8067 PUD 113670067 PMD 0\n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 15 UID: 0 PID: 1198 Comm: a.out Not tainted 6.13.0-rc2+\n RIP: 0010:vsock_connectible_has_data+0x1f/0x40\n Call Trace:\n vsock_bpf_recvmsg+0xca/0x5e0\n sock_recvmsg+0xb9/0xc0\n __sys_recvfrom+0xb3/0x130\n __x64_sys_recvfrom+0x20/0x30\n do_syscall_64+0x93/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nSo we need to check the `vsk-\u003etransport` in vsock_bpf_recvmsg(),\nespecially for connected sockets (stream/seqpacket) as we already\ndo in __vsock_connectible_recvmsg().",
"id": "GHSA-9w9r-vq29-w437",
"modified": "2025-02-04T18:30:47Z",
"published": "2025-01-31T12:33:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21670"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/58e586c30d0b6f5dc0174a41026f2b0a48c9aab6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6771e1279dadf1d92a72e1465134257d9e6f2459"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f6abafcd32f9cfc4b1a2f820ecea70773e26d423"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9WHJ-PM33-MF3J
Vulnerability from github – Published: 2022-05-17 02:57 – Updated: 2022-05-17 02:57The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by the r_read_le32 function.
{
"affected": [],
"aliases": [
"CVE-2017-6197"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-02-24T04:59:00Z",
"severity": "MODERATE"
},
"details": "The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by the r_read_le32 function.",
"id": "GHSA-9whj-pm33-mf3j",
"modified": "2022-05-17T02:57:09Z",
"published": "2022-05-17T02:57:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6197"
},
{
"type": "WEB",
"url": "https://github.com/radare/radare2/issues/6816"
},
{
"type": "WEB",
"url": "https://github.com/radare/radare2/commit/1ea23bd6040441a21fbcfba69dce9a01af03f989"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/96433"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9WM3-5VV7-J93J
Vulnerability from github – Published: 2022-05-14 03:14 – Updated: 2025-04-12 13:04crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.
{
"affected": [],
"aliases": [
"CVE-2016-7052"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-09-26T19:59:00Z",
"severity": "HIGH"
},
"details": "crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.",
"id": "GHSA-9wm3-5vv7-j93j",
"modified": "2025-04-12T13:04:48Z",
"published": "2022-05-14T03:14:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7052"
},
{
"type": "WEB",
"url": "https://bto.bluecoat.com/security-advisory/sa132"
},
{
"type": "WEB",
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=6e629b5be45face20b4ca71c4fcbfed78b864a2e"
},
{
"type": "WEB",
"url": "https://git.openssl.org/?p=openssl.git;a=commit;h=6e629b5be45face20b4ca71c4fcbfed78b864a2e"
},
{
"type": "WEB",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171"
},
{
"type": "WEB",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:27.openssl.asc"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
},
{
"type": "WEB",
"url": "https://www.openssl.org/news/secadv/20160926.txt"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2016-16"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2016-19"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"type": "WEB",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/93171"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1036885"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9WM5-V97C-MV82
Vulnerability from github – Published: 2024-07-16 12:30 – Updated: 2026-06-01 18:31In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: lock against ->sock changing during sysfs read
->sock can be set to NULL asynchronously unless ->recv_mutex is held. So it is important to hold that mutex. Otherwise a sysfs read can trigger an oops. Commit 17f09d3f619a ("SUNRPC: Check if the xprt is connected before handling sysfs reads") appears to attempt to fix this problem, but it only narrows the race window.
{
"affected": [],
"aliases": [
"CVE-2022-48816"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-16T12:15:05Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: lock against -\u003esock changing during sysfs read\n\n-\u003esock can be set to NULL asynchronously unless -\u003erecv_mutex is held.\nSo it is important to hold that mutex. Otherwise a sysfs read can\ntrigger an oops.\nCommit 17f09d3f619a (\"SUNRPC: Check if the xprt is connected before\nhandling sysfs reads\") appears to attempt to fix this problem, but it\nonly narrows the race window.",
"id": "GHSA-9wm5-v97c-mv82",
"modified": "2026-06-01T18:31:18Z",
"published": "2024-07-16T12:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48816"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9482ab4540f5bcc869b44c067ae99b5fca16bd07"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b49ea673e119f59c71645e2f65b3ccad857c90ee"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fdc42287ae3f8a35cc2098307f52d7864b4bc8ed"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9WPF-WH66-2MMP
Vulnerability from github – Published: 2022-05-13 01:10 – Updated: 2022-05-13 01:10In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file.
{
"affected": [],
"aliases": [
"CVE-2018-16749"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-09T15:29:00Z",
"severity": "MODERATE"
},
"details": "In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file.",
"id": "GHSA-9wpf-wh66-2mmp",
"modified": "2022-05-13T01:10:29Z",
"published": "2022-05-13T01:10:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16749"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/issues/1119"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick6/commit/1007b98f8795ad4bea6bc5f68a32d83e982fdae4"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00002.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3785-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9WQ2-QRHF-FMM4
Vulnerability from github – Published: 2025-09-05 18:31 – Updated: 2026-05-12 15:31In the Linux kernel, the following vulnerability has been resolved:
smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy()
We can't call destroy_workqueue(smb_direct_wq); before stop_sessions()!
Otherwise already existing connections try to use smb_direct_wq as a NULL pointer.
{
"affected": [],
"aliases": [
"CVE-2025-39692"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-05T18:15:45Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy()\n\nWe can\u0027t call destroy_workqueue(smb_direct_wq); before stop_sessions()!\n\nOtherwise already existing connections try to use smb_direct_wq as\na NULL pointer.",
"id": "GHSA-9wq2-qrhf-fmm4",
"modified": "2026-05-12T15:31:04Z",
"published": "2025-09-05T18:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39692"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/003e6a3150299f681f34cb189aa068018cef6a45"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/212eb86f75b4d7b82f3d94aed95ba61103bccb93"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/524e90e58a267dad11e23351d9e4b1f941490976"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bac7b996d42e458a94578f4227795a0d4deef6fa"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e41e33400516702427603f8fbbec43c91ede09c0"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9WQ5-2P9C-Q5W5
Vulnerability from github – Published: 2022-07-24 00:00 – Updated: 2022-07-28 00:00Insufficient validation of trust input in WebOTP in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to send arbitrary intents from any app via a malicious app.
{
"affected": [],
"aliases": [
"CVE-2022-1130"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-23T00:15:00Z",
"severity": "HIGH"
},
"details": "Insufficient validation of trust input in WebOTP in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to send arbitrary intents from any app via a malicious app.",
"id": "GHSA-9wq5-2p9c-q5w5",
"modified": "2022-07-28T00:00:48Z",
"published": "2022-07-24T00:00:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1130"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_29.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1142269"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-25"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9WWX-4J35-8876
Vulnerability from github – Published: 2025-01-22 00:33 – Updated: 2025-01-23 15:31A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP Uplink NAS Transport packet missing an expected MME_UE_S1AP_ID field.
{
"affected": [],
"aliases": [
"CVE-2023-37038"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-21T23:15:11Z",
"severity": "MODERATE"
},
"details": "A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma \u003c= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `Uplink NAS Transport` packet missing an expected `MME_UE_S1AP_ID` field.",
"id": "GHSA-9wwx-4j35-8876",
"modified": "2025-01-23T15:31:05Z",
"published": "2025-01-22T00:33:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37038"
},
{
"type": "WEB",
"url": "https://cellularsecurity.org/ransacked"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.