Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-9W76-GR65-HF28

Vulnerability from github – Published: 2022-05-17 00:22 – Updated: 2025-04-20 03:47
VLAI
Details

In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002010. This is due to the input buffer being NULL or the input buffer size being 0 as they are not validated.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-15921"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-30T15:29:00Z",
    "severity": "HIGH"
  },
  "details": "In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002010. This is due to the input buffer being NULL or the input buffer size being 0 as they are not validated.",
  "id": "GHSA-9w76-gr65-hf28",
  "modified": "2025-04-20T03:47:50Z",
  "published": "2022-05-17T00:22:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15921"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/43058"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/144786/Watchdog-Development-Anti-Malware-Online-Security-Pro-NULL-Pointer-Dereference.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9W8P-MP2M-7QP7

Vulnerability from github – Published: 2026-01-29 21:30 – Updated: 2026-02-03 18:30
VLAI
Details

A NULL pointer dereference in the mk_http_range_parse function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-63655"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-29T20:16:08Z",
    "severity": "HIGH"
  },
  "details": "A NULL pointer dereference in the mk_http_range_parse function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.",
  "id": "GHSA-9w8p-mp2m-7qp7",
  "modified": "2026-02-03T18:30:31Z",
  "published": "2026-01-29T21:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-63655"
    },
    {
      "type": "WEB",
      "url": "https://github.com/monkey/monkey/issues/427"
    },
    {
      "type": "WEB",
      "url": "https://github.com/archersec/security-advisories/blob/master/monkey/monkey-advisory-2025.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9W9R-VQ29-W437

Vulnerability from github – Published: 2025-01-31 12:33 – Updated: 2025-02-04 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

vsock/bpf: return early if transport is not assigned

Some of the core functions can only be called if the transport has been assigned.

As Michal reported, a socket might have the transport at NULL, for example after a failed connect(), causing the following trace:

BUG: kernel NULL pointer dereference, address: 00000000000000a0
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 12faf8067 P4D 12faf8067 PUD 113670067 PMD 0
Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI
CPU: 15 UID: 0 PID: 1198 Comm: a.out Not tainted 6.13.0-rc2+
RIP: 0010:vsock_connectible_has_data+0x1f/0x40
Call Trace:
 vsock_bpf_recvmsg+0xca/0x5e0
 sock_recvmsg+0xb9/0xc0
 __sys_recvfrom+0xb3/0x130
 __x64_sys_recvfrom+0x20/0x30
 do_syscall_64+0x93/0x180
 entry_SYSCALL_64_after_hwframe+0x76/0x7e

So we need to check the vsk->transport in vsock_bpf_recvmsg(), especially for connected sockets (stream/seqpacket) as we already do in __vsock_connectible_recvmsg().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21670"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-31T12:15:28Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/bpf: return early if transport is not assigned\n\nSome of the core functions can only be called if the transport\nhas been assigned.\n\nAs Michal reported, a socket might have the transport at NULL,\nfor example after a failed connect(), causing the following trace:\n\n    BUG: kernel NULL pointer dereference, address: 00000000000000a0\n    #PF: supervisor read access in kernel mode\n    #PF: error_code(0x0000) - not-present page\n    PGD 12faf8067 P4D 12faf8067 PUD 113670067 PMD 0\n    Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n    CPU: 15 UID: 0 PID: 1198 Comm: a.out Not tainted 6.13.0-rc2+\n    RIP: 0010:vsock_connectible_has_data+0x1f/0x40\n    Call Trace:\n     vsock_bpf_recvmsg+0xca/0x5e0\n     sock_recvmsg+0xb9/0xc0\n     __sys_recvfrom+0xb3/0x130\n     __x64_sys_recvfrom+0x20/0x30\n     do_syscall_64+0x93/0x180\n     entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nSo we need to check the `vsk-\u003etransport` in vsock_bpf_recvmsg(),\nespecially for connected sockets (stream/seqpacket) as we already\ndo in __vsock_connectible_recvmsg().",
  "id": "GHSA-9w9r-vq29-w437",
  "modified": "2025-02-04T18:30:47Z",
  "published": "2025-01-31T12:33:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21670"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/58e586c30d0b6f5dc0174a41026f2b0a48c9aab6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6771e1279dadf1d92a72e1465134257d9e6f2459"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f6abafcd32f9cfc4b1a2f820ecea70773e26d423"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9WHJ-PM33-MF3J

Vulnerability from github – Published: 2022-05-17 02:57 – Updated: 2022-05-17 02:57
VLAI
Details

The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by the r_read_le32 function.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-6197"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-02-24T04:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by the r_read_le32 function.",
  "id": "GHSA-9whj-pm33-mf3j",
  "modified": "2022-05-17T02:57:09Z",
  "published": "2022-05-17T02:57:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6197"
    },
    {
      "type": "WEB",
      "url": "https://github.com/radare/radare2/issues/6816"
    },
    {
      "type": "WEB",
      "url": "https://github.com/radare/radare2/commit/1ea23bd6040441a21fbcfba69dce9a01af03f989"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/96433"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9WM3-5VV7-J93J

Vulnerability from github – Published: 2022-05-14 03:14 – Updated: 2025-04-12 13:04
VLAI
Details

crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-7052"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-09-26T19:59:00Z",
    "severity": "HIGH"
  },
  "details": "crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.",
  "id": "GHSA-9wm3-5vv7-j93j",
  "modified": "2025-04-12T13:04:48Z",
  "published": "2022-05-14T03:14:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7052"
    },
    {
      "type": "WEB",
      "url": "https://bto.bluecoat.com/security-advisory/sa132"
    },
    {
      "type": "WEB",
      "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=6e629b5be45face20b4ca71c4fcbfed78b864a2e"
    },
    {
      "type": "WEB",
      "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=6e629b5be45face20b4ca71c4fcbfed78b864a2e"
    },
    {
      "type": "WEB",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171"
    },
    {
      "type": "WEB",
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:27.openssl.asc"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201612-16"
    },
    {
      "type": "WEB",
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
    },
    {
      "type": "WEB",
      "url": "https://www.openssl.org/news/secadv/20160926.txt"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/security/tns-2016-16"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/security/tns-2016-19"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/security/tns-2016-20"
    },
    {
      "type": "WEB",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/93171"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1036885"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9WM5-V97C-MV82

Vulnerability from github – Published: 2024-07-16 12:30 – Updated: 2026-06-01 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

SUNRPC: lock against ->sock changing during sysfs read

->sock can be set to NULL asynchronously unless ->recv_mutex is held. So it is important to hold that mutex. Otherwise a sysfs read can trigger an oops. Commit 17f09d3f619a ("SUNRPC: Check if the xprt is connected before handling sysfs reads") appears to attempt to fix this problem, but it only narrows the race window.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-48816"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-16T12:15:05Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: lock against -\u003esock changing during sysfs read\n\n-\u003esock can be set to NULL asynchronously unless -\u003erecv_mutex is held.\nSo it is important to hold that mutex.  Otherwise a sysfs read can\ntrigger an oops.\nCommit 17f09d3f619a (\"SUNRPC: Check if the xprt is connected before\nhandling sysfs reads\") appears to attempt to fix this problem, but it\nonly narrows the race window.",
  "id": "GHSA-9wm5-v97c-mv82",
  "modified": "2026-06-01T18:31:18Z",
  "published": "2024-07-16T12:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48816"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9482ab4540f5bcc869b44c067ae99b5fca16bd07"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b49ea673e119f59c71645e2f65b3ccad857c90ee"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fdc42287ae3f8a35cc2098307f52d7864b4bc8ed"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9WPF-WH66-2MMP

Vulnerability from github – Published: 2022-05-13 01:10 – Updated: 2022-05-13 01:10
VLAI
Details

In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-16749"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-09T15:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file.",
  "id": "GHSA-9wpf-wh66-2mmp",
  "modified": "2022-05-13T01:10:29Z",
  "published": "2022-05-13T01:10:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16749"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/issues/1119"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick6/commit/1007b98f8795ad4bea6bc5f68a32d83e982fdae4"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3785-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9WQ2-QRHF-FMM4

Vulnerability from github – Published: 2025-09-05 18:31 – Updated: 2026-05-12 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy()

We can't call destroy_workqueue(smb_direct_wq); before stop_sessions()!

Otherwise already existing connections try to use smb_direct_wq as a NULL pointer.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-39692"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-05T18:15:45Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy()\n\nWe can\u0027t call destroy_workqueue(smb_direct_wq); before stop_sessions()!\n\nOtherwise already existing connections try to use smb_direct_wq as\na NULL pointer.",
  "id": "GHSA-9wq2-qrhf-fmm4",
  "modified": "2026-05-12T15:31:04Z",
  "published": "2025-09-05T18:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39692"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/003e6a3150299f681f34cb189aa068018cef6a45"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/212eb86f75b4d7b82f3d94aed95ba61103bccb93"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/524e90e58a267dad11e23351d9e4b1f941490976"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bac7b996d42e458a94578f4227795a0d4deef6fa"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e41e33400516702427603f8fbbec43c91ede09c0"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9WQ5-2P9C-Q5W5

Vulnerability from github – Published: 2022-07-24 00:00 – Updated: 2022-07-28 00:00
VLAI
Details

Insufficient validation of trust input in WebOTP in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to send arbitrary intents from any app via a malicious app.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-1130"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-23T00:15:00Z",
    "severity": "HIGH"
  },
  "details": "Insufficient validation of trust input in WebOTP in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to send arbitrary intents from any app via a malicious app.",
  "id": "GHSA-9wq5-2p9c-q5w5",
  "modified": "2022-07-28T00:00:48Z",
  "published": "2022-07-24T00:00:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1130"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_29.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1142269"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202208-25"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9WWX-4J35-8876

Vulnerability from github – Published: 2025-01-22 00:33 – Updated: 2025-01-23 15:31
VLAI
Details

A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP Uplink NAS Transport packet missing an expected MME_UE_S1AP_ID field.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-37038"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-21T23:15:11Z",
    "severity": "MODERATE"
  },
  "details": "A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma \u003c= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `Uplink NAS Transport` packet missing an expected `MME_UE_S1AP_ID` field.",
  "id": "GHSA-9wwx-4j35-8876",
  "modified": "2025-01-23T15:31:05Z",
  "published": "2025-01-22T00:33:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37038"
    },
    {
      "type": "WEB",
      "url": "https://cellularsecurity.org/ransacked"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.