CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6305 vulnerabilities reference this CWE, most recent first.
GHSA-CH46-RP5X-F4C7
Vulnerability from github – Published: 2022-05-14 01:53 – Updated: 2022-05-14 01:53A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6F6A offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2018-18328"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-10-23T14:29:00Z",
"severity": "HIGH"
},
"details": "A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6F6A offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
"id": "GHSA-ch46-rp5x-f4c7",
"modified": "2022-05-14T01:53:43Z",
"published": "2022-05-14T01:53:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18328"
},
{
"type": "WEB",
"url": "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.aspx"
},
{
"type": "WEB",
"url": "https://esupport.trendmicro.com/solution/ja-jp/1121350.aspx"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1296"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105757"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CH6F-Q6P6-GF44
Vulnerability from github – Published: 2025-05-09 09:33 – Updated: 2025-11-17 15:30In the Linux kernel, the following vulnerability has been resolved:
cifs: avoid NULL pointer dereference in dbg call
cifs_server_dbg() implies server to be non-NULL so move call under condition to avoid NULL pointer dereference.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
{
"affected": [],
"aliases": [
"CVE-2025-37844"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-09T07:16:05Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: avoid NULL pointer dereference in dbg call\n\ncifs_server_dbg() implies server to be non-NULL so\nmove call under condition to avoid NULL pointer dereference.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"id": "GHSA-ch6f-q6p6-gf44",
"modified": "2025-11-17T15:30:30Z",
"published": "2025-05-09T09:33:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37844"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/20048e658652e731f5cadf4a695925e570ca0ff9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6c14ee6af8f1f188b668afd6d003f7516a507b08"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/864ba5c651b03830f36f0906c21af05b15c1aaa6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9c9000cb91b986eb7f75835340c67857ab97c09b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b2a1833e1c63e2585867ebeaf4dd41494dcede4b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b4885bd5935bb26f0a414ad55679a372e53f9b9b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ba3ce6c60cd5db258687dfeba9fc608f5e7cadf3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e0717385f5c51e290c2cd2ad4699a778316b5132"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CHF9-635W-G4PV
Vulnerability from github – Published: 2024-10-21 21:30 – Updated: 2024-10-24 21:31In the Linux kernel, the following vulnerability has been resolved:
hwmon: (asus-ec-sensors) Add checks for devm_kcalloc
As the devm_kcalloc may return NULL, the return value needs to be checked to avoid NULL poineter dereference.
{
"affected": [],
"aliases": [
"CVE-2022-49009"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T20:15:12Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (asus-ec-sensors) Add checks for devm_kcalloc\n\nAs the devm_kcalloc may return NULL, the return value needs to be checked\nto avoid NULL poineter dereference.",
"id": "GHSA-chf9-635w-g4pv",
"modified": "2024-10-24T21:31:02Z",
"published": "2024-10-21T21:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49009"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9bdc112be727cf1ba65be79541147f960c3349d8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a41ec58ac352fd176d5808af847663dc890f6053"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CHGX-P85H-VXJM
Vulnerability from github – Published: 2022-05-17 00:14 – Updated: 2022-05-17 00:14TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730020 DeviceIoControl request to \.\Viragtlt.
{
"affected": [],
"aliases": [
"CVE-2017-17050"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-11-29T03:29:00Z",
"severity": "HIGH"
},
"details": "TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730020 DeviceIoControl request to \\\\.\\Viragtlt.",
"id": "GHSA-chgx-p85h-vxjm",
"modified": "2022-05-17T00:14:14Z",
"published": "2022-05-17T00:14:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17050"
},
{
"type": "WEB",
"url": "https://github.com/k0keoyo/Vir.IT-explorer-Anti-Virus-Null-Pointer-Reference-PoC/tree/master/VirIT_NullPointerDereference_0x82730020"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CHH7-MCMF-F654
Vulnerability from github – Published: 2025-04-23 21:30 – Updated: 2025-04-23 21:30A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service (DoS) condition.
{
"affected": [],
"aliases": [
"CVE-2025-32818"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-23T20:15:43Z",
"severity": "HIGH"
},
"details": "A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service (DoS) condition.",
"id": "GHSA-chh7-mcmf-f654",
"modified": "2025-04-23T21:30:36Z",
"published": "2025-04-23T21:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32818"
},
{
"type": "WEB",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0009"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CHMQ-57C3-4P7V
Vulnerability from github – Published: 2026-04-22 09:31 – Updated: 2026-07-14 00:31A flaw was found in binutils, specifically within the readelf utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially crafted Executable and Linkable Format (ELF) file. The exploitation of this flaw can lead to the system becoming unresponsive due to excessive resource consumption or a program crash.
{
"affected": [],
"aliases": [
"CVE-2026-6845"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-22T09:16:27Z",
"severity": "MODERATE"
},
"details": "A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially crafted Executable and Linkable Format (ELF) file. The exploitation of this flaw can lead to the system becoming unresponsive due to excessive resource consumption or a program crash.",
"id": "GHSA-chmq-57c3-4p7v",
"modified": "2026-07-14T00:31:00Z",
"published": "2026-04-22T09:31:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6845"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:34924"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:39022"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-6845"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460012"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CHP6-WQP3-F3GG
Vulnerability from github – Published: 2023-01-17 21:30 – Updated: 2025-04-04 21:30A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmet_setup_auth(), allows an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4.
{
"affected": [],
"aliases": [
"CVE-2023-0122"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-17T21:15:00Z",
"severity": "HIGH"
},
"details": "A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmet_setup_auth(), allows an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4.",
"id": "GHSA-chp6-wqp3-f3gg",
"modified": "2025-04-04T21:30:44Z",
"published": "2023-01-17T21:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0122"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=da0342a3aa0357795224e6283df86444e1117168"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230302-0002"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2023/01/18/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CHPQ-FR33-GP2M
Vulnerability from github – Published: 2026-02-18 18:30 – Updated: 2026-02-18 18:30When BIG-IP AFM or BIG-IP DDoS is provisioned, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
{
"affected": [],
"aliases": [
"CVE-2026-2507"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-18T17:21:36Z",
"severity": "HIGH"
},
"details": "When BIG-IP AFM or BIG-IP DDoS is provisioned, undisclosed traffic can cause TMM to terminate.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"id": "GHSA-chpq-fr33-gp2m",
"modified": "2026-02-18T18:30:40Z",
"published": "2026-02-18T18:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2507"
},
{
"type": "WEB",
"url": "https://my.f5.com/manage/s/article/K000160003"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-CHQG-R7HW-QC9V
Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-05-24 19:15An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::PushReconstructedData() located in blockbitmaprequester.cpp. It allows an attacker to cause Denial of Service.
{
"affected": [],
"aliases": [
"CVE-2021-39520"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-20T16:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::PushReconstructedData() located in blockbitmaprequester.cpp. It allows an attacker to cause Denial of Service.",
"id": "GHSA-chqg-r7hw-qc9v",
"modified": "2022-05-24T19:15:10Z",
"published": "2022-05-24T19:15:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39520"
},
{
"type": "WEB",
"url": "https://github.com/thorfdbg/libjpeg/issues/34"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-CHVH-R3PC-VJF8
Vulnerability from github – Published: 2022-05-14 01:14 – Updated: 2022-05-14 01:14An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.
{
"affected": [],
"aliases": [
"CVE-2018-5801"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-07T22:29:00Z",
"severity": "MODERATE"
},
"details": "An error within the \"LibRaw::unpack()\" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.",
"id": "GHSA-chvh-r3pc-vjf8",
"modified": "2022-05-14T01:14:36Z",
"published": "2022-05-14T01:14:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5801"
},
{
"type": "WEB",
"url": "https://github.com/LibRaw/LibRaw/commit/0df5490b985c419de008d32168650bff17128914"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3065"
},
{
"type": "WEB",
"url": "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html"
},
{
"type": "WEB",
"url": "https://secuniaresearch.flexerasoftware.com/advisories/79000"
},
{
"type": "WEB",
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3615-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.