Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6305 vulnerabilities reference this CWE, most recent first.

GHSA-CH46-RP5X-F4C7

Vulnerability from github – Published: 2022-05-14 01:53 – Updated: 2022-05-14 01:53
VLAI
Details

A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6F6A offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-18328"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-23T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6F6A offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
  "id": "GHSA-ch46-rp5x-f4c7",
  "modified": "2022-05-14T01:53:43Z",
  "published": "2022-05-14T01:53:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18328"
    },
    {
      "type": "WEB",
      "url": "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.aspx"
    },
    {
      "type": "WEB",
      "url": "https://esupport.trendmicro.com/solution/ja-jp/1121350.aspx"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1296"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105757"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CH6F-Q6P6-GF44

Vulnerability from github – Published: 2025-05-09 09:33 – Updated: 2025-11-17 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

cifs: avoid NULL pointer dereference in dbg call

cifs_server_dbg() implies server to be non-NULL so move call under condition to avoid NULL pointer dereference.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-37844"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-09T07:16:05Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: avoid NULL pointer dereference in dbg call\n\ncifs_server_dbg() implies server to be non-NULL so\nmove call under condition to avoid NULL pointer dereference.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
  "id": "GHSA-ch6f-q6p6-gf44",
  "modified": "2025-11-17T15:30:30Z",
  "published": "2025-05-09T09:33:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37844"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/20048e658652e731f5cadf4a695925e570ca0ff9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6c14ee6af8f1f188b668afd6d003f7516a507b08"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/864ba5c651b03830f36f0906c21af05b15c1aaa6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9c9000cb91b986eb7f75835340c67857ab97c09b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b2a1833e1c63e2585867ebeaf4dd41494dcede4b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b4885bd5935bb26f0a414ad55679a372e53f9b9b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ba3ce6c60cd5db258687dfeba9fc608f5e7cadf3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e0717385f5c51e290c2cd2ad4699a778316b5132"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CHF9-635W-G4PV

Vulnerability from github – Published: 2024-10-21 21:30 – Updated: 2024-10-24 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

hwmon: (asus-ec-sensors) Add checks for devm_kcalloc

As the devm_kcalloc may return NULL, the return value needs to be checked to avoid NULL poineter dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49009"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T20:15:12Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (asus-ec-sensors) Add checks for devm_kcalloc\n\nAs the devm_kcalloc may return NULL, the return value needs to be checked\nto avoid NULL poineter dereference.",
  "id": "GHSA-chf9-635w-g4pv",
  "modified": "2024-10-24T21:31:02Z",
  "published": "2024-10-21T21:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49009"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9bdc112be727cf1ba65be79541147f960c3349d8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a41ec58ac352fd176d5808af847663dc890f6053"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CHGX-P85H-VXJM

Vulnerability from github – Published: 2022-05-17 00:14 – Updated: 2022-05-17 00:14
VLAI
Details

TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730020 DeviceIoControl request to \.\Viragtlt.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-17050"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-11-29T03:29:00Z",
    "severity": "HIGH"
  },
  "details": "TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730020 DeviceIoControl request to \\\\.\\Viragtlt.",
  "id": "GHSA-chgx-p85h-vxjm",
  "modified": "2022-05-17T00:14:14Z",
  "published": "2022-05-17T00:14:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17050"
    },
    {
      "type": "WEB",
      "url": "https://github.com/k0keoyo/Vir.IT-explorer-Anti-Virus-Null-Pointer-Reference-PoC/tree/master/VirIT_NullPointerDereference_0x82730020"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CHH7-MCMF-F654

Vulnerability from github – Published: 2025-04-23 21:30 – Updated: 2025-04-23 21:30
VLAI
Details

A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service (DoS) condition.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-32818"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-23T20:15:43Z",
    "severity": "HIGH"
  },
  "details": "A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service (DoS) condition.",
  "id": "GHSA-chh7-mcmf-f654",
  "modified": "2025-04-23T21:30:36Z",
  "published": "2025-04-23T21:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32818"
    },
    {
      "type": "WEB",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0009"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CHMQ-57C3-4P7V

Vulnerability from github – Published: 2026-04-22 09:31 – Updated: 2026-07-14 00:31
VLAI
Details

A flaw was found in binutils, specifically within the readelf utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially crafted Executable and Linkable Format (ELF) file. The exploitation of this flaw can lead to the system becoming unresponsive due to excessive resource consumption or a program crash.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-6845"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-22T09:16:27Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially crafted Executable and Linkable Format (ELF) file. The exploitation of this flaw can lead to the system becoming unresponsive due to excessive resource consumption or a program crash.",
  "id": "GHSA-chmq-57c3-4p7v",
  "modified": "2026-07-14T00:31:00Z",
  "published": "2026-04-22T09:31:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6845"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:34924"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:39022"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-6845"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460012"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CHP6-WQP3-F3GG

Vulnerability from github – Published: 2023-01-17 21:30 – Updated: 2025-04-04 21:30
VLAI
Details

A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmet_setup_auth(), allows an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-0122"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-17T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmet_setup_auth(), allows an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4.",
  "id": "GHSA-chp6-wqp3-f3gg",
  "modified": "2025-04-04T21:30:44Z",
  "published": "2023-01-17T21:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0122"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=da0342a3aa0357795224e6283df86444e1117168"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230302-0002"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/01/18/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CHPQ-FR33-GP2M

Vulnerability from github – Published: 2026-02-18 18:30 – Updated: 2026-02-18 18:30
VLAI
Details

When BIG-IP AFM or BIG-IP DDoS is provisioned, undisclosed traffic can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-2507"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-18T17:21:36Z",
    "severity": "HIGH"
  },
  "details": "When BIG-IP AFM or BIG-IP DDoS is provisioned, undisclosed traffic can cause TMM to terminate.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
  "id": "GHSA-chpq-fr33-gp2m",
  "modified": "2026-02-18T18:30:40Z",
  "published": "2026-02-18T18:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2507"
    },
    {
      "type": "WEB",
      "url": "https://my.f5.com/manage/s/article/K000160003"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-CHQG-R7HW-QC9V

Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-05-24 19:15
VLAI
Details

An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::PushReconstructedData() located in blockbitmaprequester.cpp. It allows an attacker to cause Denial of Service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-39520"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-20T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::PushReconstructedData() located in blockbitmaprequester.cpp. It allows an attacker to cause Denial of Service.",
  "id": "GHSA-chqg-r7hw-qc9v",
  "modified": "2022-05-24T19:15:10Z",
  "published": "2022-05-24T19:15:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39520"
    },
    {
      "type": "WEB",
      "url": "https://github.com/thorfdbg/libjpeg/issues/34"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-CHVH-R3PC-VJF8

Vulnerability from github – Published: 2022-05-14 01:14 – Updated: 2022-05-14 01:14
VLAI
Details

An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-5801"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-07T22:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An error within the \"LibRaw::unpack()\" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.",
  "id": "GHSA-chvh-r3pc-vjf8",
  "modified": "2022-05-14T01:14:36Z",
  "published": "2022-05-14T01:14:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5801"
    },
    {
      "type": "WEB",
      "url": "https://github.com/LibRaw/LibRaw/commit/0df5490b985c419de008d32168650bff17128914"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3065"
    },
    {
      "type": "WEB",
      "url": "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html"
    },
    {
      "type": "WEB",
      "url": "https://secuniaresearch.flexerasoftware.com/advisories/79000"
    },
    {
      "type": "WEB",
      "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3615-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.