CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6305 vulnerabilities reference this CWE, most recent first.
GHSA-CHVJ-HF6V-QXXV
Vulnerability from github – Published: 2022-05-13 01:27 – Updated: 2025-04-20 03:43The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.
{
"affected": [],
"aliases": [
"CVE-2017-12950"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-28T19:29:00Z",
"severity": "MODERATE"
},
"details": "The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.",
"id": "GHSA-chvj-hf6v-qxxv",
"modified": "2025-04-20T03:43:57Z",
"published": "2022-05-13T01:27:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12950"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/42546"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2017/Aug/39"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CHWM-VQ5F-3R66
Vulnerability from github – Published: 2022-05-17 00:27 – Updated: 2022-05-17 00:27The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
{
"affected": [],
"aliases": [
"CVE-2017-5951"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-04-03T05:59:00Z",
"severity": "MODERATE"
},
"details": "The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.",
"id": "GHSA-chwm-vq5f-3r66",
"modified": "2022-05-17T00:27:01Z",
"published": "2022-05-17T00:27:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5951"
},
{
"type": "WEB",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=697548"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201708-06"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3838"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/98665"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CHWM-XP9X-8VV7
Vulnerability from github – Published: 2024-05-21 18:31 – Updated: 2025-01-15 18:30In the Linux kernel, the following vulnerability has been resolved:
tty: vcc: Add check for kstrdup() in vcc_probe()
Add check for the return value of kstrdup() and return the error, if it fails in order to avoid NULL pointer dereference.
{
"affected": [],
"aliases": [
"CVE-2023-52789"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-21T16:15:17Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: vcc: Add check for kstrdup() in vcc_probe()\n\nAdd check for the return value of kstrdup() and return the error, if it\nfails in order to avoid NULL pointer dereference.",
"id": "GHSA-chwm-xp9x-8vv7",
"modified": "2025-01-15T18:30:53Z",
"published": "2024-05-21T18:31:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52789"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/38cd56fc9de78bf3c878790785e8c231116ef9d3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/460284dfb10b207980c6f3f7046e33446ceb38ac"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4a24a31826246b15477399febd13292b0c9f0ee9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4ef41a7f33ffe1a335e7db7e1564ddc6afad47cc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6c80f48912b5bd4965352d1a9a989e21743a4a06"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7cebc86481bf16049e266f6774d90f2fd4f8d5d2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8f8771757b130383732195497e47fba2aba76d3a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/909963e0c16778cec28efb1affc21558825f4200"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d81ffb87aaa75f842cd7aa57091810353755b3e6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CHX2-GCQ9-6MV7
Vulnerability from github – Published: 2025-05-13 18:30 – Updated: 2025-05-13 18:30InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2025-30320"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-13T17:15:59Z",
"severity": "MODERATE"
},
"details": "InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-chx2-gcq9-6mv7",
"modified": "2025-05-13T18:30:56Z",
"published": "2025-05-13T18:30:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30320"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/indesign/apsb25-37.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CJ2J-Q546-99J2
Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2024-03-21 03:33An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).
{
"affected": [],
"aliases": [
"CVE-2019-12382"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-05-28T03:29:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).",
"id": "GHSA-cj2j-q546-99j2",
"modified": "2024-03-21T03:33:40Z",
"published": "2022-05-24T16:46:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12382"
},
{
"type": "WEB",
"url": "https://cgit.freedesktop.org/drm/drm-misc/commit/?id=9f1f1a2dab38d4ce87a13565cf4dc1b73bef3a5f"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLGWJKLMTBBB53D5QLS4HOY2EH246WBE"
},
{
"type": "WEB",
"url": "https://lkml.org/lkml/2019/5/24/843"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/lkml/87o93u7d3s.fsf%40intel.com"
},
{
"type": "WEB",
"url": "https://salsa.debian.org/kernel-team/kernel-sec/blob/master/retired/CVE-2019-12382"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/108474"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CJ5P-4F7C-6W3G
Vulnerability from github – Published: 2022-05-14 00:55 – Updated: 2022-05-14 00:55A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service
{
"affected": [],
"aliases": [
"CVE-2018-1000121"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-03-14T18:29:00Z",
"severity": "HIGH"
},
"details": "A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service",
"id": "GHSA-cj5p-4f7c-6w3g",
"modified": "2022-05-14T00:55:56Z",
"published": "2022-05-14T00:55:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000121"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHBA-2019:0327"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3157"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3558"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0544"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0594"
},
{
"type": "WEB",
"url": "https://curl.haxx.se/docs/adv_2018-97a2.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00012.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3598-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3598-2"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4136"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103415"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1040529"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CJ6G-RRGH-RX3W
Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-16 18:32In the Linux kernel, the following vulnerability has been resolved:
vfio/cdx: Fix NULL pointer dereference in interrupt trigger path
Add validation to ensure MSI is configured before accessing cdx_irqs array in vfio_cdx_set_msi_trigger(). Without this check, userspace can trigger a NULL pointer dereference by calling VFIO_DEVICE_SET_IRQS with VFIO_IRQ_SET_DATA_BOOL or VFIO_IRQ_SET_DATA_NONE flags before ever setting up interrupts via VFIO_IRQ_SET_DATA_EVENTFD.
The vfio_cdx_msi_enable() function allocates the cdx_irqs array and sets config_msi to 1 only when called through the EVENTFD path. The trigger loop (for DATA_BOOL/DATA_NONE) assumed this had already been done, but there was no enforcement of this call ordering.
This matches the protection used in the PCI VFIO driver where vfio_pci_set_msi_trigger() checks irq_is() before the trigger loop.
{
"affected": [],
"aliases": [
"CVE-2026-46034"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-27T14:17:22Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/cdx: Fix NULL pointer dereference in interrupt trigger path\n\nAdd validation to ensure MSI is configured before accessing cdx_irqs\narray in vfio_cdx_set_msi_trigger(). Without this check, userspace\ncan trigger a NULL pointer dereference by calling VFIO_DEVICE_SET_IRQS\nwith VFIO_IRQ_SET_DATA_BOOL or VFIO_IRQ_SET_DATA_NONE flags before\never setting up interrupts via VFIO_IRQ_SET_DATA_EVENTFD.\n\nThe vfio_cdx_msi_enable() function allocates the cdx_irqs array and\nsets config_msi to 1 only when called through the EVENTFD path. The\ntrigger loop (for DATA_BOOL/DATA_NONE) assumed this had already been\ndone, but there was no enforcement of this call ordering.\n\nThis matches the protection used in the PCI VFIO driver where\nvfio_pci_set_msi_trigger() checks irq_is() before the trigger loop.",
"id": "GHSA-cj6g-rrgh-rx3w",
"modified": "2026-06-16T18:32:28Z",
"published": "2026-05-27T15:33:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46034"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/338a736aaf15e8ba3635ce20b29af5b8fc15e66a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/51bf7638f33aece41cb3f4cbeb942cc52950e329"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5d6c349c9823eb819fed8b537b088cf38126018c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5ea5880764cbb164afb17a62e76ca75dc371409d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CJ6W-GRF6-JQ78
Vulnerability from github – Published: 2026-05-04 15:31 – Updated: 2026-05-04 18:30A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration.
Users are recommended to upgrade to version 2.4.67, which fixes this issue.
{
"affected": [],
"aliases": [
"CVE-2026-33007"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-04T15:16:04Z",
"severity": "MODERATE"
},
"details": "A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration.\n\nUsers are recommended to upgrade to version 2.4.67, which fixes this issue.",
"id": "GHSA-cj6w-grf6-jq78",
"modified": "2026-05-04T18:30:29Z",
"published": "2026-05-04T15:31:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33007"
},
{
"type": "WEB",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/04/22"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-CJ9G-WWHQ-MMWP
Vulnerability from github – Published: 2022-05-13 01:27 – Updated: 2022-05-13 01:27In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record.
{
"affected": [],
"aliases": [
"CVE-2018-11356"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-05-22T21:29:00Z",
"severity": "HIGH"
},
"details": "In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record.",
"id": "GHSA-cj9g-wwhq-mmwp",
"modified": "2022-05-13T01:27:52Z",
"published": "2022-05-13T01:27:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11356"
},
{
"type": "WEB",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14681"
},
{
"type": "WEB",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4425716ddba99374749bd033d9bc0f4add2fb973"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2018-29.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104308"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041036"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CJFM-HC6Q-WR8H
Vulnerability from github – Published: 2025-09-17 15:30 – Updated: 2025-12-10 18:30In the Linux kernel, the following vulnerability has been resolved:
mmc: wmt-sdmmc: fix return value check of mmc_add_host()
mmc_add_host() may return error, if we ignore its return value, the memory that allocated in mmc_alloc_host() will be leaked and it will lead a kernel crash because of deleting not added device in the remove path.
So fix this by checking the return value and goto error path which will call mmc_free_host(), besides, clk_disable_unprepare() also needs be called.
{
"affected": [],
"aliases": [
"CVE-2022-50353"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-17T15:15:33Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: wmt-sdmmc: fix return value check of mmc_add_host()\n\nmmc_add_host() may return error, if we ignore its return value, the memory\nthat allocated in mmc_alloc_host() will be leaked and it will lead a kernel\ncrash because of deleting not added device in the remove path.\n\nSo fix this by checking the return value and goto error path which will call\nmmc_free_host(), besides, clk_disable_unprepare() also needs be called.",
"id": "GHSA-cjfm-hc6q-wr8h",
"modified": "2025-12-10T18:30:21Z",
"published": "2025-09-17T15:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50353"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/29276d56f6ed138db0f38cd31aedc0b725c8c76c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/58c3a8d0f1abeb1ca5c2df948be58ad4f7bb6f67"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/70b0620afab3c69d95a7e2dd7ceff162a21c4009"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9bedf64dda84b29151e41591d8ded9ff0e6d336a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b40ac3b696a9c84b36211ef0c3f5a422650c101b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c7a328cea791cc2769b6417943939420913b4a46"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/eb7a2d516d4fbd165c07877a20feccb047342b1f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ecd6f77af3478f5223aa4011642a891b7dc91228"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.