Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6305 vulnerabilities reference this CWE, most recent first.

GHSA-CHVJ-HF6V-QXXV

Vulnerability from github – Published: 2022-05-13 01:27 – Updated: 2025-04-20 03:43
VLAI
Details

The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-12950"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-08-28T19:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.",
  "id": "GHSA-chvj-hf6v-qxxv",
  "modified": "2025-04-20T03:43:57Z",
  "published": "2022-05-13T01:27:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12950"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/42546"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2017/Aug/39"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CHWM-VQ5F-3R66

Vulnerability from github – Published: 2022-05-17 00:27 – Updated: 2022-05-17 00:27
VLAI
Details

The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-5951"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-03T05:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.",
  "id": "GHSA-chwm-vq5f-3r66",
  "modified": "2022-05-17T00:27:01Z",
  "published": "2022-05-17T00:27:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5951"
    },
    {
      "type": "WEB",
      "url": "https://bugs.ghostscript.com/show_bug.cgi?id=697548"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201708-06"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2017/dsa-3838"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/98665"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CHWM-XP9X-8VV7

Vulnerability from github – Published: 2024-05-21 18:31 – Updated: 2025-01-15 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

tty: vcc: Add check for kstrdup() in vcc_probe()

Add check for the return value of kstrdup() and return the error, if it fails in order to avoid NULL pointer dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52789"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T16:15:17Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: vcc: Add check for kstrdup() in vcc_probe()\n\nAdd check for the return value of kstrdup() and return the error, if it\nfails in order to avoid NULL pointer dereference.",
  "id": "GHSA-chwm-xp9x-8vv7",
  "modified": "2025-01-15T18:30:53Z",
  "published": "2024-05-21T18:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52789"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/38cd56fc9de78bf3c878790785e8c231116ef9d3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/460284dfb10b207980c6f3f7046e33446ceb38ac"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4a24a31826246b15477399febd13292b0c9f0ee9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4ef41a7f33ffe1a335e7db7e1564ddc6afad47cc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6c80f48912b5bd4965352d1a9a989e21743a4a06"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7cebc86481bf16049e266f6774d90f2fd4f8d5d2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8f8771757b130383732195497e47fba2aba76d3a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/909963e0c16778cec28efb1affc21558825f4200"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d81ffb87aaa75f842cd7aa57091810353755b3e6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CHX2-GCQ9-6MV7

Vulnerability from github – Published: 2025-05-13 18:30 – Updated: 2025-05-13 18:30
VLAI
Details

InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-30320"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-13T17:15:59Z",
    "severity": "MODERATE"
  },
  "details": "InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-chx2-gcq9-6mv7",
  "modified": "2025-05-13T18:30:56Z",
  "published": "2025-05-13T18:30:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30320"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/indesign/apsb25-37.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CJ2J-Q546-99J2

Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2024-03-21 03:33
VLAI
Details

An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-12382"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-05-28T03:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).",
  "id": "GHSA-cj2j-q546-99j2",
  "modified": "2024-03-21T03:33:40Z",
  "published": "2022-05-24T16:46:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12382"
    },
    {
      "type": "WEB",
      "url": "https://cgit.freedesktop.org/drm/drm-misc/commit/?id=9f1f1a2dab38d4ce87a13565cf4dc1b73bef3a5f"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLGWJKLMTBBB53D5QLS4HOY2EH246WBE"
    },
    {
      "type": "WEB",
      "url": "https://lkml.org/lkml/2019/5/24/843"
    },
    {
      "type": "WEB",
      "url": "https://lore.kernel.org/lkml/87o93u7d3s.fsf%40intel.com"
    },
    {
      "type": "WEB",
      "url": "https://salsa.debian.org/kernel-team/kernel-sec/blob/master/retired/CVE-2019-12382"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/108474"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CJ5P-4F7C-6W3G

Vulnerability from github – Published: 2022-05-14 00:55 – Updated: 2022-05-14 00:55
VLAI
Details

A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-1000121"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-03-14T18:29:00Z",
    "severity": "HIGH"
  },
  "details": "A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service",
  "id": "GHSA-cj5p-4f7c-6w3g",
  "modified": "2022-05-14T00:55:56Z",
  "published": "2022-05-14T00:55:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000121"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHBA-2019:0327"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3157"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3558"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0544"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0594"
    },
    {
      "type": "WEB",
      "url": "https://curl.haxx.se/docs/adv_2018-97a2.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00012.html"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3598-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3598-2"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4136"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/103415"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040529"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CJ6G-RRGH-RX3W

Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-16 18:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

vfio/cdx: Fix NULL pointer dereference in interrupt trigger path

Add validation to ensure MSI is configured before accessing cdx_irqs array in vfio_cdx_set_msi_trigger(). Without this check, userspace can trigger a NULL pointer dereference by calling VFIO_DEVICE_SET_IRQS with VFIO_IRQ_SET_DATA_BOOL or VFIO_IRQ_SET_DATA_NONE flags before ever setting up interrupts via VFIO_IRQ_SET_DATA_EVENTFD.

The vfio_cdx_msi_enable() function allocates the cdx_irqs array and sets config_msi to 1 only when called through the EVENTFD path. The trigger loop (for DATA_BOOL/DATA_NONE) assumed this had already been done, but there was no enforcement of this call ordering.

This matches the protection used in the PCI VFIO driver where vfio_pci_set_msi_trigger() checks irq_is() before the trigger loop.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-46034"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-27T14:17:22Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/cdx: Fix NULL pointer dereference in interrupt trigger path\n\nAdd validation to ensure MSI is configured before accessing cdx_irqs\narray in vfio_cdx_set_msi_trigger(). Without this check, userspace\ncan trigger a NULL pointer dereference by calling VFIO_DEVICE_SET_IRQS\nwith VFIO_IRQ_SET_DATA_BOOL or VFIO_IRQ_SET_DATA_NONE flags before\never setting up interrupts via VFIO_IRQ_SET_DATA_EVENTFD.\n\nThe vfio_cdx_msi_enable() function allocates the cdx_irqs array and\nsets config_msi to 1 only when called through the EVENTFD path. The\ntrigger loop (for DATA_BOOL/DATA_NONE) assumed this had already been\ndone, but there was no enforcement of this call ordering.\n\nThis matches the protection used in the PCI VFIO driver where\nvfio_pci_set_msi_trigger() checks irq_is() before the trigger loop.",
  "id": "GHSA-cj6g-rrgh-rx3w",
  "modified": "2026-06-16T18:32:28Z",
  "published": "2026-05-27T15:33:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46034"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/338a736aaf15e8ba3635ce20b29af5b8fc15e66a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/51bf7638f33aece41cb3f4cbeb942cc52950e329"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5d6c349c9823eb819fed8b537b088cf38126018c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5ea5880764cbb164afb17a62e76ca75dc371409d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CJ6W-GRF6-JQ78

Vulnerability from github – Published: 2026-05-04 15:31 – Updated: 2026-05-04 18:30
VLAI
Details

A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration.

Users are recommended to upgrade to version 2.4.67, which fixes this issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-33007"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-04T15:16:04Z",
    "severity": "MODERATE"
  },
  "details": "A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration.\n\nUsers are recommended to upgrade to version 2.4.67, which fixes this issue.",
  "id": "GHSA-cj6w-grf6-jq78",
  "modified": "2026-05-04T18:30:29Z",
  "published": "2026-05-04T15:31:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33007"
    },
    {
      "type": "WEB",
      "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/04/22"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CJ9G-WWHQ-MMWP

Vulnerability from github – Published: 2022-05-13 01:27 – Updated: 2022-05-13 01:27
VLAI
Details

In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-11356"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-05-22T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record.",
  "id": "GHSA-cj9g-wwhq-mmwp",
  "modified": "2022-05-13T01:27:52Z",
  "published": "2022-05-13T01:27:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11356"
    },
    {
      "type": "WEB",
      "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14681"
    },
    {
      "type": "WEB",
      "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4425716ddba99374749bd033d9bc0f4add2fb973"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html"
    },
    {
      "type": "WEB",
      "url": "https://www.wireshark.org/security/wnpa-sec-2018-29.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104308"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041036"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CJFM-HC6Q-WR8H

Vulnerability from github – Published: 2025-09-17 15:30 – Updated: 2025-12-10 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

mmc: wmt-sdmmc: fix return value check of mmc_add_host()

mmc_add_host() may return error, if we ignore its return value, the memory that allocated in mmc_alloc_host() will be leaked and it will lead a kernel crash because of deleting not added device in the remove path.

So fix this by checking the return value and goto error path which will call mmc_free_host(), besides, clk_disable_unprepare() also needs be called.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50353"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-17T15:15:33Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: wmt-sdmmc: fix return value check of mmc_add_host()\n\nmmc_add_host() may return error, if we ignore its return value, the memory\nthat allocated in mmc_alloc_host() will be leaked and it will lead a kernel\ncrash because of deleting not added device in the remove path.\n\nSo fix this by checking the return value and goto error path which will call\nmmc_free_host(), besides, clk_disable_unprepare() also needs be called.",
  "id": "GHSA-cjfm-hc6q-wr8h",
  "modified": "2025-12-10T18:30:21Z",
  "published": "2025-09-17T15:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50353"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/29276d56f6ed138db0f38cd31aedc0b725c8c76c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/58c3a8d0f1abeb1ca5c2df948be58ad4f7bb6f67"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/70b0620afab3c69d95a7e2dd7ceff162a21c4009"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9bedf64dda84b29151e41591d8ded9ff0e6d336a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b40ac3b696a9c84b36211ef0c3f5a422650c101b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c7a328cea791cc2769b6417943939420913b4a46"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eb7a2d516d4fbd165c07877a20feccb047342b1f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ecd6f77af3478f5223aa4011642a891b7dc91228"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.