Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6305 vulnerabilities reference this CWE, most recent first.

GHSA-CQFM-VFH2-JPRP

Vulnerability from github – Published: 2022-05-24 16:53 – Updated: 2023-02-02 18:30
VLAI
Details

A vulnerability was found in Linux kernel's, versions up to 3.10, implementation of overlayfs. An attacker with local access can create a denial of service situation via NULL pointer dereference in ovl_posix_acl_create function in fs/overlayfs/dir.c. This can allow attackers with ability to create directories on overlayfs to crash the kernel creating a denial of service (DOS).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-10140"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-15T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in Linux kernel\u0027s, versions up to 3.10, implementation of overlayfs. An attacker with local access can create a denial of service situation via NULL pointer dereference in ovl_posix_acl_create function in fs/overlayfs/dir.c. This can allow attackers with ability to create directories on overlayfs to crash the kernel creating a denial of service (DOS).",
  "id": "GHSA-cqfm-vfh2-jprp",
  "modified": "2023-02-02T18:30:55Z",
  "published": "2022-05-24T16:53:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10140"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2029"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2043"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2019-10140"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677778"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10140"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20190905-0002"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CQG3-9QGQ-GRFJ

Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-18 03:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

tee: add overflow check in register_shm_helper()

With special lengths supplied by user space, register_shm_helper() has an integer overflow when calculating the number of pages covered by a supplied user space memory region.

This causes internal_get_user_pages_fast() a helper function of pin_user_pages_fast() to do a NULL pointer dereference:

Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010 Modules linked in: CPU: 1 PID: 173 Comm: optee_example_a Not tainted 5.19.0 #11 Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 pc : internal_get_user_pages_fast+0x474/0xa80 Call trace: internal_get_user_pages_fast+0x474/0xa80 pin_user_pages_fast+0x24/0x4c register_shm_helper+0x194/0x330 tee_shm_register_user_buf+0x78/0x120 tee_ioctl+0xd0/0x11a0 __arm64_sys_ioctl+0xa8/0xec invoke_syscall+0x48/0x114

Fix this by adding an an explicit call to access_ok() in tee_shm_register_user_buf() to catch an invalid user space address early.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50080"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-18T11:15:36Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntee: add overflow check in register_shm_helper()\n\nWith special lengths supplied by user space, register_shm_helper() has\nan integer overflow when calculating the number of pages covered by a\nsupplied user space memory region.\n\nThis causes internal_get_user_pages_fast() a helper function of\npin_user_pages_fast() to do a NULL pointer dereference:\n\n  Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010\n  Modules linked in:\n  CPU: 1 PID: 173 Comm: optee_example_a Not tainted 5.19.0 #11\n  Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015\n  pc : internal_get_user_pages_fast+0x474/0xa80\n  Call trace:\n   internal_get_user_pages_fast+0x474/0xa80\n   pin_user_pages_fast+0x24/0x4c\n   register_shm_helper+0x194/0x330\n   tee_shm_register_user_buf+0x78/0x120\n   tee_ioctl+0xd0/0x11a0\n   __arm64_sys_ioctl+0xa8/0xec\n   invoke_syscall+0x48/0x114\n\nFix this by adding an an explicit call to access_ok() in\ntee_shm_register_user_buf() to catch an invalid user space address\nearly.",
  "id": "GHSA-cqg3-9qgq-grfj",
  "modified": "2025-11-18T03:31:13Z",
  "published": "2025-06-18T12:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50080"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2f8e79a1a6128214cb9b205a9869341af5dfb16b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/573ae4f13f630d6660008f1974c0a8a29c30e18a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/578c349570d2a912401963783b36e0ec7a25c053"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/58c008d4d398f792ca67f35650610864725518fd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/965333345fe952cc7eebc8e3a565ffc709441af2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b37e0f17653c00b586cdbcdf0dbca475358ecffd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c12f0e6126ad223806a365084e86370511654bf1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CQGQ-9J28-F9QM

Vulnerability from github – Published: 2026-06-09 21:32 – Updated: 2026-06-14 00:30
VLAI
Details

A NULL pointer dereference in the ctts_box_write function (isomedia/box_code_base.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-55659"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-09T19:17:31Z",
    "severity": "MODERATE"
  },
  "details": "A NULL pointer dereference in the ctts_box_write function (isomedia/box_code_base.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.",
  "id": "GHSA-cqgq-9j28-f9qm",
  "modified": "2026-06-14T00:30:27Z",
  "published": "2026-06-09T21:32:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55659"
    },
    {
      "type": "WEB",
      "url": "https://infosec.exchange/@sigdevel/116710743410087676"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/06/13/17"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CQHH-H956-XVWM

Vulnerability from github – Published: 2022-05-24 19:19 – Updated: 2022-05-24 19:19
VLAI
Details

A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause System functions which are unavailable.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-22459"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-28T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause System functions which are unavailable.",
  "id": "GHSA-cqhh-h956-xvwm",
  "modified": "2022-05-24T19:19:09Z",
  "published": "2022-05-24T19:19:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22459"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202107-0000001123874808"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-CQJ4-2PFX-QGMR

Vulnerability from github – Published: 2024-05-22 09:31 – Updated: 2024-07-03 18:43
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

audit: fix possible null-pointer dereference in audit_filter_rules

Fix possible null-pointer dereference in audit_filter_rules.

audit_filter_rules() error: we previously assumed 'ctx' could be null

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47464"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-22T07:15:11Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\naudit: fix possible null-pointer dereference in audit_filter_rules\n\nFix  possible null-pointer dereference in audit_filter_rules.\n\naudit_filter_rules() error: we previously assumed \u0027ctx\u0027 could be null",
  "id": "GHSA-cqj4-2pfx-qgmr",
  "modified": "2024-07-03T18:43:06Z",
  "published": "2024-05-22T09:31:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47464"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/16802fa4c33eb1a8efb23f1e93365190e4047d05"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4e9e46a700201b4c85081fd478c99c692a9aaa0d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6e3ee990c90494561921c756481d0e2125d8b895"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d6f451f1f60c58d73038c7c3177066f8f084e2a2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CQW9-V6JQ-P9XW

Vulnerability from github – Published: 2022-05-17 02:36 – Updated: 2022-05-17 02:36
VLAI
Details

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-9440"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-12-12T02:59:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.",
  "id": "GHSA-cqw9-v6jq-p9xw",
  "modified": "2022-05-17T02:36:43Z",
  "published": "2022-05-17T02:36:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9440"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tats/w3m/issues/22"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tats/w3m/blob/master/ChangeLog"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201701-08"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/11/18/3"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94407"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CR28-MCQ5-HJMG

Vulnerability from github – Published: 2023-03-12 00:30 – Updated: 2023-03-15 21:30
VLAI
Details

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-1355"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-11T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402.",
  "id": "GHSA-cr28-mcq5-hjmg",
  "modified": "2023-03-15T21:30:25Z",
  "published": "2023-03-12T00:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1355"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vim/vim/commit/d13dd30240e32071210f55b587182ff48757ea46"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/4d0a9615-d438-4f5c-8dd6-aa22f4b716d9"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CR4P-CQHR-XJWP

Vulnerability from github – Published: 2025-05-08 09:30 – Updated: 2025-11-13 00:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer()

Add a NULL check for the returned hwq pointer by ufshcd_mcq_req_to_hwq().

This is similar to the fix in commit 74736103fb41 ("scsi: ufs: core: Fix ufshcd_abort_one racing issue").

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-37826"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-08T07:15:53Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer()\n\nAdd a NULL check for the returned hwq pointer by ufshcd_mcq_req_to_hwq().\n\nThis is similar to the fix in commit 74736103fb41 (\"scsi: ufs: core: Fix\nufshcd_abort_one racing issue\").",
  "id": "GHSA-cr4p-cqhr-xjwp",
  "modified": "2025-11-13T00:30:16Z",
  "published": "2025-05-08T09:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37826"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/08a966a917fe3d92150fa3cc15793ad5e57051eb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/700128d67d57bb1de4251e563ab85202def36c50"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eeab6618037be84e438e9d6ed5d9a53502faf81f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CR59-3VCQ-RRW6

Vulnerability from github – Published: 2024-10-23 00:31 – Updated: 2024-10-23 18:33
VLAI
Details

Null Pointer Dereference in coap_client_exchange_blockwise2 function in Keith Cullen FreeCoAP 1.0 allows remote attackers to cause a denial of service and potentially execute arbitrary code via a specially crafted CoAP packet that causes coap_msg_get_payload(resp) to return a null pointer, which is then dereferenced in a call to memcpy.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-40493"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-22T22:15:04Z",
    "severity": "MODERATE"
  },
  "details": "Null Pointer Dereference in `coap_client_exchange_blockwise2` function in Keith Cullen FreeCoAP 1.0 allows remote attackers to cause a denial of service and potentially execute arbitrary code via a specially crafted CoAP packet that causes `coap_msg_get_payload(resp)` to return a null pointer, which is then dereferenced in a call to `memcpy`.",
  "id": "GHSA-cr59-3vcq-rrw6",
  "modified": "2024-10-23T18:33:07Z",
  "published": "2024-10-23T00:31:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40493"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keith-cullen/FreeCoAP/issues/37"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/dqp10515/fe80005e2fb58ed8ada178ac017e4ad4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CR92-52GJ-3FX9

Vulnerability from github – Published: 2025-12-15 21:30 – Updated: 2025-12-15 21:30
VLAI
Details

The Cordova plugin cordova-plugin-x-socialsharing (SocialSharing-PhoneGap-Plugin) for Android 6.0.4, registers an exported broadcast receiver nl.xservices.plugins.ShareChooserPendingIntent with an android.intent.action.SEND intent filter. The onReceive implementation accesses Intent.EXTRA_CHOSEN_COMPONENT without checking for null. If a broadcast is sent with extras present but without EXTRA_CHOSEN_COMPONENT, the code dereferences a null value and throws a NullPointerException. Because the receiver is exported and performs no permission or caller validation, any local application on the device can send crafted ACTION_SEND broadcasts to this component and repeatedly crash the host application, resulting in a local, unauthenticated application-level denial of service for any app that includes the plugin.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-65835"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-15T19:16:05Z",
    "severity": "MODERATE"
  },
  "details": "The Cordova plugin cordova-plugin-x-socialsharing (SocialSharing-PhoneGap-Plugin) for Android 6.0.4, registers an exported broadcast receiver nl.xservices.plugins.ShareChooserPendingIntent with an android.intent.action.SEND intent filter. The onReceive implementation accesses Intent.EXTRA_CHOSEN_COMPONENT without checking for null. If a broadcast is sent with extras present but without EXTRA_CHOSEN_COMPONENT, the code dereferences a null value and throws a NullPointerException. Because the receiver is exported and performs no permission or caller validation, any local application on the device can send crafted ACTION_SEND broadcasts to this component and repeatedly crash the host application, resulting in a local, unauthenticated application-level denial of service for any app that includes the plugin.",
  "id": "GHSA-cr92-52gj-3fx9",
  "modified": "2025-12-15T21:30:31Z",
  "published": "2025-12-15T21:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65835"
    },
    {
      "type": "WEB",
      "url": "https://github.com/EddyVerbruggen/SocialSharing-PhoneGap-Plugin"
    },
    {
      "type": "WEB",
      "url": "https://medium.com/@lcrawfqrd/local-dos-via-exported-receivers-f6b1da10d3b7"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/package/cordova-plugin-x-socialsharing"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.