Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6299 vulnerabilities reference this CWE, most recent first.

GHSA-F2H5-VM63-V6J2

Vulnerability from github – Published: 2022-07-27 00:00 – Updated: 2022-07-29 00:00
VLAI
Details

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in find_cc() in modules/preprocs/nasm/nasm-pp.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-33458"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-26T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in find_cc() in modules/preprocs/nasm/nasm-pp.c.",
  "id": "GHSA-f2h5-vm63-v6j2",
  "modified": "2022-07-29T00:00:34Z",
  "published": "2022-07-27T00:00:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33458"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yasm/yasm/issues/170"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F2H7-8QHX-58QW

Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-05-24 17:44
VLAI
Details

An issue was discovered in Storage Performance Development Kit (SPDK) before 20.01.01. If a PDU is sent to the iSCSI target with a zero length (but data is expected), the iSCSI target can crash with a NULL pointer dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-28361"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-13T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Storage Performance Development Kit (SPDK) before 20.01.01. If a PDU is sent to the iSCSI target with a zero length (but data is expected), the iSCSI target can crash with a NULL pointer dereference.",
  "id": "GHSA-f2h7-8qhx-58qw",
  "modified": "2022-05-24T17:44:31Z",
  "published": "2022-05-24T17:44:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28361"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spdk/spdk/releases/tag/v21.01.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-F2H7-P6GX-HH2P

Vulnerability from github – Published: 2022-05-13 01:31 – Updated: 2022-05-13 01:31
VLAI
Details

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities have been identified, which may allow an attacker to execute arbitrary code.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-7497"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-05-15T22:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities have been identified, which may allow an attacker to execute arbitrary code.",
  "id": "GHSA-f2h7-p6gx-hh2p",
  "modified": "2022-05-13T01:31:53Z",
  "published": "2022-05-13T01:31:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7497"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104190"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F2JJ-RMRG-9RJX

Vulnerability from github – Published: 2024-08-26 09:30 – Updated: 2025-11-04 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: MGMT: Add error handling to pair_device()

hci_conn_params_add() never checks for a NULL value and could lead to a NULL pointer dereference causing a crash.

Fixed by adding error handling in the function.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-43884"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-26T08:15:03Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Add error handling to pair_device()\n\nhci_conn_params_add() never checks for a NULL value and could lead to a NULL\npointer dereference causing a crash.\n\nFixed by adding error handling in the function.",
  "id": "GHSA-f2jj-rmrg-9rjx",
  "modified": "2025-11-04T00:31:17Z",
  "published": "2024-08-26T09:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43884"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/064dd929c76532359d2905d90a7c12348043cfd4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/11b4b0e63f2621b33b2e107407a7d67a65994ca1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/538fd3921afac97158d4177139a0ad39f056dbb2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5da2884292329bc9be32a7778e0e119f06abe503"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/90e1ff1c15e5a8f3023ca8266e3a85869ed03ee9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/951d6cb5eaac5130d076c728f2a6db420621afdb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9df9783bd85610d3d6e126a1aca221531f6f6dcb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ee0799103b1ae4bcfd80dc11a15df085f6ee1b61"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F2WC-6G38-9VMC

Vulnerability from github – Published: 2025-08-16 12:30 – Updated: 2025-11-18 18:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ice: add NULL check in eswitch lag check

The function ice_lag_is_switchdev_running() is being called from outside of the LAG event handler code. This results in the lag->upper_netdev being NULL sometimes. To avoid a NULL-pointer dereference, there needs to be a check before it is dereferenced.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38526"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-16T12:15:28Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: add NULL check in eswitch lag check\n\nThe function ice_lag_is_switchdev_running() is being called from outside of\nthe LAG event handler code.  This results in the lag-\u003eupper_netdev being\nNULL sometimes.  To avoid a NULL-pointer dereference, there needs to be a\ncheck before it is dereferenced.",
  "id": "GHSA-f2wc-6g38-9vmc",
  "modified": "2025-11-18T18:32:48Z",
  "published": "2025-08-16T12:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38526"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/245917d3c5ed7c6ae720302b64eac5c6f0c85177"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/27591d926191e42b2332e4bad3bcd3a49def393b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3ce58b01ada408b372f15b7c992ed0519840e3cf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5a5d64f0eec82076b2c09fee2195d640cfbe3379"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F329-HQH6-8QMX

Vulnerability from github – Published: 2022-10-18 12:00 – Updated: 2022-10-21 19:01
VLAI
Details

An Unchecked Return Value to NULL Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). In Segment Routing (SR) to Label Distribution Protocol (LDP) interworking scenario, configured with Segment Routing Mapping Server (SRMS) at any node, when an Area Border Router (ABR) leaks the SRMS entries having "S" flag set from IS-IS Level 2 to Level 1, an rpd core might be observed when a specific low privileged CLI command is issued. This issue affects: Juniper Networks Junos OS 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved 21.4-EVO versions prior to 21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO; 22.1-EVO versions prior to 22.1R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.4R1. Juniper Networks Junos OS Evolved versions prior to 21.4R1-EVO.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-22233"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-252",
      "CWE-476",
      "CWE-690"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-18T03:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An Unchecked Return Value to NULL Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). In Segment Routing (SR) to Label Distribution Protocol (LDP) interworking scenario, configured with Segment Routing Mapping Server (SRMS) at any node, when an Area Border Router (ABR) leaks the SRMS entries having \"S\" flag set from IS-IS Level 2 to Level 1, an rpd core might be observed when a specific low privileged CLI command is issued. This issue affects: Juniper Networks Junos OS 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved 21.4-EVO versions prior to 21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO; 22.1-EVO versions prior to 22.1R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.4R1. Juniper Networks Junos OS Evolved versions prior to 21.4R1-EVO.",
  "id": "GHSA-f329-hqh6-8qmx",
  "modified": "2022-10-21T19:01:13Z",
  "published": "2022-10-18T12:00:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22233"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA69887"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F32X-JVJJ-MWJ4

Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2022-05-24 19:10
VLAI
Details

net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-38208"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-08T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call.",
  "id": "GHSA-f32x-jvjj-mwj4",
  "modified": "2022-05-24T19:10:23Z",
  "published": "2022-05-24T19:10:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38208"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/4ac06a1e013cf5fdd963317ffd3b968560f33bba"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992810"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.10"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/08/17/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/08/17/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/08/24/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-F33W-26QX-6HVM

Vulnerability from github – Published: 2025-03-06 18:31 – Updated: 2025-11-03 21:33
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table

The function atomctrl_get_smc_sclk_range_table() does not check the return value of smu_atom_get_data_table(). If smu_atom_get_data_table() fails to retrieve SMU_Info table, it returns NULL which is later dereferenced.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

In practice this should never happen as this code only gets called on polaris chips and the vbios data table will always be present on those chips.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-58052"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-06T16:15:51Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table\n\nThe function atomctrl_get_smc_sclk_range_table() does not check the return\nvalue of smu_atom_get_data_table(). If smu_atom_get_data_table() fails to\nretrieve SMU_Info table, it returns NULL which is later dereferenced.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\nIn practice this should never happen as this code only gets called\non polaris chips and the vbios data table will always be present on\nthose chips.",
  "id": "GHSA-f33w-26qx-6hvm",
  "modified": "2025-11-03T21:33:07Z",
  "published": "2025-03-06T18:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-58052"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0b97cd8a61b2b40fd73cf92a4bb2256462d22adb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2396bc91935c6da0588ce07850d07897974bd350"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/357445e28ff004d7f10967aa93ddb4bffa5c3688"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/396350adf0e5ad4bf05f01e4d79bfb82f0f6c41a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6a30634a2e0f1dd3c6b39fd0f114c32893a9907a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a713ba7167c2d74c477dd7764dbbdbe3199f17f4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ae522ad211ec4b72eaf742b25f24b0a406afcba1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c47066ed7c8f3b320ef87fa6217a2b8b24e127cc"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F34C-FH2Q-RWH2

Vulnerability from github – Published: 2025-09-16 15:32 – Updated: 2025-12-03 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

media: bdisp: Add missing check for create_workqueue

Add the check for the return value of the create_workqueue in order to avoid NULL pointer dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53289"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-16T08:15:38Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: bdisp: Add missing check for create_workqueue\n\nAdd the check for the return value of the create_workqueue\nin order to avoid NULL pointer dereference.",
  "id": "GHSA-f34c-fh2q-rwh2",
  "modified": "2025-12-03T18:30:20Z",
  "published": "2025-09-16T15:32:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53289"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0d09ce05724cfb3f5c5136893bec95305c641875"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2371adeab717d8fe32144a84f3491a03c5838cfb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2bfbe3ad371ac5349302833198df14e442622cbc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4362444dca02ab44ac844feda3cf6238ef953673"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/519b0849401194745ea40f9e07513b870afc1b42"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c2e55481731b0e8c96f30f661e430aa884fbd354"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c6a315f0b14074ac89723f55b749a557dda0ae2b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eef95a2745cb91559bb03aa111c228fe38deaf64"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fc1aeafdf6fb0a136c2257000f0d478ee62953fe"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F34V-4Q4F-PF5Q

Vulnerability from github – Published: 2024-08-12 15:30 – Updated: 2025-11-04 00:31
VLAI
Details

A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-43167"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-12T13:38:35Z",
    "severity": "LOW"
  },
  "details": "A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.",
  "id": "GHSA-f34v-4q4f-pf5q",
  "modified": "2025-11-04T00:31:11Z",
  "published": "2024-08-12T15:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43167"
    },
    {
      "type": "WEB",
      "url": "https://github.com/NLnetLabs/unbound/issues/1072"
    },
    {
      "type": "WEB",
      "url": "https://github.com/NLnetLabs/unbound/pull/1073/files"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2024-43167"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2303456"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00046.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/08/16/6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.