CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6299 vulnerabilities reference this CWE, most recent first.
GHSA-F2H5-VM63-V6J2
Vulnerability from github – Published: 2022-07-27 00:00 – Updated: 2022-07-29 00:00An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in find_cc() in modules/preprocs/nasm/nasm-pp.c.
{
"affected": [],
"aliases": [
"CVE-2021-33458"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-26T13:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in find_cc() in modules/preprocs/nasm/nasm-pp.c.",
"id": "GHSA-f2h5-vm63-v6j2",
"modified": "2022-07-29T00:00:34Z",
"published": "2022-07-27T00:00:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33458"
},
{
"type": "WEB",
"url": "https://github.com/yasm/yasm/issues/170"
},
{
"type": "WEB",
"url": "https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F2H7-8QHX-58QW
Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-05-24 17:44An issue was discovered in Storage Performance Development Kit (SPDK) before 20.01.01. If a PDU is sent to the iSCSI target with a zero length (but data is expected), the iSCSI target can crash with a NULL pointer dereference.
{
"affected": [],
"aliases": [
"CVE-2021-28361"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-13T19:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Storage Performance Development Kit (SPDK) before 20.01.01. If a PDU is sent to the iSCSI target with a zero length (but data is expected), the iSCSI target can crash with a NULL pointer dereference.",
"id": "GHSA-f2h7-8qhx-58qw",
"modified": "2022-05-24T17:44:31Z",
"published": "2022-05-24T17:44:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28361"
},
{
"type": "WEB",
"url": "https://github.com/spdk/spdk/releases/tag/v21.01.1"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-F2H7-P6GX-HH2P
Vulnerability from github – Published: 2022-05-13 01:31 – Updated: 2022-05-13 01:31In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities have been identified, which may allow an attacker to execute arbitrary code.
{
"affected": [],
"aliases": [
"CVE-2018-7497"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-05-15T22:29:00Z",
"severity": "CRITICAL"
},
"details": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities have been identified, which may allow an attacker to execute arbitrary code.",
"id": "GHSA-f2h7-p6gx-hh2p",
"modified": "2022-05-13T01:31:53Z",
"published": "2022-05-13T01:31:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7497"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104190"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F2JJ-RMRG-9RJX
Vulnerability from github – Published: 2024-08-26 09:30 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: MGMT: Add error handling to pair_device()
hci_conn_params_add() never checks for a NULL value and could lead to a NULL pointer dereference causing a crash.
Fixed by adding error handling in the function.
{
"affected": [],
"aliases": [
"CVE-2024-43884"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-26T08:15:03Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Add error handling to pair_device()\n\nhci_conn_params_add() never checks for a NULL value and could lead to a NULL\npointer dereference causing a crash.\n\nFixed by adding error handling in the function.",
"id": "GHSA-f2jj-rmrg-9rjx",
"modified": "2025-11-04T00:31:17Z",
"published": "2024-08-26T09:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43884"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/064dd929c76532359d2905d90a7c12348043cfd4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/11b4b0e63f2621b33b2e107407a7d67a65994ca1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/538fd3921afac97158d4177139a0ad39f056dbb2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5da2884292329bc9be32a7778e0e119f06abe503"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/90e1ff1c15e5a8f3023ca8266e3a85869ed03ee9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/951d6cb5eaac5130d076c728f2a6db420621afdb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9df9783bd85610d3d6e126a1aca221531f6f6dcb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ee0799103b1ae4bcfd80dc11a15df085f6ee1b61"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F2WC-6G38-9VMC
Vulnerability from github – Published: 2025-08-16 12:30 – Updated: 2025-11-18 18:32In the Linux kernel, the following vulnerability has been resolved:
ice: add NULL check in eswitch lag check
The function ice_lag_is_switchdev_running() is being called from outside of the LAG event handler code. This results in the lag->upper_netdev being NULL sometimes. To avoid a NULL-pointer dereference, there needs to be a check before it is dereferenced.
{
"affected": [],
"aliases": [
"CVE-2025-38526"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-16T12:15:28Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: add NULL check in eswitch lag check\n\nThe function ice_lag_is_switchdev_running() is being called from outside of\nthe LAG event handler code. This results in the lag-\u003eupper_netdev being\nNULL sometimes. To avoid a NULL-pointer dereference, there needs to be a\ncheck before it is dereferenced.",
"id": "GHSA-f2wc-6g38-9vmc",
"modified": "2025-11-18T18:32:48Z",
"published": "2025-08-16T12:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38526"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/245917d3c5ed7c6ae720302b64eac5c6f0c85177"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/27591d926191e42b2332e4bad3bcd3a49def393b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3ce58b01ada408b372f15b7c992ed0519840e3cf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5a5d64f0eec82076b2c09fee2195d640cfbe3379"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F329-HQH6-8QMX
Vulnerability from github – Published: 2022-10-18 12:00 – Updated: 2022-10-21 19:01An Unchecked Return Value to NULL Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). In Segment Routing (SR) to Label Distribution Protocol (LDP) interworking scenario, configured with Segment Routing Mapping Server (SRMS) at any node, when an Area Border Router (ABR) leaks the SRMS entries having "S" flag set from IS-IS Level 2 to Level 1, an rpd core might be observed when a specific low privileged CLI command is issued. This issue affects: Juniper Networks Junos OS 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved 21.4-EVO versions prior to 21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO; 22.1-EVO versions prior to 22.1R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.4R1. Juniper Networks Junos OS Evolved versions prior to 21.4R1-EVO.
{
"affected": [],
"aliases": [
"CVE-2022-22233"
],
"database_specific": {
"cwe_ids": [
"CWE-252",
"CWE-476",
"CWE-690"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-18T03:15:00Z",
"severity": "MODERATE"
},
"details": "An Unchecked Return Value to NULL Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). In Segment Routing (SR) to Label Distribution Protocol (LDP) interworking scenario, configured with Segment Routing Mapping Server (SRMS) at any node, when an Area Border Router (ABR) leaks the SRMS entries having \"S\" flag set from IS-IS Level 2 to Level 1, an rpd core might be observed when a specific low privileged CLI command is issued. This issue affects: Juniper Networks Junos OS 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved 21.4-EVO versions prior to 21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO; 22.1-EVO versions prior to 22.1R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.4R1. Juniper Networks Junos OS Evolved versions prior to 21.4R1-EVO.",
"id": "GHSA-f329-hqh6-8qmx",
"modified": "2022-10-21T19:01:13Z",
"published": "2022-10-18T12:00:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22233"
},
{
"type": "WEB",
"url": "https://kb.juniper.net/JSA69887"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F32X-JVJJ-MWJ4
Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2022-05-24 19:10net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call.
{
"affected": [],
"aliases": [
"CVE-2021-38208"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-08T20:15:00Z",
"severity": "MODERATE"
},
"details": "net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call.",
"id": "GHSA-f32x-jvjj-mwj4",
"modified": "2022-05-24T19:10:23Z",
"published": "2022-05-24T19:10:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38208"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/4ac06a1e013cf5fdd963317ffd3b968560f33bba"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992810"
},
{
"type": "WEB",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.10"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/08/17/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/08/17/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/08/24/2"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-F33W-26QX-6HVM
Vulnerability from github – Published: 2025-03-06 18:31 – Updated: 2025-11-03 21:33In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table
The function atomctrl_get_smc_sclk_range_table() does not check the return value of smu_atom_get_data_table(). If smu_atom_get_data_table() fails to retrieve SMU_Info table, it returns NULL which is later dereferenced.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
In practice this should never happen as this code only gets called on polaris chips and the vbios data table will always be present on those chips.
{
"affected": [],
"aliases": [
"CVE-2024-58052"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-06T16:15:51Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table\n\nThe function atomctrl_get_smc_sclk_range_table() does not check the return\nvalue of smu_atom_get_data_table(). If smu_atom_get_data_table() fails to\nretrieve SMU_Info table, it returns NULL which is later dereferenced.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\nIn practice this should never happen as this code only gets called\non polaris chips and the vbios data table will always be present on\nthose chips.",
"id": "GHSA-f33w-26qx-6hvm",
"modified": "2025-11-03T21:33:07Z",
"published": "2025-03-06T18:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-58052"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0b97cd8a61b2b40fd73cf92a4bb2256462d22adb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2396bc91935c6da0588ce07850d07897974bd350"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/357445e28ff004d7f10967aa93ddb4bffa5c3688"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/396350adf0e5ad4bf05f01e4d79bfb82f0f6c41a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6a30634a2e0f1dd3c6b39fd0f114c32893a9907a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a713ba7167c2d74c477dd7764dbbdbe3199f17f4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ae522ad211ec4b72eaf742b25f24b0a406afcba1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c47066ed7c8f3b320ef87fa6217a2b8b24e127cc"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F34C-FH2Q-RWH2
Vulnerability from github – Published: 2025-09-16 15:32 – Updated: 2025-12-03 18:30In the Linux kernel, the following vulnerability has been resolved:
media: bdisp: Add missing check for create_workqueue
Add the check for the return value of the create_workqueue in order to avoid NULL pointer dereference.
{
"affected": [],
"aliases": [
"CVE-2023-53289"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-16T08:15:38Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: bdisp: Add missing check for create_workqueue\n\nAdd the check for the return value of the create_workqueue\nin order to avoid NULL pointer dereference.",
"id": "GHSA-f34c-fh2q-rwh2",
"modified": "2025-12-03T18:30:20Z",
"published": "2025-09-16T15:32:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53289"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0d09ce05724cfb3f5c5136893bec95305c641875"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2371adeab717d8fe32144a84f3491a03c5838cfb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2bfbe3ad371ac5349302833198df14e442622cbc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4362444dca02ab44ac844feda3cf6238ef953673"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/519b0849401194745ea40f9e07513b870afc1b42"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c2e55481731b0e8c96f30f661e430aa884fbd354"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c6a315f0b14074ac89723f55b749a557dda0ae2b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/eef95a2745cb91559bb03aa111c228fe38deaf64"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fc1aeafdf6fb0a136c2257000f0d478ee62953fe"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F34V-4Q4F-PF5Q
Vulnerability from github – Published: 2024-08-12 15:30 – Updated: 2025-11-04 00:31A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.
{
"affected": [],
"aliases": [
"CVE-2024-43167"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-12T13:38:35Z",
"severity": "LOW"
},
"details": "A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.",
"id": "GHSA-f34v-4q4f-pf5q",
"modified": "2025-11-04T00:31:11Z",
"published": "2024-08-12T15:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43167"
},
{
"type": "WEB",
"url": "https://github.com/NLnetLabs/unbound/issues/1072"
},
{
"type": "WEB",
"url": "https://github.com/NLnetLabs/unbound/pull/1073/files"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-43167"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2303456"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00046.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/08/16/6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.