Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6305 vulnerabilities reference this CWE, most recent first.

GHSA-FFRR-6F6G-MC3R

Vulnerability from github – Published: 2024-07-30 09:32 – Updated: 2024-09-16 14:37
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

thermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data

Verify that lvts_data is not NULL before using it.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-42144"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-30T08:15:06Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data\n\nVerify that lvts_data is not NULL before using it.",
  "id": "GHSA-ffrr-6f6g-mc3r",
  "modified": "2024-09-16T14:37:24Z",
  "published": "2024-07-30T09:32:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42144"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/79ef1a5593fdb8aa4dbccf6085c48f1739338bc9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a1191a77351e25ddf091bb1a231cae12ee598b5d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fd7ae1cabfedd727be5bee774c87acbc7b10b886"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FFWX-RGQV-XV4M

Vulnerability from github – Published: 2026-01-27 18:32 – Updated: 2026-04-29 04:14
VLAI
Details

The Tapo C220 v1 and C520WS v2 cameras’ HTTP service does not safely handle POST requests containing an excessively large Content-Length header. The resulting failed memory allocation triggers a NULL pointer dereference, causing the main service process to crash. An unauthenticated attacker can repeatedly crash the service, causing temporary denial of service. The device restarts automatically, and repeated requests can keep it unavailable.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-0918"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-27T18:15:54Z",
    "severity": "HIGH"
  },
  "details": "The Tapo C220 v1 and C520WS v2 cameras\u2019 HTTP service does not safely handle POST requests containing an excessively large Content-Length header. The resulting failed memory allocation triggers a NULL pointer dereference, causing the main service process to crash.\u00a0An unauthenticated attacker can repeatedly crash the service, causing temporary denial of service. The device restarts automatically, and repeated requests can keep it unavailable.",
  "id": "GHSA-ffwx-rgqv-xv4m",
  "modified": "2026-04-29T04:14:07Z",
  "published": "2026-01-27T18:32:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0918"
    },
    {
      "type": "WEB",
      "url": "https://www.crac-learning.com/post/smart-home-security-research-cve-2026-0918-assigned"
    },
    {
      "type": "WEB",
      "url": "https://www.tp-link.com/en/support/download/tapo-c220/v1"
    },
    {
      "type": "WEB",
      "url": "https://www.tp-link.com/en/support/download/tapo-c520ws/v2"
    },
    {
      "type": "WEB",
      "url": "https://www.tp-link.com/us/support/download/tapo-c100/v5"
    },
    {
      "type": "WEB",
      "url": "https://www.tp-link.com/us/support/download/tapo-c220/v1.60"
    },
    {
      "type": "WEB",
      "url": "https://www.tp-link.com/us/support/download/tapo-c520ws/v2"
    },
    {
      "type": "WEB",
      "url": "https://www.tp-link.com/us/support/faq/4923"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-FFX6-JMHC-527Q

Vulnerability from github – Published: 2022-05-14 03:04 – Updated: 2022-05-14 03:04
VLAI
Details

dwg_obj_block_control_get_block_headers in dwg_api.c in GNU LibreDWG 0.5.1048 allows remote attackers to cause a denial of service (NULL pointer dereference and SEGV) via a crafted dwg file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-14471"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-20T16:29:00Z",
    "severity": "MODERATE"
  },
  "details": "dwg_obj_block_control_get_block_headers in dwg_api.c in GNU LibreDWG 0.5.1048 allows remote attackers to cause a denial of service (NULL pointer dereference and SEGV) via a crafted dwg file.",
  "id": "GHSA-ffx6-jmhc-527q",
  "modified": "2022-05-14T03:04:49Z",
  "published": "2022-05-14T03:04:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14471"
    },
    {
      "type": "WEB",
      "url": "https://github.com/LibreDWG/libredwg/issues/32"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FFXC-RWG8-QGJW

Vulnerability from github – Published: 2024-10-21 18:30 – Updated: 2024-12-09 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Check null pointer before try to access it

[why & how] Change the order of the pipe_ctx->plane_state check to ensure that plane_state is not null before accessing it.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49906"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T18:15:13Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null pointer before try to access it\n\n[why \u0026 how]\nChange the order of the pipe_ctx-\u003eplane_state check to ensure that\nplane_state is not null before accessing it.",
  "id": "GHSA-ffxc-rwg8-qgjw",
  "modified": "2024-12-09T15:31:33Z",
  "published": "2024-10-21T18:30:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49906"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1b686053c06ffb9f4524b288110cf2a831ff7a25"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2002ccb93004e76a471b180560accb2c1f850f35"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ebef6616219ff04abdeb39450625f85419787ee3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FG2V-2X5H-36QC

Vulnerability from github – Published: 2022-05-24 17:05 – Updated: 2024-04-04 02:45
VLAI
Details

In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-19965"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362",
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-12-25T04:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.",
  "id": "GHSA-fg2v-2x5h-36qc",
  "modified": "2024-04-04T02:45:17Z",
  "published": "2022-05-24T17:05:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19965"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f70267f379b5e5e11bdc5d72a56bf17e5feed01f"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20200204-0002"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4284-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4285-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4286-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4286-2"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4287-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4287-2"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FG2W-R2W5-MGJW

Vulnerability from github – Published: 2024-04-03 15:30 – Updated: 2025-01-07 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

HID: i2c-hid-of: fix NULL-deref on failed power up

A while back the I2C HID implementation was split in an ACPI and OF part, but the new OF driver never initialises the client pointer which is dereferenced on power-up failures.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26717"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-03T15:15:53Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: i2c-hid-of: fix NULL-deref on failed power up\n\nA while back the I2C HID implementation was split in an ACPI and OF\npart, but the new OF driver never initialises the client pointer which\nis dereferenced on power-up failures.",
  "id": "GHSA-fg2w-r2w5-mgjw",
  "modified": "2025-01-07T21:30:54Z",
  "published": "2024-04-03T15:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26717"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/00aab7dcb2267f2aef59447602f34501efe1a07f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4cad91344a62536a2949873bad6365fbb6232776"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/62f5d219edbd174829aa18d4b3d97cd5fefbb783"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d7d7a0e3b6f5adc45f23667cbb919e99093a5b5c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e28d6b63aeecbda450935fb58db0e682ea8212d3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FG67-2RCJ-C4J8

Vulnerability from github – Published: 2026-01-15 18:31 – Updated: 2026-01-30 21:30
VLAI
Details

A Null Pointer Dereference vulnerability exists in the referer header check of the web portal of TP-Link TL-WR841N v14, caused by improper input validation.  A remote, unauthenticated attacker can exploit this flaw and cause Denial of Service on the web portal service.This issue affects TL-WR841N v14: before 250908.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-9014"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-15T18:16:38Z",
    "severity": "MODERATE"
  },
  "details": "A Null Pointer Dereference vulnerability exists in the referer header check of the\u00a0web portal of TP-Link TL-WR841N v14, caused by improper input validation.\u00a0 A remote, unauthenticated attacker can exploit this flaw and\u00a0cause Denial of Service on the web portal service.This issue affects TL-WR841N v14: before 250908.",
  "id": "GHSA-fg67-2rcj-c4j8",
  "modified": "2026-01-30T21:30:20Z",
  "published": "2026-01-15T18:31:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9014"
    },
    {
      "type": "WEB",
      "url": "https://www.tp-link.com/en/support/download/tl-wr841n/#Firmware"
    },
    {
      "type": "WEB",
      "url": "https://www.tp-link.com/jp/support/download/tl-wr841n/#Firmware"
    },
    {
      "type": "WEB",
      "url": "https://www.tp-link.com/us/support/download/tl-wr841n/#Firmware"
    },
    {
      "type": "WEB",
      "url": "https://www.tp-link.com/us/support/faq/4894"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-FG75-CHCF-XJG7

Vulnerability from github – Published: 2022-05-24 16:56 – Updated: 2023-05-22 21:30
VLAI
Details

A vulnerability in the common Session Initiation Protocol (SIP) library of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient sanity checks on an internal data structure. An attacker could exploit this vulnerability by sending a sequence of malicious SIP messages to an affected device. An exploit could allow the attacker to cause a NULL pointer dereference, resulting in a crash of the iosd process. This triggers a reload of the device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-12654"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-09-25T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the common Session Initiation Protocol (SIP) library of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient sanity checks on an internal data structure. An attacker could exploit this vulnerability by sending a sequence of malicious SIP messages to an affected device. An exploit could allow the attacker to cause a NULL pointer dereference, resulting in a crash of the iosd process. This triggers a reload of the device.",
  "id": "GHSA-fg75-chcf-xjg7",
  "modified": "2023-05-22T21:30:15Z",
  "published": "2022-05-24T16:56:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12654"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-sip-dos"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FG94-XG7J-W3VF

Vulnerability from github – Published: 2024-10-21 15:32 – Updated: 2024-10-22 18:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: iwlwifi: mvm: set the cipher for secured NDP ranging

The cipher pointer is not set, but is derefereced trying to set its content, which leads to a NULL pointer dereference. Fix it by pointing to the cipher parameter before dereferencing.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49857"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T13:15:06Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: set the cipher for secured NDP ranging\n\nThe cipher pointer is not set, but is derefereced trying to set its\ncontent, which leads to a NULL pointer dereference.\nFix it by pointing to the cipher parameter before dereferencing.",
  "id": "GHSA-fg94-xg7j-w3vf",
  "modified": "2024-10-22T18:32:10Z",
  "published": "2024-10-21T15:32:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49857"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a949075d4bbf1ca83ccdeaa6ef4ac2ce7526c5f4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b3322a6d6aa9bc17b395c4b38d3b97578887aa8a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FGCP-9269-XJJ7

Vulnerability from github – Published: 2024-05-19 09:34 – Updated: 2024-12-30 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: phy: micrel: Fix potential null pointer dereference

In lan8814_get_sig_rx() and lan8814_get_sig_tx() ptp_parse_header() may return NULL as ptp_header due to abnormal packet type or corrupted packet. Fix this bug by adding ptp_header check.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-35891"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-19T09:15:10Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: micrel: Fix potential null pointer dereference\n\nIn lan8814_get_sig_rx() and lan8814_get_sig_tx() ptp_parse_header() may\nreturn NULL as ptp_header due to abnormal packet type or corrupted packet.\nFix this bug by adding ptp_header check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
  "id": "GHSA-fgcp-9269-xjj7",
  "modified": "2024-12-30T18:30:41Z",
  "published": "2024-05-19T09:34:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35891"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/10608161696c2768f53426642f78a42bcaaa53e8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/49767b0df276f12e3e7184601e09ee7430e252dc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/95c1016a2d92c4c28a9d1b6d09859c00b19c0ea4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/96c155943a703f0655c0c4cab540f67055960e91"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.