CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6305 vulnerabilities reference this CWE, most recent first.
GHSA-FH5C-W77M-VMMM
Vulnerability from github – Published: 2024-07-12 15:31 – Updated: 2026-05-12 12:32In the Linux kernel, the following vulnerability has been resolved:
iommu: Return right value in iommu_sva_bind_device()
iommu_sva_bind_device() should return either a sva bond handle or an ERR_PTR value in error cases. Existing drivers (idxd and uacce) only check the return value with IS_ERR(). This could potentially lead to a kernel NULL pointer dereference issue if the function returns NULL instead of an error pointer.
In reality, this doesn't cause any problems because iommu_sva_bind_device() only returns NULL when the kernel is not configured with CONFIG_IOMMU_SVA. In this case, iommu_dev_enable_feature(dev, IOMMU_DEV_FEAT_SVA) will return an error, and the device drivers won't call iommu_sva_bind_device() at all.
{
"affected": [],
"aliases": [
"CVE-2024-40945"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-12T13:15:16Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu: Return right value in iommu_sva_bind_device()\n\niommu_sva_bind_device() should return either a sva bond handle or an\nERR_PTR value in error cases. Existing drivers (idxd and uacce) only\ncheck the return value with IS_ERR(). This could potentially lead to\na kernel NULL pointer dereference issue if the function returns NULL\ninstead of an error pointer.\n\nIn reality, this doesn\u0027t cause any problems because iommu_sva_bind_device()\nonly returns NULL when the kernel is not configured with CONFIG_IOMMU_SVA.\nIn this case, iommu_dev_enable_feature(dev, IOMMU_DEV_FEAT_SVA) will\nreturn an error, and the device drivers won\u0027t call iommu_sva_bind_device()\nat all.",
"id": "GHSA-fh5c-w77m-vmmm",
"modified": "2026-05-12T12:32:02Z",
"published": "2024-07-12T15:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40945"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-355557.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-613116.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2973b8e7d127754de9013177c41c0b5547406998"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/61a96da9649a6b6a1a5d5bde9374b045fdb5c12e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6325eab6c108fed27f60ff51852e3eac0ba23f3f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/700f564758882db7c039dfba9443fe762561a3f8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7388ae6f26c0ba95f70cc96bf9c5d5cb06c908b6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/89e8a2366e3bce584b6c01549d5019c5cda1205e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cf34f8f66982a36e5cba0d05781b21ec9606b91e"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FH5R-24QV-66R9
Vulnerability from github – Published: 2024-10-21 18:30 – Updated: 2024-10-25 18:30In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: add list empty check to avoid null pointer issue
Add list empty check to avoid null pointer issues in some corner cases. - list_for_each_entry_safe()
{
"affected": [],
"aliases": [
"CVE-2024-49904"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T18:15:12Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: add list empty check to avoid null pointer issue\n\nAdd list empty check to avoid null pointer issues in some corner cases.\n- list_for_each_entry_safe()",
"id": "GHSA-fh5r-24qv-66r9",
"modified": "2024-10-25T18:30:47Z",
"published": "2024-10-21T18:30:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49904"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4416377ae1fdc41a90b665943152ccd7ff61d3c5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5ec731ef47f1dba34daad3e51a93de793f9319ac"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8e87763946f708063d7e5303339598abbb8c5aac"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FHFW-5P8C-4CXR
Vulnerability from github – Published: 2022-05-24 17:32 – Updated: 2024-04-22 18:30A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.
{
"affected": [],
"aliases": [
"CVE-2020-14323"
],
"database_specific": {
"cwe_ids": [
"CWE-170",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-10-29T20:15:00Z",
"severity": "MODERATE"
},
"details": "A null pointer dereference flaw was found in samba\u0027s Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.",
"id": "GHSA-fhfw-5p8c-4cxr",
"modified": "2024-04-22T18:30:47Z",
"published": "2022-05-24T17:32:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14323"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891685"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JE2M4FE3N3EDXVG4UKSVFPL7SQUGFFDP"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6HM73N4NEGFW5GIJJGGP6ZZBS6GTXPB"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JE2M4FE3N3EDXVG4UKSVFPL7SQUGFFDP"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6HM73N4NEGFW5GIJJGGP6ZZBS6GTXPB"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202012-24"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20201103-0001"
},
{
"type": "WEB",
"url": "https://www.samba.org/samba/security/CVE-2020-14323.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00008.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00012.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FHJP-7GR5-7MH5
Vulnerability from github – Published: 2025-05-02 18:31 – Updated: 2025-11-12 21:31In the Linux kernel, the following vulnerability has been resolved:
qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info
We have to make sure that the info returned by the helper is valid before using it.
Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool.
{
"affected": [],
"aliases": [
"CVE-2023-53066"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-02T16:15:25Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nqed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info\n\nWe have to make sure that the info returned by the helper is valid\nbefore using it.\n\nFound by Linux Verification Center (linuxtesting.org) with the SVACE\nstatic analysis tool.",
"id": "GHSA-fhjp-7gr5-7mh5",
"modified": "2025-11-12T21:31:00Z",
"published": "2025-05-02T18:31:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53066"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/25143b6a01d0cc5319edd3de22ffa2578b045550"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/39c3b9dd481c3afce9439b29bafe00444cb4406b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/42d72c6d1edc9dc09a5d6f6695d257fa9e9cc270"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7742c08e012eb65405e8304d100641638c5ff882"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7bd0037822fd04da13721f77a42ee5a077d4c5fb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/97ea704f39b5ded96f071e98701aa543f6f89683"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b224b0cab3a66e93d414825065a2e667a1d28c32"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e42d3bde4ec03c863259878dddaef5c351cca7ad"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FHP4-PR5J-46M5
Vulnerability from github – Published: 2026-06-26 20:55 – Updated: 2026-06-26 20:55Summary
A NULL pointer dereference vulnerability exists in PDFParser::CreateFilterForStream() when processing a PDF stream with /Filter /LZWDecode and a /DecodeParms dictionary that does not contain the EarlyChange key. This causes an access violation (0xC0000005) and crashes the process.
Affected Version
muhammara <= 6.0.4 (latest)
Vulnerability Details
File: src/deps/PDFWriter/PDFParser.cpp line 2107
if (inDecodeParams)
{
PDFObjectCastPtr<PDFInteger> earlyObj(
QueryDictionaryObject(inDecodeParams, "EarlyChange")
);
early = earlyObj->GetValue(); // NULL dereference when EarlyChange key is absent
}
When inDecodeParams is non-NULL but lacks the EarlyChange key:
1. QueryDictionaryObject() returns NULL
2. PDFObjectCastPtr<PDFInteger>(NULL) wraps NULL
3. earlyObj->GetValue() dereferences NULL → crash
PoC
460-byte malicious PDF triggers crash via startReadingFromStream():
- PDF contains
/Filter /LZWDecodewith/DecodeParms << >>(empty, no EarlyChange) - Exit code:
0xC0000005(Access Violation)
Fix
if (earlyObj)
early = earlyObj->GetValue();
Impact
Any application accepting untrusted PDFs and using muhammara to read stream contents is vulnerable to DoS.
Similar to: CVE-2022-41957, CVE-2022-39381
PoC File
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 6.0.4"
},
"package": {
"ecosystem": "npm",
"name": "muhammara"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-26T20:55:18Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "## Summary\n\nA NULL pointer dereference vulnerability exists in `PDFParser::CreateFilterForStream()` when processing a PDF stream with `/Filter /LZWDecode` and a `/DecodeParms` dictionary that does not contain the `EarlyChange` key. This causes an access violation (0xC0000005) and crashes the process.\n\n## Affected Version\n\nmuhammara \u003c= 6.0.4 (latest)\n\n## Vulnerability Details\n\n**File:** `src/deps/PDFWriter/PDFParser.cpp` line 2107\n\n```cpp\nif (inDecodeParams)\n{\n PDFObjectCastPtr\u003cPDFInteger\u003e earlyObj(\n QueryDictionaryObject(inDecodeParams, \"EarlyChange\")\n );\n early = earlyObj-\u003eGetValue(); // NULL dereference when EarlyChange key is absent\n}\n```\n\nWhen `inDecodeParams` is non-NULL but lacks the `EarlyChange` key:\n1. `QueryDictionaryObject()` returns NULL\n2. `PDFObjectCastPtr\u003cPDFInteger\u003e(NULL)` wraps NULL\n3. `earlyObj-\u003eGetValue()` dereferences NULL \u2192 crash\n\n## PoC\n\n460-byte malicious PDF triggers crash via `startReadingFromStream()`:\n\n- PDF contains `/Filter /LZWDecode` with `/DecodeParms \u003c\u003c \u003e\u003e` (empty, no EarlyChange)\n- Exit code: `0xC0000005` (Access Violation)\n\n## Fix\n\n```cpp\nif (earlyObj)\n early = earlyObj-\u003eGetValue();\n```\n\n## Impact\n\nAny application accepting untrusted PDFs and using muhammara to read stream contents is vulnerable to DoS.\n\nSimilar to: CVE-2022-41957, CVE-2022-39381\n\n## PoC File\n[poc_muhammara_lzw_null.js](https://github.com/user-attachments/files/27186113/poc_muhammara_lzw_null.js)",
"id": "GHSA-fhp4-pr5j-46m5",
"modified": "2026-06-26T20:55:18Z",
"published": "2026-06-26T20:55:18Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/julianhille/MuhammaraJS/security/advisories/GHSA-fhp4-pr5j-46m5"
},
{
"type": "WEB",
"url": "https://github.com/julianhille/MuhammaraJS/commit/a98c07780241353334eb65bfca1df025f14be70b"
},
{
"type": "PACKAGE",
"url": "https://github.com/julianhille/MuhammaraJS"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Muhammara has a NULL pointer dereference in LZWDecode filter when DecodeParms omits EarlyChange key"
}
GHSA-FHQ8-PVX2-R42X
Vulnerability from github – Published: 2025-04-08 21:31 – Updated: 2025-04-08 21:31Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2025-30300"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-08T19:15:50Z",
"severity": "MODERATE"
},
"details": "Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-fhq8-pvx2-r42x",
"modified": "2025-04-08T21:31:39Z",
"published": "2025-04-08T21:31:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30300"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/framemaker/apsb25-33.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FHQ9-4R6P-RFM7
Vulnerability from github – Published: 2022-01-04 00:00 – Updated: 2025-05-22 21:30The HwNearbyMain module has a NULL Pointer Dereference vulnerability.Successful exploitation of this vulnerability may cause a process to restart.
{
"affected": [],
"aliases": [
"CVE-2021-39988"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-03T22:15:00Z",
"severity": "HIGH"
},
"details": "The HwNearbyMain module has a NULL Pointer Dereference vulnerability.Successful exploitation of this vulnerability may cause a process to restart.",
"id": "GHSA-fhq9-4r6p-rfm7",
"modified": "2025-05-22T21:30:33Z",
"published": "2022-01-04T00:00:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39988"
},
{
"type": "WEB",
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202111-0000001217889667"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FHX3-MXF6-JXPV
Vulnerability from github – Published: 2024-04-09 00:30 – Updated: 2026-07-05 15:30ThreeTen Backport v1.6.8 was discovered to contain a NullPointerException via the component org.threeten.bp.LocalDate::compareTo(ChronoLocalDate).
{
"affected": [],
"aliases": [
"CVE-2024-23081"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-08T23:15:07Z",
"severity": "LOW"
},
"details": "ThreeTen Backport v1.6.8 was discovered to contain a NullPointerException via the component org.threeten.bp.LocalDate::compareTo(ChronoLocalDate).",
"id": "GHSA-fhx3-mxf6-jxpv",
"modified": "2026-07-05T15:30:26Z",
"published": "2024-04-09T00:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23081"
},
{
"type": "WEB",
"url": "https://gist.github.com/LLM4IG/3cc9183dcd887020368a0bafeafec5e3"
},
{
"type": "WEB",
"url": "https://github.com/ThreeTen/threetenbp"
},
{
"type": "WEB",
"url": "http://threeten.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-FJ5P-97V6-XC59
Vulnerability from github – Published: 2022-05-14 02:00 – Updated: 2022-05-14 02:00A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file.
{
"affected": [],
"aliases": [
"CVE-2018-17432"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-24T14:29:00Z",
"severity": "MODERATE"
},
"details": "A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file.",
"id": "GHSA-fj5p-97v6-xc59",
"modified": "2022-05-14T02:00:08Z",
"published": "2022-05-14T02:00:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17432"
},
{
"type": "WEB",
"url": "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln6#null-pointer-dereference-in-h5o_sdspace_encode"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FJ5W-H5XF-6HCH
Vulnerability from github – Published: 2022-05-17 02:47 – Updated: 2025-04-20 03:35illumos smbsrv NULL pointer dereference allows system crash.
{
"affected": [],
"aliases": [
"CVE-2016-6561"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-31T19:59:00Z",
"severity": "HIGH"
},
"details": "illumos smbsrv NULL pointer dereference allows system crash.",
"id": "GHSA-fj5w-h5xf-6hch",
"modified": "2025-04-20T03:35:04Z",
"published": "2022-05-17T02:47:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6561"
},
{
"type": "WEB",
"url": "https://github.com/illumos/illumos-gate/commit/6d1c73b5858fefc6161c7d686345f0dc887ea799"
},
{
"type": "WEB",
"url": "https://www.illumos.org/issues/7483"
},
{
"type": "WEB",
"url": "https://www.openindiana.org/2016/11/01/cve-2016-6560-cve-2016-6561-security-issues-in-illumos"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/98079"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.