Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6305 vulnerabilities reference this CWE, most recent first.

GHSA-FH5C-W77M-VMMM

Vulnerability from github – Published: 2024-07-12 15:31 – Updated: 2026-05-12 12:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

iommu: Return right value in iommu_sva_bind_device()

iommu_sva_bind_device() should return either a sva bond handle or an ERR_PTR value in error cases. Existing drivers (idxd and uacce) only check the return value with IS_ERR(). This could potentially lead to a kernel NULL pointer dereference issue if the function returns NULL instead of an error pointer.

In reality, this doesn't cause any problems because iommu_sva_bind_device() only returns NULL when the kernel is not configured with CONFIG_IOMMU_SVA. In this case, iommu_dev_enable_feature(dev, IOMMU_DEV_FEAT_SVA) will return an error, and the device drivers won't call iommu_sva_bind_device() at all.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-40945"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-12T13:15:16Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu: Return right value in iommu_sva_bind_device()\n\niommu_sva_bind_device() should return either a sva bond handle or an\nERR_PTR value in error cases. Existing drivers (idxd and uacce) only\ncheck the return value with IS_ERR(). This could potentially lead to\na kernel NULL pointer dereference issue if the function returns NULL\ninstead of an error pointer.\n\nIn reality, this doesn\u0027t cause any problems because iommu_sva_bind_device()\nonly returns NULL when the kernel is not configured with CONFIG_IOMMU_SVA.\nIn this case, iommu_dev_enable_feature(dev, IOMMU_DEV_FEAT_SVA) will\nreturn an error, and the device drivers won\u0027t call iommu_sva_bind_device()\nat all.",
  "id": "GHSA-fh5c-w77m-vmmm",
  "modified": "2026-05-12T12:32:02Z",
  "published": "2024-07-12T15:31:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40945"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-355557.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-613116.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2973b8e7d127754de9013177c41c0b5547406998"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/61a96da9649a6b6a1a5d5bde9374b045fdb5c12e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6325eab6c108fed27f60ff51852e3eac0ba23f3f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/700f564758882db7c039dfba9443fe762561a3f8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7388ae6f26c0ba95f70cc96bf9c5d5cb06c908b6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/89e8a2366e3bce584b6c01549d5019c5cda1205e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cf34f8f66982a36e5cba0d05781b21ec9606b91e"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FH5R-24QV-66R9

Vulnerability from github – Published: 2024-10-21 18:30 – Updated: 2024-10-25 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: add list empty check to avoid null pointer issue

Add list empty check to avoid null pointer issues in some corner cases. - list_for_each_entry_safe()

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49904"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T18:15:12Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: add list empty check to avoid null pointer issue\n\nAdd list empty check to avoid null pointer issues in some corner cases.\n- list_for_each_entry_safe()",
  "id": "GHSA-fh5r-24qv-66r9",
  "modified": "2024-10-25T18:30:47Z",
  "published": "2024-10-21T18:30:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49904"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4416377ae1fdc41a90b665943152ccd7ff61d3c5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5ec731ef47f1dba34daad3e51a93de793f9319ac"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8e87763946f708063d7e5303339598abbb8c5aac"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FHFW-5P8C-4CXR

Vulnerability from github – Published: 2022-05-24 17:32 – Updated: 2024-04-22 18:30
VLAI
Details

A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-14323"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-170",
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-29T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A null pointer dereference flaw was found in samba\u0027s Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.",
  "id": "GHSA-fhfw-5p8c-4cxr",
  "modified": "2024-04-22T18:30:47Z",
  "published": "2022-05-24T17:32:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14323"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891685"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JE2M4FE3N3EDXVG4UKSVFPL7SQUGFFDP"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6HM73N4NEGFW5GIJJGGP6ZZBS6GTXPB"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JE2M4FE3N3EDXVG4UKSVFPL7SQUGFFDP"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6HM73N4NEGFW5GIJJGGP6ZZBS6GTXPB"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202012-24"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20201103-0001"
    },
    {
      "type": "WEB",
      "url": "https://www.samba.org/samba/security/CVE-2020-14323.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00008.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00012.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FHJP-7GR5-7MH5

Vulnerability from github – Published: 2025-05-02 18:31 – Updated: 2025-11-12 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info

We have to make sure that the info returned by the helper is valid before using it.

Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53066"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-02T16:15:25Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nqed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info\n\nWe have to make sure that the info returned by the helper is valid\nbefore using it.\n\nFound by Linux Verification Center (linuxtesting.org) with the SVACE\nstatic analysis tool.",
  "id": "GHSA-fhjp-7gr5-7mh5",
  "modified": "2025-11-12T21:31:00Z",
  "published": "2025-05-02T18:31:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53066"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/25143b6a01d0cc5319edd3de22ffa2578b045550"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/39c3b9dd481c3afce9439b29bafe00444cb4406b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/42d72c6d1edc9dc09a5d6f6695d257fa9e9cc270"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7742c08e012eb65405e8304d100641638c5ff882"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7bd0037822fd04da13721f77a42ee5a077d4c5fb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/97ea704f39b5ded96f071e98701aa543f6f89683"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b224b0cab3a66e93d414825065a2e667a1d28c32"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e42d3bde4ec03c863259878dddaef5c351cca7ad"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FHP4-PR5J-46M5

Vulnerability from github – Published: 2026-06-26 20:55 – Updated: 2026-06-26 20:55
VLAI
Summary
Muhammara has a NULL pointer dereference in LZWDecode filter when DecodeParms omits EarlyChange key
Details

Summary

A NULL pointer dereference vulnerability exists in PDFParser::CreateFilterForStream() when processing a PDF stream with /Filter /LZWDecode and a /DecodeParms dictionary that does not contain the EarlyChange key. This causes an access violation (0xC0000005) and crashes the process.

Affected Version

muhammara <= 6.0.4 (latest)

Vulnerability Details

File: src/deps/PDFWriter/PDFParser.cpp line 2107

if (inDecodeParams)
{
    PDFObjectCastPtr<PDFInteger> earlyObj(
        QueryDictionaryObject(inDecodeParams, "EarlyChange")
    );
    early = earlyObj->GetValue();  // NULL dereference when EarlyChange key is absent
}

When inDecodeParams is non-NULL but lacks the EarlyChange key: 1. QueryDictionaryObject() returns NULL 2. PDFObjectCastPtr<PDFInteger>(NULL) wraps NULL 3. earlyObj->GetValue() dereferences NULL → crash

PoC

460-byte malicious PDF triggers crash via startReadingFromStream():

  • PDF contains /Filter /LZWDecode with /DecodeParms << >> (empty, no EarlyChange)
  • Exit code: 0xC0000005 (Access Violation)

Fix

if (earlyObj)
    early = earlyObj->GetValue();

Impact

Any application accepting untrusted PDFs and using muhammara to read stream contents is vulnerable to DoS.

Similar to: CVE-2022-41957, CVE-2022-39381

PoC File

poc_muhammara_lzw_null.js

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 6.0.4"
      },
      "package": {
        "ecosystem": "npm",
        "name": "muhammara"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-26T20:55:18Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "## Summary\n\nA NULL pointer dereference vulnerability exists in `PDFParser::CreateFilterForStream()` when processing a PDF stream with `/Filter /LZWDecode` and a `/DecodeParms` dictionary that does not contain the `EarlyChange` key. This causes an access violation (0xC0000005) and crashes the process.\n\n## Affected Version\n\nmuhammara \u003c= 6.0.4 (latest)\n\n## Vulnerability Details\n\n**File:** `src/deps/PDFWriter/PDFParser.cpp` line 2107\n\n```cpp\nif (inDecodeParams)\n{\n    PDFObjectCastPtr\u003cPDFInteger\u003e earlyObj(\n        QueryDictionaryObject(inDecodeParams, \"EarlyChange\")\n    );\n    early = earlyObj-\u003eGetValue();  // NULL dereference when EarlyChange key is absent\n}\n```\n\nWhen `inDecodeParams` is non-NULL but lacks the `EarlyChange` key:\n1. `QueryDictionaryObject()` returns NULL\n2. `PDFObjectCastPtr\u003cPDFInteger\u003e(NULL)` wraps NULL\n3. `earlyObj-\u003eGetValue()` dereferences NULL \u2192 crash\n\n## PoC\n\n460-byte malicious PDF triggers crash via `startReadingFromStream()`:\n\n- PDF contains `/Filter /LZWDecode` with `/DecodeParms \u003c\u003c \u003e\u003e` (empty, no EarlyChange)\n- Exit code: `0xC0000005` (Access Violation)\n\n## Fix\n\n```cpp\nif (earlyObj)\n    early = earlyObj-\u003eGetValue();\n```\n\n## Impact\n\nAny application accepting untrusted PDFs and using muhammara to read stream contents is vulnerable to DoS.\n\nSimilar to: CVE-2022-41957, CVE-2022-39381\n\n## PoC File\n[poc_muhammara_lzw_null.js](https://github.com/user-attachments/files/27186113/poc_muhammara_lzw_null.js)",
  "id": "GHSA-fhp4-pr5j-46m5",
  "modified": "2026-06-26T20:55:18Z",
  "published": "2026-06-26T20:55:18Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/julianhille/MuhammaraJS/security/advisories/GHSA-fhp4-pr5j-46m5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/julianhille/MuhammaraJS/commit/a98c07780241353334eb65bfca1df025f14be70b"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/julianhille/MuhammaraJS"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Muhammara has a NULL pointer dereference in LZWDecode filter when DecodeParms omits EarlyChange key"
}

GHSA-FHQ8-PVX2-R42X

Vulnerability from github – Published: 2025-04-08 21:31 – Updated: 2025-04-08 21:31
VLAI
Details

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-30300"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-08T19:15:50Z",
    "severity": "MODERATE"
  },
  "details": "Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-fhq8-pvx2-r42x",
  "modified": "2025-04-08T21:31:39Z",
  "published": "2025-04-08T21:31:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30300"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/framemaker/apsb25-33.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FHQ9-4R6P-RFM7

Vulnerability from github – Published: 2022-01-04 00:00 – Updated: 2025-05-22 21:30
VLAI
Details

The HwNearbyMain module has a NULL Pointer Dereference vulnerability.Successful exploitation of this vulnerability may cause a process to restart.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-39988"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-03T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "The HwNearbyMain module has a NULL Pointer Dereference vulnerability.Successful exploitation of this vulnerability may cause a process to restart.",
  "id": "GHSA-fhq9-4r6p-rfm7",
  "modified": "2025-05-22T21:30:33Z",
  "published": "2022-01-04T00:00:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39988"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202111-0000001217889667"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FHX3-MXF6-JXPV

Vulnerability from github – Published: 2024-04-09 00:30 – Updated: 2026-07-05 15:30
VLAI
Details

ThreeTen Backport v1.6.8 was discovered to contain a NullPointerException via the component org.threeten.bp.LocalDate::compareTo(ChronoLocalDate).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-23081"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-08T23:15:07Z",
    "severity": "LOW"
  },
  "details": "ThreeTen Backport v1.6.8 was discovered to contain a NullPointerException via the component org.threeten.bp.LocalDate::compareTo(ChronoLocalDate).",
  "id": "GHSA-fhx3-mxf6-jxpv",
  "modified": "2026-07-05T15:30:26Z",
  "published": "2024-04-09T00:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23081"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/LLM4IG/3cc9183dcd887020368a0bafeafec5e3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ThreeTen/threetenbp"
    },
    {
      "type": "WEB",
      "url": "http://threeten.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FJ5P-97V6-XC59

Vulnerability from github – Published: 2022-05-14 02:00 – Updated: 2022-05-14 02:00
VLAI
Details

A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-17432"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-24T14:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file.",
  "id": "GHSA-fj5p-97v6-xc59",
  "modified": "2022-05-14T02:00:08Z",
  "published": "2022-05-14T02:00:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17432"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln6#null-pointer-dereference-in-h5o_sdspace_encode"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FJ5W-H5XF-6HCH

Vulnerability from github – Published: 2022-05-17 02:47 – Updated: 2025-04-20 03:35
VLAI
Details

illumos smbsrv NULL pointer dereference allows system crash.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-6561"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-03-31T19:59:00Z",
    "severity": "HIGH"
  },
  "details": "illumos smbsrv NULL pointer dereference allows system crash.",
  "id": "GHSA-fj5w-h5xf-6hch",
  "modified": "2025-04-20T03:35:04Z",
  "published": "2022-05-17T02:47:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6561"
    },
    {
      "type": "WEB",
      "url": "https://github.com/illumos/illumos-gate/commit/6d1c73b5858fefc6161c7d686345f0dc887ea799"
    },
    {
      "type": "WEB",
      "url": "https://www.illumos.org/issues/7483"
    },
    {
      "type": "WEB",
      "url": "https://www.openindiana.org/2016/11/01/cve-2016-6560-cve-2016-6561-security-issues-in-illumos"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/98079"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.