CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6305 vulnerabilities reference this CWE, most recent first.
GHSA-FPXV-5MJH-R2RQ
Vulnerability from github – Published: 2022-05-02 00:01 – Updated: 2023-12-28 15:30Skulltag before 0.97d2-RC6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by sending a "command 29" packet when the player is not in the game.
{
"affected": [],
"aliases": [
"CVE-2008-3597"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2008-08-12T17:41:00Z",
"severity": "MODERATE"
},
"details": "Skulltag before 0.97d2-RC6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by sending a \"command 29\" packet when the player is not in the game.",
"id": "GHSA-fpxv-5mjh-r2rq",
"modified": "2023-12-28T15:30:17Z",
"published": "2022-05-02T00:01:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3597"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44363"
},
{
"type": "WEB",
"url": "http://aluigi.altervista.org/adv/skulltagod-adv.txt"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/31427"
},
{
"type": "WEB",
"url": "http://skulltag.com/forum/viewtopic.php?f=1\u0026t=14716"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2008/2325"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FQ48-7X6V-77VV
Vulnerability from github – Published: 2022-05-24 16:55 – Updated: 2024-03-21 03:33drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
{
"affected": [],
"aliases": [
"CVE-2019-16229"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-11T16:15:00Z",
"severity": "MODERATE"
},
"details": "drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.",
"id": "GHSA-fq48-7x6v-77vv",
"modified": "2024-03-21T03:33:41Z",
"published": "2022-05-24T16:55:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16229"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1150469#c3"
},
{
"type": "WEB",
"url": "https://lkml.org/lkml/2019/9/9/487"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20191004-0001"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4284-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4285-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4287-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4287-2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FQ52-JG4Q-73HP
Vulnerability from github – Published: 2022-05-13 01:05 – Updated: 2026-04-29 18:31sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.
{
"affected": [],
"aliases": [
"CVE-2016-10708"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-01-21T22:29:00Z",
"severity": "HIGH"
},
"details": "sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.",
"id": "GHSA-fq52-jg4q-73hp",
"modified": "2026-04-29T18:31:30Z",
"published": "2022-05-13T01:05:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10708"
},
{
"type": "WEB",
"url": "https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf"
},
{
"type": "WEB",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10284"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00031.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20180423-0003"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K32485746?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K32485746?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3809-1"
},
{
"type": "WEB",
"url": "https://www.openssh.com/releasenotes.html"
},
{
"type": "WEB",
"url": "http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/102780"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FQ59-HFGC-4XP6
Vulnerability from github – Published: 2024-03-06 09:30 – Updated: 2024-11-06 00:31In the Linux kernel, the following vulnerability has been resolved:
powerpc/mm: Fix null-pointer dereference in pgtable_cache_add
kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by checking the pointer validity.
{
"affected": [],
"aliases": [
"CVE-2023-52607"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-06T07:15:11Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/mm: Fix null-pointer dereference in pgtable_cache_add\n\nkasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure. Ensure the allocation was successful\nby checking the pointer validity.",
"id": "GHSA-fq59-hfgc-4xp6",
"modified": "2024-11-06T00:31:53Z",
"published": "2024-03-06T09:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52607"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/145febd85c3bcc5c74d87ef9a598fc7d9122d532"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/21e45a7b08d7cd98d6a53c5fc5111879f2d96611"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/aa28eecb43cac6e20ef14dfc50b8892c1fbcda5b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ac3ed969a40357b0542d20f096a6d43acdfa6cc7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d482d61025e303a2bef3733a011b6b740215cfa1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f46c8a75263f97bda13c739ba1c90aced0d3b071"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f6781add1c311c17eff43e14c786004bbacf901e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ffd29dc45bc0355393859049f6becddc3ed08f74"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FQ5M-XQJF-8M57
Vulnerability from github – Published: 2024-04-14 15:30 – Updated: 2024-04-14 15:30In function pci1xxxx_spi_probe, there is a potential null pointer that may be caused by a failed memory allocation by the function devm_kzalloc. Hence, a null pointer check needs to be added to prevent null pointer dereferencing later in the code.
To fix this issue, spi_bus->spi_int[iter] should be checked. The memory allocated by devm_kzalloc will be automatically released, so just directly return -ENOMEM without worrying about memory leaks.
{
"affected": [],
"aliases": [
"CVE-2024-24862"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-14T13:15:48Z",
"severity": "MODERATE"
},
"details": "In function pci1xxxx_spi_probe, there is a potential null pointer that\nmay be caused by a failed memory allocation by the function devm_kzalloc.\nHence, a null pointer check needs to be added to prevent null pointer\ndereferencing later in the code.\n\nTo fix this issue, spi_bus-\u003espi_int[iter] should be checked. The memory\nallocated by devm_kzalloc will be automatically released, so just directly\nreturn -ENOMEM without worrying about memory leaks.\n\n",
"id": "GHSA-fq5m-xqjf-8m57",
"modified": "2024-04-14T15:30:32Z",
"published": "2024-04-14T15:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24862"
},
{
"type": "WEB",
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8748"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FQ74-8WX7-RFJM
Vulnerability from github – Published: 2023-02-16 21:30 – Updated: 2023-02-27 21:30NULL pointer dereference in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable denial of service via local access.
{
"affected": [],
"aliases": [
"CVE-2022-35883"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-16T21:15:00Z",
"severity": "MODERATE"
},
"details": "NULL pointer dereference in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable denial of service via local access.",
"id": "GHSA-fq74-8wx7-rfjm",
"modified": "2023-02-27T21:30:33Z",
"published": "2023-02-16T21:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35883"
},
{
"type": "WEB",
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00731.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FQ7P-PW38-3H7F
Vulnerability from github – Published: 2022-05-13 01:06 – Updated: 2022-05-13 01:06Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2015-4444.
{
"affected": [],
"aliases": [
"CVE-2015-4443"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-07-15T14:59:00Z",
"severity": "MODERATE"
},
"details": "Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2015-4444.",
"id": "GHSA-fq7p-pw38-3h7f",
"modified": "2022-05-13T01:06:50Z",
"published": "2022-05-13T01:06:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4443"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/reader/apsb15-15.html"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032892"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-FQ8P-83C5-PGHX
Vulnerability from github – Published: 2024-04-28 15:30 – Updated: 2024-11-20 18:32In the Linux kernel, the following vulnerability has been resolved:
sfc/siena: fix null pointer dereference in efx_hard_start_xmit
Like in previous patch for sfc, prevent potential (but unlikely) NULL pointer dereference.
{
"affected": [],
"aliases": [
"CVE-2022-48646"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-28T13:15:07Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsfc/siena: fix null pointer dereference in efx_hard_start_xmit\n\nLike in previous patch for sfc, prevent potential (but unlikely) NULL\npointer dereference.",
"id": "GHSA-fq8p-83c5-pghx",
"modified": "2024-11-20T18:32:14Z",
"published": "2024-04-28T15:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48646"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/589c6eded10c77a12b7b2cf235b6b19a2bdb91fa"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a4eadca702dff0768dd01be6789bbec2a18e5b0a"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FQ9V-VWJC-PV76
Vulnerability from github – Published: 2023-11-16 18:30 – Updated: 2024-05-22 18:30A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system.
{
"affected": [],
"aliases": [
"CVE-2023-6176"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-16T18:15:07Z",
"severity": "MODERATE"
},
"details": "A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system.",
"id": "GHSA-fq9v-vwjc-pv76",
"modified": "2024-05-22T18:30:38Z",
"published": "2023-11-16T18:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6176"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:2394"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:2950"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:3138"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-6176"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219359"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cfaa80c91f6f99b9342b6557f0f0e1143e434066"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FQGG-P436-R4XF
Vulnerability from github – Published: 2022-01-22 00:00 – Updated: 2022-01-27 00:01A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_destroy_routes () at scenegraph/vrml_route.c. This vulnerability can lead to a Denial of Service (DoS).
{
"affected": [],
"aliases": [
"CVE-2021-46311"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-21T21:15:00Z",
"severity": "MODERATE"
},
"details": "A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_destroy_routes () at scenegraph/vrml_route.c. This vulnerability can lead to a Denial of Service (DoS).",
"id": "GHSA-fqgg-p436-r4xf",
"modified": "2022-01-27T00:01:49Z",
"published": "2022-01-22T00:00:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46311"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/issues/2038"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.