Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-G899-MR4G-V86J

Vulnerability from github – Published: 2022-05-24 17:43 – Updated: 2022-05-24 17:43
VLAI
Details

A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-20274"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-09T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves.",
  "id": "GHSA-g899-mr4g-v86j",
  "modified": "2022-05-24T17:43:53Z",
  "published": "2022-05-24T17:43:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20274"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936662"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202107-16"
    },
    {
      "type": "WEB",
      "url": "https://www.privoxy.org/announce.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-G8CQ-3XC6-HG2J

Vulnerability from github – Published: 2022-01-11 00:01 – Updated: 2022-01-15 00:03
VLAI
Details

A Pointer Dereference vulnerability exists in Vim 8.2.3883 via the vim_regexec_multi function at regexp.c, which causes a denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-46059"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-10T14:11:00Z",
    "severity": "HIGH"
  },
  "details": "A Pointer Dereference vulnerability exists in Vim 8.2.3883 via the vim_regexec_multi function at regexp.c, which causes a denial of service.",
  "id": "GHSA-g8cq-3xc6-hg2j",
  "modified": "2022-01-15T00:03:28Z",
  "published": "2022-01-11T00:01:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46059"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/a9b015e2-59e3-4ed9-8812-d9021e40b8f2"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HD5S2FC2HF22A7XQXK2XXIR46EARVWIM"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-G8PH-8HMR-373J

Vulnerability from github – Published: 2022-05-01 02:08 – Updated: 2025-04-03 04:16
VLAI
Details

The huft_build function in inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 returns the wrong value, which allows remote attackers to cause a denial of service (kernel crash) via a certain compressed file that leads to a null pointer dereference, a different vulnerability than CVE-2005-2458.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2005-2459"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2005-08-23T04:00:00Z",
    "severity": "MODERATE"
  },
  "details": "The huft_build function in inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 returns the wrong value, which allows remote attackers to cause a denial of service (kernel crash) via a certain compressed file that leads to a null pointer dereference, a different vulnerability than CVE-2005-2458.",
  "id": "GHSA-g8ph-8hmr-373j",
  "modified": "2025-04-03T04:16:36Z",
  "published": "2022-05-01T02:08:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2459"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/169-1"
    },
    {
      "type": "WEB",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=94584"
    },
    {
      "type": "WEB",
      "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/16355"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/16500"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/17826"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/17918"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18056"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18059"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2005/dsa-921"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2005/dsa-922"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:219"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:220"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/linux/security/advisories/2005_50_kernel.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/419522/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/14720"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-G8PP-68W8-FG6C

Vulnerability from github – Published: 2022-05-14 01:57 – Updated: 2022-05-14 01:57
VLAI
Details

In Small Cell SoC and Snapdragon (Automobile, Mobile, Wear) in version FSM9055, FSM9955, MDM9607, MDM9640, MDM9650, MSM8909W, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDM630, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, providing the NULL argument of ICE regulator while processing create key IOCTL results in system restart.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-18301"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-20T13:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In Small Cell SoC and Snapdragon (Automobile, Mobile, Wear) in version FSM9055, FSM9955, MDM9607, MDM9640, MDM9650, MSM8909W, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDM630, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, providing the NULL argument of ICE regulator while processing create key IOCTL results in system restart.",
  "id": "GHSA-g8pp-68w8-fg6c",
  "modified": "2022-05-14T01:57:02Z",
  "published": "2022-05-14T01:57:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18301"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041432"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G8W9-9VP7-W33M

Vulnerability from github – Published: 2022-05-13 01:10 – Updated: 2025-04-12 13:06
VLAI
Details

SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-9562"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-11-23T02:59:00Z",
    "severity": "HIGH"
  },
  "details": "SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835.",
  "id": "GHSA-g8w9-9vp7-w33m",
  "modified": "2025-04-12T13:06:35Z",
  "published": "2022-05-13T01:10:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9562"
    },
    {
      "type": "WEB",
      "url": "https://erpscan.io/advisories/erpscan-16-033-sap-netweaver-java-icman-dos-vulnerability"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/92418"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/95363"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G95H-2J46-JX6W

Vulnerability from github – Published: 2026-01-25 15:30 – Updated: 2026-03-25 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

lib/buildid: use __kernel_read() for sleepable context

Prevent a "BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio".

For the sleepable context, convert freader to use __kernel_read() instead of direct page cache access via read_cache_folio(). This simplifies the faultable code path by using the standard kernel file reading interface which handles all the complexity of reading file data.

At the moment we are not changing the code for non-sleepable context which uses filemap_get_folio() and only succeeds if the target folios are already in memory and up-to-date. The reason is to keep the patch simple and easier to backport to stable kernels.

Syzbot repro does not crash the kernel anymore and the selftests run successfully.

In the follow up we will make __kernel_read() with IOCB_NOWAIT work for non-sleepable contexts. In addition, I would like to replace the secretmem check with a more generic approach and will add fstest for the buildid code.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23002"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-25T15:15:55Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/buildid: use __kernel_read() for sleepable context\n\nPrevent a \"BUG: unable to handle kernel NULL pointer dereference in\nfilemap_read_folio\".\n\nFor the sleepable context, convert freader to use __kernel_read() instead\nof direct page cache access via read_cache_folio().  This simplifies the\nfaultable code path by using the standard kernel file reading interface\nwhich handles all the complexity of reading file data.\n\nAt the moment we are not changing the code for non-sleepable context which\nuses filemap_get_folio() and only succeeds if the target folios are\nalready in memory and up-to-date.  The reason is to keep the patch simple\nand easier to backport to stable kernels.\n\nSyzbot repro does not crash the kernel anymore and the selftests run\nsuccessfully.\n\nIn the follow up we will make __kernel_read() with IOCB_NOWAIT work for\nnon-sleepable contexts.  In addition, I would like to replace the\nsecretmem check with a more generic approach and will add fstest for the\nbuildid code.",
  "id": "GHSA-g95h-2j46-jx6w",
  "modified": "2026-03-25T21:30:23Z",
  "published": "2026-01-25T15:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23002"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/568aeb3476c770a3863c755dd2a199c212434286"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/777a8560fd29738350c5094d4166fe5499452409"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b11dfb7708f212b96c7973a474014c071aa02e05"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G989-FG9H-96PR

Vulnerability from github – Published: 2026-02-14 00:32 – Updated: 2026-02-17 21:31
VLAI
Details

A Null Pointer Dereference vulnerability exists in the TON Virtual Machine (TVM) within the TON Blockchain before v2025.06. The issue is located in the execution logic of the INMSGPARAM instruction, where the program fails to validate if a specific pointer is null before accessing it. By sending a malicious transaction or smart contract, an attacker can trigger this null pointer dereference, causing the validator node process to crash (segmentation fault). This results in a Denial of Service (DoS) affecting the availability of the entire blockchain network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-70954"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-13T22:16:10Z",
    "severity": "HIGH"
  },
  "details": "A Null Pointer Dereference vulnerability exists in the TON Virtual Machine (TVM) within the TON Blockchain before v2025.06. The issue is located in the execution logic of the INMSGPARAM instruction, where the program fails to validate if a specific pointer is null before accessing it. By sending a malicious transaction or smart contract, an attacker can trigger this null pointer dereference, causing the validator node process to crash (segmentation fault). This results in a Denial of Service (DoS) affecting the availability of the entire blockchain network.",
  "id": "GHSA-g989-fg9h-96pr",
  "modified": "2026-02-17T21:31:13Z",
  "published": "2026-02-14T00:32:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70954"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ton-blockchain/ton/commit/9e5109d56bc4f2345a00b2271c3711103841b799"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/Lucian-code233/04940a264cab50732cc07fd991749226"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ton-blockchain/ton/releases/tag/v2025.06#:~:text=AArayz%2C%20wy666444%2C%20Robinlzw%2C%20Lucian-code233"
    },
    {
      "type": "WEB",
      "url": "https://mp.weixin.qq.com/s/IbRKrCKdMyIi-azkuqOOvg"
    },
    {
      "type": "WEB",
      "url": "https://www.tonbit.xyz/blog/post/TonBit-Discovers-Critical-Vulnerability-on-TON-Virtual-Machine-for-the-Third-Time-Once-Again-Receiving-Official-Recognition-from-the-TON-Team.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G995-H8WX-7QW6

Vulnerability from github – Published: 2023-05-18 00:30 – Updated: 2024-04-04 04:14
VLAI
Details

A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-2731"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-17T22:15:11Z",
    "severity": "MODERATE"
  },
  "details": "A NULL pointer dereference flaw was found in Libtiff\u0027s LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.",
  "id": "GHSA-g995-h8wx-7qw6",
  "modified": "2024-04-04T04:14:02Z",
  "published": "2023-05-18T00:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2731"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libsdl-org/libtiff/commit/9be22b639ea69e102d3847dca4c53ef025e9527b"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2023-2731"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207635"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/libtiff/libtiff/-/issues/548"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230703-0009"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G99C-G7MV-2XPG

Vulnerability from github – Published: 2026-05-28 12:30 – Updated: 2026-06-10 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

media: saa7164: add ioremap return checks and cleanups

Add checks for ioremap return values in saa7164_dev_setup(). If ioremap for BAR0 or BAR2 fails, release the already allocated PCI memory regions, remove the device from the global list, decrement the device count, and return -ENODEV.

This prevents potential null pointer dereferences and ensures proper cleanup on memory mapping failures.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-46235"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-28T10:16:39Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: saa7164: add ioremap return checks and cleanups\n\nAdd checks for ioremap return values in saa7164_dev_setup(). If\nioremap for BAR0 or BAR2 fails, release the already allocated PCI\nmemory regions, remove the device from the global list, decrement\nthe device count, and return -ENODEV.\n\nThis prevents potential null pointer dereferences and ensures proper\ncleanup on memory mapping failures.",
  "id": "GHSA-g99c-g7mv-2xpg",
  "modified": "2026-06-10T21:31:26Z",
  "published": "2026-05-28T12:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46235"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/23dee5990d2c27ed79567fd61ccfe6876768531a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3ce8f3057c51bb0a66aa3fab0862be74e9f88684"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6047dc542fa404b5c187cc2c7906aaaaec6d11ed"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6c22a6d8e4c1507bba504aeebe80476144a373eb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a9b83f46e52cf1239d780920d1a7a3e415f7b5d9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d51c60a498e83c9a79884c8e420f97e3885c9583"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G9FX-4QG5-6RM4

Vulnerability from github – Published: 2025-05-14 18:30 – Updated: 2025-05-14 18:30
VLAI
Details

NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-30665"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-14T18:15:30Z",
    "severity": "MODERATE"
  },
  "details": "NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.",
  "id": "GHSA-g9fx-4qg5-6rm4",
  "modified": "2025-05-14T18:30:51Z",
  "published": "2025-05-14T18:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30665"
    },
    {
      "type": "WEB",
      "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25018"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.