CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-G899-MR4G-V86J
Vulnerability from github – Published: 2022-05-24 17:43 – Updated: 2022-05-24 17:43A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves.
{
"affected": [],
"aliases": [
"CVE-2021-20274"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-09T14:15:00Z",
"severity": "HIGH"
},
"details": "A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves.",
"id": "GHSA-g899-mr4g-v86j",
"modified": "2022-05-24T17:43:53Z",
"published": "2022-05-24T17:43:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20274"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936662"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202107-16"
},
{
"type": "WEB",
"url": "https://www.privoxy.org/announce.txt"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-G8CQ-3XC6-HG2J
Vulnerability from github – Published: 2022-01-11 00:01 – Updated: 2022-01-15 00:03A Pointer Dereference vulnerability exists in Vim 8.2.3883 via the vim_regexec_multi function at regexp.c, which causes a denial of service.
{
"affected": [],
"aliases": [
"CVE-2021-46059"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-10T14:11:00Z",
"severity": "HIGH"
},
"details": "A Pointer Dereference vulnerability exists in Vim 8.2.3883 via the vim_regexec_multi function at regexp.c, which causes a denial of service.",
"id": "GHSA-g8cq-3xc6-hg2j",
"modified": "2022-01-15T00:03:28Z",
"published": "2022-01-11T00:01:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46059"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/a9b015e2-59e3-4ed9-8812-d9021e40b8f2"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HD5S2FC2HF22A7XQXK2XXIR46EARVWIM"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-G8PH-8HMR-373J
Vulnerability from github – Published: 2022-05-01 02:08 – Updated: 2025-04-03 04:16The huft_build function in inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 returns the wrong value, which allows remote attackers to cause a denial of service (kernel crash) via a certain compressed file that leads to a null pointer dereference, a different vulnerability than CVE-2005-2458.
{
"affected": [],
"aliases": [
"CVE-2005-2459"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2005-08-23T04:00:00Z",
"severity": "MODERATE"
},
"details": "The huft_build function in inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 returns the wrong value, which allows remote attackers to cause a denial of service (kernel crash) via a certain compressed file that leads to a null pointer dereference, a different vulnerability than CVE-2005-2458.",
"id": "GHSA-g8ph-8hmr-373j",
"modified": "2025-04-03T04:16:36Z",
"published": "2022-05-01T02:08:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2459"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/169-1"
},
{
"type": "WEB",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=94584"
},
{
"type": "WEB",
"url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/16355"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/16500"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/17826"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/17918"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/18056"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/18059"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2005/dsa-921"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2005/dsa-922"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:219"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:220"
},
{
"type": "WEB",
"url": "http://www.novell.com/linux/security/advisories/2005_50_kernel.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/419522/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/14720"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-G8PP-68W8-FG6C
Vulnerability from github – Published: 2022-05-14 01:57 – Updated: 2022-05-14 01:57In Small Cell SoC and Snapdragon (Automobile, Mobile, Wear) in version FSM9055, FSM9955, MDM9607, MDM9640, MDM9650, MSM8909W, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDM630, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, providing the NULL argument of ICE regulator while processing create key IOCTL results in system restart.
{
"affected": [],
"aliases": [
"CVE-2017-18301"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-20T13:29:00Z",
"severity": "MODERATE"
},
"details": "In Small Cell SoC and Snapdragon (Automobile, Mobile, Wear) in version FSM9055, FSM9955, MDM9607, MDM9640, MDM9650, MSM8909W, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDM630, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, providing the NULL argument of ICE regulator while processing create key IOCTL results in system restart.",
"id": "GHSA-g8pp-68w8-fg6c",
"modified": "2022-05-14T01:57:02Z",
"published": "2022-05-14T01:57:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18301"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041432"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G8W9-9VP7-W33M
Vulnerability from github – Published: 2022-05-13 01:10 – Updated: 2025-04-12 13:06SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835.
{
"affected": [],
"aliases": [
"CVE-2016-9562"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-11-23T02:59:00Z",
"severity": "HIGH"
},
"details": "SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835.",
"id": "GHSA-g8w9-9vp7-w33m",
"modified": "2025-04-12T13:06:35Z",
"published": "2022-05-13T01:10:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9562"
},
{
"type": "WEB",
"url": "https://erpscan.io/advisories/erpscan-16-033-sap-netweaver-java-icman-dos-vulnerability"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/92418"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/95363"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G95H-2J46-JX6W
Vulnerability from github – Published: 2026-01-25 15:30 – Updated: 2026-03-25 21:30In the Linux kernel, the following vulnerability has been resolved:
lib/buildid: use __kernel_read() for sleepable context
Prevent a "BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio".
For the sleepable context, convert freader to use __kernel_read() instead of direct page cache access via read_cache_folio(). This simplifies the faultable code path by using the standard kernel file reading interface which handles all the complexity of reading file data.
At the moment we are not changing the code for non-sleepable context which uses filemap_get_folio() and only succeeds if the target folios are already in memory and up-to-date. The reason is to keep the patch simple and easier to backport to stable kernels.
Syzbot repro does not crash the kernel anymore and the selftests run successfully.
In the follow up we will make __kernel_read() with IOCB_NOWAIT work for non-sleepable contexts. In addition, I would like to replace the secretmem check with a more generic approach and will add fstest for the buildid code.
{
"affected": [],
"aliases": [
"CVE-2026-23002"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-25T15:15:55Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/buildid: use __kernel_read() for sleepable context\n\nPrevent a \"BUG: unable to handle kernel NULL pointer dereference in\nfilemap_read_folio\".\n\nFor the sleepable context, convert freader to use __kernel_read() instead\nof direct page cache access via read_cache_folio(). This simplifies the\nfaultable code path by using the standard kernel file reading interface\nwhich handles all the complexity of reading file data.\n\nAt the moment we are not changing the code for non-sleepable context which\nuses filemap_get_folio() and only succeeds if the target folios are\nalready in memory and up-to-date. The reason is to keep the patch simple\nand easier to backport to stable kernels.\n\nSyzbot repro does not crash the kernel anymore and the selftests run\nsuccessfully.\n\nIn the follow up we will make __kernel_read() with IOCB_NOWAIT work for\nnon-sleepable contexts. In addition, I would like to replace the\nsecretmem check with a more generic approach and will add fstest for the\nbuildid code.",
"id": "GHSA-g95h-2j46-jx6w",
"modified": "2026-03-25T21:30:23Z",
"published": "2026-01-25T15:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23002"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/568aeb3476c770a3863c755dd2a199c212434286"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/777a8560fd29738350c5094d4166fe5499452409"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b11dfb7708f212b96c7973a474014c071aa02e05"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G989-FG9H-96PR
Vulnerability from github – Published: 2026-02-14 00:32 – Updated: 2026-02-17 21:31A Null Pointer Dereference vulnerability exists in the TON Virtual Machine (TVM) within the TON Blockchain before v2025.06. The issue is located in the execution logic of the INMSGPARAM instruction, where the program fails to validate if a specific pointer is null before accessing it. By sending a malicious transaction or smart contract, an attacker can trigger this null pointer dereference, causing the validator node process to crash (segmentation fault). This results in a Denial of Service (DoS) affecting the availability of the entire blockchain network.
{
"affected": [],
"aliases": [
"CVE-2025-70954"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-13T22:16:10Z",
"severity": "HIGH"
},
"details": "A Null Pointer Dereference vulnerability exists in the TON Virtual Machine (TVM) within the TON Blockchain before v2025.06. The issue is located in the execution logic of the INMSGPARAM instruction, where the program fails to validate if a specific pointer is null before accessing it. By sending a malicious transaction or smart contract, an attacker can trigger this null pointer dereference, causing the validator node process to crash (segmentation fault). This results in a Denial of Service (DoS) affecting the availability of the entire blockchain network.",
"id": "GHSA-g989-fg9h-96pr",
"modified": "2026-02-17T21:31:13Z",
"published": "2026-02-14T00:32:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70954"
},
{
"type": "WEB",
"url": "https://github.com/ton-blockchain/ton/commit/9e5109d56bc4f2345a00b2271c3711103841b799"
},
{
"type": "WEB",
"url": "https://gist.github.com/Lucian-code233/04940a264cab50732cc07fd991749226"
},
{
"type": "WEB",
"url": "https://github.com/ton-blockchain/ton/releases/tag/v2025.06#:~:text=AArayz%2C%20wy666444%2C%20Robinlzw%2C%20Lucian-code233"
},
{
"type": "WEB",
"url": "https://mp.weixin.qq.com/s/IbRKrCKdMyIi-azkuqOOvg"
},
{
"type": "WEB",
"url": "https://www.tonbit.xyz/blog/post/TonBit-Discovers-Critical-Vulnerability-on-TON-Virtual-Machine-for-the-Third-Time-Once-Again-Receiving-Official-Recognition-from-the-TON-Team.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G995-H8WX-7QW6
Vulnerability from github – Published: 2023-05-18 00:30 – Updated: 2024-04-04 04:14A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.
{
"affected": [],
"aliases": [
"CVE-2023-2731"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-17T22:15:11Z",
"severity": "MODERATE"
},
"details": "A NULL pointer dereference flaw was found in Libtiff\u0027s LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.",
"id": "GHSA-g995-h8wx-7qw6",
"modified": "2024-04-04T04:14:02Z",
"published": "2023-05-18T00:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2731"
},
{
"type": "WEB",
"url": "https://github.com/libsdl-org/libtiff/commit/9be22b639ea69e102d3847dca4c53ef025e9527b"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-2731"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207635"
},
{
"type": "WEB",
"url": "https://gitlab.com/libtiff/libtiff/-/issues/548"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230703-0009"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G99C-G7MV-2XPG
Vulnerability from github – Published: 2026-05-28 12:30 – Updated: 2026-06-10 21:31In the Linux kernel, the following vulnerability has been resolved:
media: saa7164: add ioremap return checks and cleanups
Add checks for ioremap return values in saa7164_dev_setup(). If ioremap for BAR0 or BAR2 fails, release the already allocated PCI memory regions, remove the device from the global list, decrement the device count, and return -ENODEV.
This prevents potential null pointer dereferences and ensures proper cleanup on memory mapping failures.
{
"affected": [],
"aliases": [
"CVE-2026-46235"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-28T10:16:39Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: saa7164: add ioremap return checks and cleanups\n\nAdd checks for ioremap return values in saa7164_dev_setup(). If\nioremap for BAR0 or BAR2 fails, release the already allocated PCI\nmemory regions, remove the device from the global list, decrement\nthe device count, and return -ENODEV.\n\nThis prevents potential null pointer dereferences and ensures proper\ncleanup on memory mapping failures.",
"id": "GHSA-g99c-g7mv-2xpg",
"modified": "2026-06-10T21:31:26Z",
"published": "2026-05-28T12:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46235"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/23dee5990d2c27ed79567fd61ccfe6876768531a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3ce8f3057c51bb0a66aa3fab0862be74e9f88684"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6047dc542fa404b5c187cc2c7906aaaaec6d11ed"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6c22a6d8e4c1507bba504aeebe80476144a373eb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a9b83f46e52cf1239d780920d1a7a3e415f7b5d9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d51c60a498e83c9a79884c8e420f97e3885c9583"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G9FX-4QG5-6RM4
Vulnerability from github – Published: 2025-05-14 18:30 – Updated: 2025-05-14 18:30NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
{
"affected": [],
"aliases": [
"CVE-2025-30665"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-14T18:15:30Z",
"severity": "MODERATE"
},
"details": "NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.",
"id": "GHSA-g9fx-4qg5-6rm4",
"modified": "2025-05-14T18:30:51Z",
"published": "2025-05-14T18:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30665"
},
{
"type": "WEB",
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25018"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.