CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-GWCP-9X74-J757
Vulnerability from github – Published: 2024-05-01 15:30 – Updated: 2025-03-05 15:30In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Fix NULL domain on device release
In the kdump kernel, the IOMMU operates in deferred_attach mode. In this mode, info->domain may not yet be assigned by the time the release_device function is called. It leads to the following crash in the crash kernel:
BUG: kernel NULL pointer dereference, address: 000000000000003c
...
RIP: 0010:do_raw_spin_lock+0xa/0xa0
...
_raw_spin_lock_irqsave+0x1b/0x30
intel_iommu_release_device+0x96/0x170
iommu_deinit_device+0x39/0xf0
__iommu_group_remove_device+0xa0/0xd0
iommu_bus_notifier+0x55/0xb0
notifier_call_chain+0x5a/0xd0
blocking_notifier_call_chain+0x41/0x60
bus_notify+0x34/0x50
device_del+0x269/0x3d0
pci_remove_bus_device+0x77/0x100
p2sb_bar+0xae/0x1d0
...
i801_probe+0x423/0x740
Use the release_domain mechanism to fix it. The scalable mode context entry which is not part of release domain should be cleared in release_device().
{
"affected": [],
"aliases": [
"CVE-2024-27079"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-01T13:15:51Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix NULL domain on device release\n\nIn the kdump kernel, the IOMMU operates in deferred_attach mode. In this\nmode, info-\u003edomain may not yet be assigned by the time the release_device\nfunction is called. It leads to the following crash in the crash kernel:\n\n BUG: kernel NULL pointer dereference, address: 000000000000003c\n ...\n RIP: 0010:do_raw_spin_lock+0xa/0xa0\n ...\n _raw_spin_lock_irqsave+0x1b/0x30\n intel_iommu_release_device+0x96/0x170\n iommu_deinit_device+0x39/0xf0\n __iommu_group_remove_device+0xa0/0xd0\n iommu_bus_notifier+0x55/0xb0\n notifier_call_chain+0x5a/0xd0\n blocking_notifier_call_chain+0x41/0x60\n bus_notify+0x34/0x50\n device_del+0x269/0x3d0\n pci_remove_bus_device+0x77/0x100\n p2sb_bar+0xae/0x1d0\n ...\n i801_probe+0x423/0x740\n\nUse the release_domain mechanism to fix it. The scalable mode context\nentry which is not part of release domain should be cleared in\nrelease_device().",
"id": "GHSA-gwcp-9x74-j757",
"modified": "2025-03-05T15:30:49Z",
"published": "2024-05-01T15:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27079"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/333fe86968482ca701c609af590003bcea450e8f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/81e921fd321614c2ad8ac333b041aae1da7a1c6d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GWG6-GWM3-3G4W
Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2022-05-24 17:45A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed.
{
"affected": [],
"aliases": [
"CVE-2021-20213"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-25T19:15:00Z",
"severity": "HIGH"
},
"details": "A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed.",
"id": "GHSA-gwg6-gwm3-3g4w",
"modified": "2022-05-24T17:45:22Z",
"published": "2022-05-24T17:45:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20213"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928739"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202107-16"
},
{
"type": "WEB",
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-GWG7-G9W7-WR87
Vulnerability from github – Published: 2022-05-14 02:20 – Updated: 2025-04-20 03:48The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image.
{
"affected": [],
"aliases": [
"CVE-2017-16545"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-11-05T22:29:00Z",
"severity": "HIGH"
},
"details": "The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image.",
"id": "GHSA-gwg7-g9w7-wr87",
"modified": "2025-04-20T03:48:03Z",
"published": "2022-05-14T02:20:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16545"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ"
},
{
"type": "WEB",
"url": "https://sourceforge.net/p/graphicsmagick/bugs/519"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4248-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4321"
},
{
"type": "WEB",
"url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/e8086faa52d0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GWMF-748F-8J3C
Vulnerability from github – Published: 2024-06-21 12:31 – Updated: 2026-05-12 12:31In the Linux kernel, the following vulnerability has been resolved:
netfilter: tproxy: bail out if IP has been disabled on the device
syzbot reports: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] [..] RIP: 0010:nf_tproxy_laddr4+0xb7/0x340 net/ipv4/netfilter/nf_tproxy_ipv4.c:62 Call Trace: nft_tproxy_eval_v4 net/netfilter/nft_tproxy.c:56 [inline] nft_tproxy_eval+0xa9a/0x1a00 net/netfilter/nft_tproxy.c:168
__in_dev_get_rcu() can return NULL, so check for this.
{
"affected": [],
"aliases": [
"CVE-2024-36270"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-21T11:15:10Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: tproxy: bail out if IP has been disabled on the device\n\nsyzbot reports:\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\n[..]\nRIP: 0010:nf_tproxy_laddr4+0xb7/0x340 net/ipv4/netfilter/nf_tproxy_ipv4.c:62\nCall Trace:\n nft_tproxy_eval_v4 net/netfilter/nft_tproxy.c:56 [inline]\n nft_tproxy_eval+0xa9a/0x1a00 net/netfilter/nft_tproxy.c:168\n\n__in_dev_get_rcu() can return NULL, so check for this.",
"id": "GHSA-gwmf-748f-8j3c",
"modified": "2026-05-12T12:31:56Z",
"published": "2024-06-21T12:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36270"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-613116.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/07eeedafc59c45fe5de43958128542be3784764c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/10f0af5234dafd03d2b75233428ec3f11cf7e43d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/21a673bddc8fd4873c370caf9ae70ffc6d47e8d3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/570b4c52096e62fda562448f5760fd0ff06110f0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6fe5af4ff06db3d4d80e07a19356640428159f03"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/819bfeca16eb9ad647ddcae25e7e12c30612147c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/caf3a8afb5ea00db6d5398adf148d5534615fd80"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GWQ3-CJP5-74M9
Vulnerability from github – Published: 2023-05-02 06:30 – Updated: 2024-04-04 03:45Transient DOS due to NULL pointer dereference in Modem while sending invalid messages in DCCH.
{
"affected": [],
"aliases": [
"CVE-2022-33305"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-02T06:15:09Z",
"severity": "HIGH"
},
"details": "Transient DOS due to NULL pointer dereference in Modem while sending invalid messages in DCCH.",
"id": "GHSA-gwq3-cjp5-74m9",
"modified": "2024-04-04T03:45:31Z",
"published": "2023-05-02T06:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33305"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GWV2-2C9F-HMFV
Vulnerability from github – Published: 2026-05-04 09:31 – Updated: 2026-05-04 09:31mutt before 2.3.2 has a show_sig_summary NULL pointer dereference.
{
"affected": [],
"aliases": [
"CVE-2026-43864"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-04T07:16:01Z",
"severity": "LOW"
},
"details": "mutt before 2.3.2 has a show_sig_summary NULL pointer dereference.",
"id": "GHSA-gwv2-2c9f-hmfv",
"modified": "2026-05-04T09:31:09Z",
"published": "2026-05-04T09:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43864"
},
{
"type": "WEB",
"url": "https://github.com/muttmua/mutt/commit/ebfa2969042d89303d15334193fcc32866c8a8df"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-GWV8-6VRP-2X6G
Vulnerability from github – Published: 2022-05-14 00:54 – Updated: 2022-05-14 00:54Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression.
{
"affected": [],
"aliases": [
"CVE-2018-15863"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-08-25T21:29:00Z",
"severity": "MODERATE"
},
"details": "Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression.",
"id": "GHSA-gwv8-6vrp-2x6g",
"modified": "2022-05-14T00:54:57Z",
"published": "2022-05-14T00:54:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15863"
},
{
"type": "WEB",
"url": "https://github.com/xkbcommon/libxkbcommon/commit/96df3106d49438e442510c59acad306e94f3db4d"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2079"
},
{
"type": "WEB",
"url": "https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201810-05"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3786-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3786-2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GWWH-G689-9JVG
Vulnerability from github – Published: 2023-04-13 09:30 – Updated: 2024-04-04 03:26Denial of service in modem due to missing null check while processing the ipv6 packet received during ECM call
{
"affected": [],
"aliases": [
"CVE-2022-25739"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-13T07:15:00Z",
"severity": "HIGH"
},
"details": "Denial of service in modem due to missing null check while processing the ipv6 packet received during ECM call",
"id": "GHSA-gwwh-g689-9jvg",
"modified": "2024-04-04T03:26:53Z",
"published": "2023-04-13T09:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25739"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GX25-2FRW-GVQR
Vulnerability from github – Published: 2022-05-13 01:23 – Updated: 2022-05-13 01:23The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel 2.6.35.4 and earlier expects that a certain parent session keyring exists, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function.
{
"affected": [],
"aliases": [
"CVE-2010-2960"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-09-08T20:00:00Z",
"severity": "HIGH"
},
"details": "The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel 2.6.35.4 and earlier expects that a certain parent session keyring exists, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function.",
"id": "GHSA-gx25-2frw-gvqr",
"modified": "2022-05-13T01:23:55Z",
"published": "2022-05-13T01:23:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2960"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=627440"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61557"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/41263"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1024384"
},
{
"type": "WEB",
"url": "http://twitter.com/taviso/statuses/22777866582"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2010/09/02/1"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/42932"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-1000-1"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0298"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GX4V-H6F2-C9Q3
Vulnerability from github – Published: 2022-05-13 01:03 – Updated: 2022-05-13 01:03The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via an object file with empty bss-like sections.
{
"affected": [],
"aliases": [
"CVE-2016-5028"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-02-17T17:59:00Z",
"severity": "MODERATE"
},
"details": "The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via an object file with empty bss-like sections.",
"id": "GHSA-gx4v-h6f2-c9q3",
"modified": "2022-05-13T01:03:25Z",
"published": "2022-05-13T01:03:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5028"
},
{
"type": "WEB",
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.