Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-GX7G-X5PW-4H97

Vulnerability from github – Published: 2024-04-09 09:31 – Updated: 2024-11-18 16:26
VLAI
Details

A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26277"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-09T09:15:24Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been identified in Parasolid V35.1 (All versions \u003c V35.1.254), Parasolid V36.0 (All versions \u003c V36.0.207), Parasolid V36.1 (All versions \u003c V36.1.147). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.",
  "id": "GHSA-gx7g-x5pw-4h97",
  "modified": "2024-11-18T16:26:39Z",
  "published": "2024-04-09T09:31:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26277"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-222019.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-771940.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-GXF7-839P-8C8P

Vulnerability from github – Published: 2022-05-17 02:35 – Updated: 2022-05-17 02:35
VLAI
Details

In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in the unlocking of memory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-9020"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-13T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in the unlocking of memory.",
  "id": "GHSA-gxf7-839p-8c8p",
  "modified": "2022-05-17T02:35:23Z",
  "published": "2022-05-17T02:35:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9020"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2017-06-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/98874"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038623"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GXGX-2MVF-9GH5

Vulnerability from github – Published: 2024-04-10 15:30 – Updated: 2024-08-27 18:31
VLAI
Details

Joda Time v2.12.5 was discovered to contain a NullPointerException via the component org.joda.time.format.PeriodFormat::wordBased(Locale).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-23080"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-10T13:51:38Z",
    "severity": "CRITICAL"
  },
  "details": "Joda Time v2.12.5 was discovered to contain a NullPointerException via the component org.joda.time.format.PeriodFormat::wordBased(Locale).",
  "id": "GHSA-gxgx-2mvf-9gh5",
  "modified": "2024-08-27T18:31:34Z",
  "published": "2024-04-10T15:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23080"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/LLM4IG/6614bfa658295d7af07a6d37e06db27f"
    },
    {
      "type": "WEB",
      "url": "https://github.com/JodaOrg/joda-time"
    },
    {
      "type": "WEB",
      "url": "http://joda.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GXHG-7JX8-M22J

Vulnerability from github – Published: 2026-06-09 18:30 – Updated: 2026-06-10 09:31
VLAI
Details

Issue summary: An attacker-controlled CMP (Certificate Management Protocol) server could trigger a NULL pointer dereference in a CMP client application.

Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service.

An attacker controlling a CMP server (or acting as a man-in-the-middle) could craft a CMP response containing a CRMF (Certificate Request Message Format) CertRepMessage with an EncryptedValue structure where the symmAlg field has an algorithm OID but no parameters field. When the OpenSSL CMP client processes this response, the NULL dereference occurs, causing a crash of the CMP client.

Applications that process untrusted CMP/CRMF messages may be affected.

The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-42767"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-09T17:17:08Z",
    "severity": "MODERATE"
  },
  "details": "Issue summary: An attacker-controlled CMP (Certificate Management Protocol)\nserver could trigger a NULL pointer dereference in a CMP client application.\n\nImpact summary: A NULL pointer dereference causes a crash of the\napplication and a Denial of Service.\n\nAn attacker controlling a CMP server (or acting as a man-in-the-middle) could\ncraft a CMP response containing a CRMF (Certificate Request Message Format)\nCertRepMessage with an EncryptedValue structure where the symmAlg field\nhas an algorithm OID but no parameters field. When the OpenSSL CMP client\nprocesses this response, the NULL dereference occurs, causing a crash of\nthe CMP client.\n\nApplications that process untrusted CMP/CRMF messages may be affected.\n\nThe FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.",
  "id": "GHSA-gxhg-7jx8-m22j",
  "modified": "2026-06-10T09:31:57Z",
  "published": "2026-06-09T18:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42767"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openssl/openssl/commit/61a86a8cd73546c9fea916f3d304c1293e05c046"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openssl/openssl/commit/665d5254083affde9982efca7c41dd01cacc8774"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openssl/openssl/commit/810b722f772652ad48042bcc7ab07e3414b11d0f"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openssl/openssl/commit/b90ff3b1bd33b1c18e6a09936d097c2eddef8873"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openssl/openssl/commit/e6f912907fc2ec82a0fd07aae55172c5e5e3d90d"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openssl/security/commit/61a86a8cd73546c9fea916f3d304c1293e05c046"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openssl/security/commit/665d5254083affde9982efca7c41dd01cacc8774"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openssl/security/commit/810b722f772652ad48042bcc7ab07e3414b11d0f"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openssl/security/commit/b90ff3b1bd33b1c18e6a09936d097c2eddef8873"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openssl/security/commit/e6f912907fc2ec82a0fd07aae55172c5e5e3d90d"
    },
    {
      "type": "WEB",
      "url": "https://openssl-library.org/news/secadv/20260609.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GXMF-VPC7-MJF9

Vulnerability from github – Published: 2023-02-03 00:30 – Updated: 2023-02-03 00:30
VLAI
Details

An uncontrolled process operation was found in the newgrp command provided by the shadow-utils package. This issue could cause the execution of arbitrary code provided by a user when running the newgrp command.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-0634"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-02T23:15:00Z",
    "severity": null
  },
  "details": "An uncontrolled process operation was found in the newgrp command provided by the shadow-utils package. This issue could cause the execution of arbitrary code provided by a user when running the newgrp command.",
  "id": "GHSA-gxmf-vpc7-mjf9",
  "modified": "2023-02-03T00:30:17Z",
  "published": "2023-02-03T00:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0634"
    },
    {
      "type": "WEB",
      "url": "https://github.com/shadow-maint/shadow/pull/642"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2023-0634"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166544"
    },
    {
      "type": "WEB",
      "url": "https://codeql.github.com/codeql-query-help/cpp/cpp-uncontrolled-process-operation"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-GXQP-64JF-HJ53

Vulnerability from github – Published: 2024-03-26 18:32 – Updated: 2025-01-07 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Fix late derefrence 'dsc' check in 'link_set_dsc_pps_packet()'

In link_set_dsc_pps_packet(), 'struct display_stream_compressor *dsc' was dereferenced in a DC_LOGGER_INIT(dsc->ctx->logger); before the 'dsc' NULL pointer check.

Fixes the below: drivers/gpu/drm/amd/amdgpu/../display/dc/link/link_dpms.c:905 link_set_dsc_pps_packet() warn: variable dereferenced before check 'dsc' (see line 903)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26647"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-26T18:15:10Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix late derefrence \u0027dsc\u0027 check in \u0027link_set_dsc_pps_packet()\u0027\n\nIn link_set_dsc_pps_packet(), \u0027struct display_stream_compressor *dsc\u0027\nwas dereferenced in a DC_LOGGER_INIT(dsc-\u003ectx-\u003elogger); before the \u0027dsc\u0027\nNULL pointer check.\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/link/link_dpms.c:905 link_set_dsc_pps_packet() warn: variable dereferenced before check \u0027dsc\u0027 (see line 903)",
  "id": "GHSA-gxqp-64jf-hj53",
  "modified": "2025-01-07T21:30:54Z",
  "published": "2024-03-26T18:32:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26647"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3bb9b1f958c3d986ed90a3ff009f1e77e9553207"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6aa5ede6665122f4c8abce3c6eba06b49e54d25c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cf656fc7276e5b3709a81bc9d9639459be2b2647"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GXQW-PVP2-VPQ6

Vulnerability from github – Published: 2022-05-24 17:48 – Updated: 2022-05-24 17:48
VLAI
Details

An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function SetupWriters() in isomedia/isom_store.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-35981"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-21T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function SetupWriters() in isomedia/isom_store.c.",
  "id": "GHSA-gxqw-pvp2-vpq6",
  "modified": "2022-05-24T17:48:00Z",
  "published": "2022-05-24T17:48:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35981"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/issues/1659"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/commit/dae9900580a8888969481cd72035408091edb11b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-GXVQ-F5Q4-6G92

Vulnerability from github – Published: 2025-01-22 18:31 – Updated: 2025-01-22 18:31
VLAI
Details

A vulnerability in the SIP processing subsystem of Cisco BroadWorks could allow an unauthenticated, remote attacker to halt the processing of incoming SIP requests, resulting in a denial of service (DoS) condition.

This vulnerability is due to improper memory handling for certain SIP requests. An attacker could exploit this vulnerability by sending a high number of SIP requests to an affected system. A successful exploit could allow the attacker to exhaust the memory that was allocated to the Cisco BroadWorks Network Servers that handle SIP traffic. If no memory is available, the Network Servers can no longer process incoming requests, resulting in a DoS condition that requires manual intervention to recover.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-20165"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476",
      "CWE-789"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-22T17:15:13Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the SIP processing subsystem of Cisco BroadWorks could allow an unauthenticated, remote attacker to halt the processing of incoming SIP requests, resulting in a denial of service (DoS) condition.\n\nThis vulnerability is due to improper memory handling for certain SIP requests. An attacker could exploit this vulnerability by sending a high number of SIP requests to an affected system. A successful exploit could allow the attacker to exhaust the memory that was allocated to the Cisco BroadWorks Network Servers that handle SIP traffic. If no memory is available, the Network Servers can no longer process incoming requests, resulting in a DoS condition that requires manual intervention to recover.",
  "id": "GHSA-gxvq-f5q4-6g92",
  "modified": "2025-01-22T18:31:56Z",
  "published": "2025-01-22T18:31:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20165"
    },
    {
      "type": "WEB",
      "url": "https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-sip-dos-mSySbrmt"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GXVX-W63C-JPRW

Vulnerability from github – Published: 2024-12-31 15:30 – Updated: 2024-12-31 15:30
VLAI
Details

A flaw was found in FFmpeg's HLS playlist parsing. This vulnerability allows a denial of service via a maliciously crafted HLS playlist that triggers a null pointer dereference during initialization.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-6603"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476",
      "CWE-99"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-31T15:15:07Z",
    "severity": "HIGH"
  },
  "details": "A flaw was found in FFmpeg\u0027s HLS playlist parsing. This vulnerability allows a denial of service via a maliciously crafted HLS playlist that triggers a null pointer dereference during initialization.",
  "id": "GHSA-gxvx-w63c-jprw",
  "modified": "2024-12-31T15:30:46Z",
  "published": "2024-12-31T15:30:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6603"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334335"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GXXF-959M-C3MF

Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-05-24 19:11
VLAI
Details

Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-35985"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-20T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-gxxf-959m-c3mf",
  "modified": "2022-05-24T19:11:45Z",
  "published": "2022-05-24T19:11:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35985"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-51.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.