CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-GX7G-X5PW-4H97
Vulnerability from github – Published: 2024-04-09 09:31 – Updated: 2024-11-18 16:26A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
{
"affected": [],
"aliases": [
"CVE-2024-26277"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-09T09:15:24Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in Parasolid V35.1 (All versions \u003c V35.1.254), Parasolid V36.0 (All versions \u003c V36.0.207), Parasolid V36.1 (All versions \u003c V36.1.147). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.",
"id": "GHSA-gx7g-x5pw-4h97",
"modified": "2024-11-18T16:26:39Z",
"published": "2024-04-09T09:31:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26277"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-222019.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-771940.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-GXF7-839P-8C8P
Vulnerability from github – Published: 2022-05-17 02:35 – Updated: 2022-05-17 02:35In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in the unlocking of memory.
{
"affected": [],
"aliases": [
"CVE-2015-9020"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-06-13T20:29:00Z",
"severity": "HIGH"
},
"details": "In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in the unlocking of memory.",
"id": "GHSA-gxf7-839p-8c8p",
"modified": "2022-05-17T02:35:23Z",
"published": "2022-05-17T02:35:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9020"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/98874"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038623"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GXGX-2MVF-9GH5
Vulnerability from github – Published: 2024-04-10 15:30 – Updated: 2024-08-27 18:31Joda Time v2.12.5 was discovered to contain a NullPointerException via the component org.joda.time.format.PeriodFormat::wordBased(Locale).
{
"affected": [],
"aliases": [
"CVE-2024-23080"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-10T13:51:38Z",
"severity": "CRITICAL"
},
"details": "Joda Time v2.12.5 was discovered to contain a NullPointerException via the component org.joda.time.format.PeriodFormat::wordBased(Locale).",
"id": "GHSA-gxgx-2mvf-9gh5",
"modified": "2024-08-27T18:31:34Z",
"published": "2024-04-10T15:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23080"
},
{
"type": "WEB",
"url": "https://gist.github.com/LLM4IG/6614bfa658295d7af07a6d37e06db27f"
},
{
"type": "WEB",
"url": "https://github.com/JodaOrg/joda-time"
},
{
"type": "WEB",
"url": "http://joda.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GXHG-7JX8-M22J
Vulnerability from github – Published: 2026-06-09 18:30 – Updated: 2026-06-10 09:31Issue summary: An attacker-controlled CMP (Certificate Management Protocol) server could trigger a NULL pointer dereference in a CMP client application.
Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service.
An attacker controlling a CMP server (or acting as a man-in-the-middle) could craft a CMP response containing a CRMF (Certificate Request Message Format) CertRepMessage with an EncryptedValue structure where the symmAlg field has an algorithm OID but no parameters field. When the OpenSSL CMP client processes this response, the NULL dereference occurs, causing a crash of the CMP client.
Applications that process untrusted CMP/CRMF messages may be affected.
The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.
{
"affected": [],
"aliases": [
"CVE-2026-42767"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-09T17:17:08Z",
"severity": "MODERATE"
},
"details": "Issue summary: An attacker-controlled CMP (Certificate Management Protocol)\nserver could trigger a NULL pointer dereference in a CMP client application.\n\nImpact summary: A NULL pointer dereference causes a crash of the\napplication and a Denial of Service.\n\nAn attacker controlling a CMP server (or acting as a man-in-the-middle) could\ncraft a CMP response containing a CRMF (Certificate Request Message Format)\nCertRepMessage with an EncryptedValue structure where the symmAlg field\nhas an algorithm OID but no parameters field. When the OpenSSL CMP client\nprocesses this response, the NULL dereference occurs, causing a crash of\nthe CMP client.\n\nApplications that process untrusted CMP/CRMF messages may be affected.\n\nThe FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.",
"id": "GHSA-gxhg-7jx8-m22j",
"modified": "2026-06-10T09:31:57Z",
"published": "2026-06-09T18:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42767"
},
{
"type": "WEB",
"url": "https://github.com/openssl/openssl/commit/61a86a8cd73546c9fea916f3d304c1293e05c046"
},
{
"type": "WEB",
"url": "https://github.com/openssl/openssl/commit/665d5254083affde9982efca7c41dd01cacc8774"
},
{
"type": "WEB",
"url": "https://github.com/openssl/openssl/commit/810b722f772652ad48042bcc7ab07e3414b11d0f"
},
{
"type": "WEB",
"url": "https://github.com/openssl/openssl/commit/b90ff3b1bd33b1c18e6a09936d097c2eddef8873"
},
{
"type": "WEB",
"url": "https://github.com/openssl/openssl/commit/e6f912907fc2ec82a0fd07aae55172c5e5e3d90d"
},
{
"type": "WEB",
"url": "https://github.com/openssl/security/commit/61a86a8cd73546c9fea916f3d304c1293e05c046"
},
{
"type": "WEB",
"url": "https://github.com/openssl/security/commit/665d5254083affde9982efca7c41dd01cacc8774"
},
{
"type": "WEB",
"url": "https://github.com/openssl/security/commit/810b722f772652ad48042bcc7ab07e3414b11d0f"
},
{
"type": "WEB",
"url": "https://github.com/openssl/security/commit/b90ff3b1bd33b1c18e6a09936d097c2eddef8873"
},
{
"type": "WEB",
"url": "https://github.com/openssl/security/commit/e6f912907fc2ec82a0fd07aae55172c5e5e3d90d"
},
{
"type": "WEB",
"url": "https://openssl-library.org/news/secadv/20260609.txt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GXMF-VPC7-MJF9
Vulnerability from github – Published: 2023-02-03 00:30 – Updated: 2023-02-03 00:30An uncontrolled process operation was found in the newgrp command provided by the shadow-utils package. This issue could cause the execution of arbitrary code provided by a user when running the newgrp command.
{
"affected": [],
"aliases": [
"CVE-2023-0634"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-02T23:15:00Z",
"severity": null
},
"details": "An uncontrolled process operation was found in the newgrp command provided by the shadow-utils package. This issue could cause the execution of arbitrary code provided by a user when running the newgrp command.",
"id": "GHSA-gxmf-vpc7-mjf9",
"modified": "2023-02-03T00:30:17Z",
"published": "2023-02-03T00:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0634"
},
{
"type": "WEB",
"url": "https://github.com/shadow-maint/shadow/pull/642"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-0634"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166544"
},
{
"type": "WEB",
"url": "https://codeql.github.com/codeql-query-help/cpp/cpp-uncontrolled-process-operation"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-GXQP-64JF-HJ53
Vulnerability from github – Published: 2024-03-26 18:32 – Updated: 2025-01-07 21:30In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix late derefrence 'dsc' check in 'link_set_dsc_pps_packet()'
In link_set_dsc_pps_packet(), 'struct display_stream_compressor *dsc' was dereferenced in a DC_LOGGER_INIT(dsc->ctx->logger); before the 'dsc' NULL pointer check.
Fixes the below: drivers/gpu/drm/amd/amdgpu/../display/dc/link/link_dpms.c:905 link_set_dsc_pps_packet() warn: variable dereferenced before check 'dsc' (see line 903)
{
"affected": [],
"aliases": [
"CVE-2024-26647"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-26T18:15:10Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix late derefrence \u0027dsc\u0027 check in \u0027link_set_dsc_pps_packet()\u0027\n\nIn link_set_dsc_pps_packet(), \u0027struct display_stream_compressor *dsc\u0027\nwas dereferenced in a DC_LOGGER_INIT(dsc-\u003ectx-\u003elogger); before the \u0027dsc\u0027\nNULL pointer check.\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/link/link_dpms.c:905 link_set_dsc_pps_packet() warn: variable dereferenced before check \u0027dsc\u0027 (see line 903)",
"id": "GHSA-gxqp-64jf-hj53",
"modified": "2025-01-07T21:30:54Z",
"published": "2024-03-26T18:32:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26647"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3bb9b1f958c3d986ed90a3ff009f1e77e9553207"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6aa5ede6665122f4c8abce3c6eba06b49e54d25c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cf656fc7276e5b3709a81bc9d9639459be2b2647"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GXQW-PVP2-VPQ6
Vulnerability from github – Published: 2022-05-24 17:48 – Updated: 2022-05-24 17:48An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function SetupWriters() in isomedia/isom_store.c.
{
"affected": [],
"aliases": [
"CVE-2020-35981"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-21T16:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function SetupWriters() in isomedia/isom_store.c.",
"id": "GHSA-gxqw-pvp2-vpq6",
"modified": "2022-05-24T17:48:00Z",
"published": "2022-05-24T17:48:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35981"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/issues/1659"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/commit/dae9900580a8888969481cd72035408091edb11b"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-GXVQ-F5Q4-6G92
Vulnerability from github – Published: 2025-01-22 18:31 – Updated: 2025-01-22 18:31A vulnerability in the SIP processing subsystem of Cisco BroadWorks could allow an unauthenticated, remote attacker to halt the processing of incoming SIP requests, resulting in a denial of service (DoS) condition.
This vulnerability is due to improper memory handling for certain SIP requests. An attacker could exploit this vulnerability by sending a high number of SIP requests to an affected system. A successful exploit could allow the attacker to exhaust the memory that was allocated to the Cisco BroadWorks Network Servers that handle SIP traffic. If no memory is available, the Network Servers can no longer process incoming requests, resulting in a DoS condition that requires manual intervention to recover.
{
"affected": [],
"aliases": [
"CVE-2025-20165"
],
"database_specific": {
"cwe_ids": [
"CWE-476",
"CWE-789"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-22T17:15:13Z",
"severity": "HIGH"
},
"details": "A vulnerability in the SIP processing subsystem of Cisco BroadWorks could allow an unauthenticated, remote attacker to halt the processing of incoming SIP requests, resulting in a denial of service (DoS) condition.\n\nThis vulnerability is due to improper memory handling for certain SIP requests. An attacker could exploit this vulnerability by sending a high number of SIP requests to an affected system. A successful exploit could allow the attacker to exhaust the memory that was allocated to the Cisco BroadWorks Network Servers that handle SIP traffic. If no memory is available, the Network Servers can no longer process incoming requests, resulting in a DoS condition that requires manual intervention to recover.",
"id": "GHSA-gxvq-f5q4-6g92",
"modified": "2025-01-22T18:31:56Z",
"published": "2025-01-22T18:31:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20165"
},
{
"type": "WEB",
"url": "https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-sip-dos-mSySbrmt"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GXVX-W63C-JPRW
Vulnerability from github – Published: 2024-12-31 15:30 – Updated: 2024-12-31 15:30A flaw was found in FFmpeg's HLS playlist parsing. This vulnerability allows a denial of service via a maliciously crafted HLS playlist that triggers a null pointer dereference during initialization.
{
"affected": [],
"aliases": [
"CVE-2023-6603"
],
"database_specific": {
"cwe_ids": [
"CWE-476",
"CWE-99"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-31T15:15:07Z",
"severity": "HIGH"
},
"details": "A flaw was found in FFmpeg\u0027s HLS playlist parsing. This vulnerability allows a denial of service via a maliciously crafted HLS playlist that triggers a null pointer dereference during initialization.",
"id": "GHSA-gxvx-w63c-jprw",
"modified": "2024-12-31T15:30:46Z",
"published": "2024-12-31T15:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6603"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334335"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GXXF-959M-C3MF
Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-05-24 19:11Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2021-35985"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-20T19:15:00Z",
"severity": "MODERATE"
},
"details": "Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-gxxf-959m-c3mf",
"modified": "2022-05-24T19:11:45Z",
"published": "2022-05-24T19:11:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35985"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb21-51.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.