CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-M2X4-W9M7-WCWM
Vulnerability from github – Published: 2022-12-23 00:30 – Updated: 2022-12-30 15:30A denial of service vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to null pointer dereference. An attacker can provide malicious input to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2022-43593"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-22T22:15:00Z",
"severity": "MODERATE"
},
"details": "A denial of service vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to null pointer dereference. An attacker can provide malicious input to trigger this vulnerability.",
"id": "GHSA-m2x4-w9m7-wcwm",
"modified": "2022-12-30T15:30:23Z",
"published": "2022-12-23T00:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43593"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-33"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1652"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5384"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M32W-Q6HX-H7W8
Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-25 21:31In the Linux kernel, the following vulnerability has been resolved:
accel/amdxdna: Fix potential NULL pointer dereference in context cleanup
aie_destroy_context() is invoked during error handling in aie2_create_context(). However, aie_destroy_context() assumes that the context's mailbox channel pointer is non-NULL. If mailbox channel creation fails, the pointer remains NULL and calling aie_destroy_context() can lead to a NULL pointer dereference.
In aie2_create_context(), replace aie_destroy_context() with a function which request firmware to remove the context created previously.
{
"affected": [],
"aliases": [
"CVE-2025-71308"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-27T14:16:43Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/amdxdna: Fix potential NULL pointer dereference in context cleanup\n\naie_destroy_context() is invoked during error handling in\naie2_create_context(). However, aie_destroy_context() assumes that the\ncontext\u0027s mailbox channel pointer is non-NULL. If mailbox channel\ncreation fails, the pointer remains NULL and calling aie_destroy_context()\ncan lead to a NULL pointer dereference.\n\nIn aie2_create_context(), replace aie_destroy_context() with a function\nwhich request firmware to remove the context created previously.",
"id": "GHSA-m32w-q6hx-h7w8",
"modified": "2026-06-25T21:31:18Z",
"published": "2026-05-27T15:33:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71308"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2611c9616cb52d3ed54a6095d72d18e645a6955a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/97f27573837ef96b4ba42af463cc800cab615c0e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M34J-MGRV-W6RC
Vulnerability from github – Published: 2025-09-16 15:32 – Updated: 2025-12-03 18:30In the Linux kernel, the following vulnerability has been resolved:
ALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync()
The variable codec->regmap is often protected by the lock codec->regmap_lock when is accessed. However, it is accessed without holding the lock when is accessed in snd_hdac_regmap_sync():
if (codec->regmap)
In my opinion, this may be a harmful race, because if codec->regmap is set to NULL right after the condition is checked, a null-pointer dereference can occur in the called function regcache_sync():
map->lock(map->lock_arg); --> Line 360 in drivers/base/regmap/regcache.c
To fix this possible null-pointer dereference caused by data race, the mutex_lock coverage is extended to protect the if statement as well as the function call to regcache_sync().
[ Note: the lack of the regmap_lock itself is harmless for the current codec driver implementations, as snd_hdac_regmap_sync() is only for PM runtime resume that is prohibited during the codec probe. But the change makes the whole code more consistent, so it's merged as is -- tiwai ]
{
"affected": [],
"aliases": [
"CVE-2023-53275"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-16T08:15:36Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync()\n\nThe variable codec-\u003eregmap is often protected by the lock\ncodec-\u003eregmap_lock when is accessed. However, it is accessed without\nholding the lock when is accessed in snd_hdac_regmap_sync():\n\n if (codec-\u003eregmap)\n\nIn my opinion, this may be a harmful race, because if codec-\u003eregmap is\nset to NULL right after the condition is checked, a null-pointer\ndereference can occur in the called function regcache_sync():\n\n map-\u003elock(map-\u003elock_arg); --\u003e Line 360 in drivers/base/regmap/regcache.c\n\nTo fix this possible null-pointer dereference caused by data race, the\nmutex_lock coverage is extended to protect the if statement as well as the\nfunction call to regcache_sync().\n\n[ Note: the lack of the regmap_lock itself is harmless for the current\n codec driver implementations, as snd_hdac_regmap_sync() is only for\n PM runtime resume that is prohibited during the codec probe.\n But the change makes the whole code more consistent, so it\u0027s merged\n as is -- tiwai ]",
"id": "GHSA-m34j-mgrv-w6rc",
"modified": "2025-12-03T18:30:20Z",
"published": "2025-09-16T15:32:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53275"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/109f0aaa0b8838a88af9125b79579023539300a7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1f4a08fed450db87fbb5ff5105354158bdbe1a22"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8703b26387e1fa4f8749db98d24c67617b873acb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9f9eed451176ffcac6b5ba0f6dae1a6b4a1cb0eb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b32e40379e5b2814de0c4bc199edc2d82317dc07"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cdd412b528dee6e0851c4735d6676ec138da13a4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M37G-V637-95Q3
Vulnerability from github – Published: 2022-05-02 03:20 – Updated: 2023-12-28 15:30The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags.
{
"affected": [],
"aliases": [
"CVE-2009-0949"
],
"database_specific": {
"cwe_ids": [
"CWE-476",
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2009-06-09T17:30:00Z",
"severity": "MODERATE"
},
"details": "The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags.",
"id": "GHSA-m37g-v637-95q3",
"modified": "2023-12-28T15:30:17Z",
"published": "2022-05-02T03:20:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0949"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500972"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50926"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9631"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/35322"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/35328"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/35340"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/35342"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/35685"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/36701"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1022321"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT3865"
},
{
"type": "WEB",
"url": "http://www.coresecurity.com/content/AppleCUPS-null-pointer-vulnerability"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2009/dsa-1811"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1082.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1083.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/504032/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/35169"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-780-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M38J-R6W7-C465
Vulnerability from github – Published: 2025-02-11 18:31 – Updated: 2025-02-11 18:31InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2025-21125"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-11T17:15:24Z",
"severity": "MODERATE"
},
"details": "InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-m38j-r6w7-c465",
"modified": "2025-02-11T18:31:35Z",
"published": "2025-02-11T18:31:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21125"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/indesign/apsb25-01.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M39V-C9R9-VMWH
Vulnerability from github – Published: 2024-12-27 15:31 – Updated: 2025-04-07 09:30In the Linux kernel, the following vulnerability has been resolved:
scsi: ufs: qcom: Only free platform MSIs when ESI is enabled
Otherwise, it will result in a NULL pointer dereference as below:
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 Call trace: mutex_lock+0xc/0x54 platform_device_msi_free_irqs_all+0x14/0x20 ufs_qcom_remove+0x34/0x48 [ufs_qcom] platform_remove+0x28/0x44 device_remove+0x4c/0x80 device_release_driver_internal+0xd8/0x178 driver_detach+0x50/0x9c bus_remove_driver+0x6c/0xbc driver_unregister+0x30/0x60 platform_driver_unregister+0x14/0x20 ufs_qcom_pltform_exit+0x18/0xb94 [ufs_qcom] __arm64_sys_delete_module+0x180/0x260 invoke_syscall+0x44/0x100 el0_svc_common.constprop.0+0xc0/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x34/0xdc el0t_64_sync_handler+0xc0/0xc4 el0t_64_sync+0x190/0x194
{
"affected": [],
"aliases": [
"CVE-2024-56620"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T15:15:21Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: qcom: Only free platform MSIs when ESI is enabled\n\nOtherwise, it will result in a NULL pointer dereference as below:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000008\nCall trace:\n mutex_lock+0xc/0x54\n platform_device_msi_free_irqs_all+0x14/0x20\n ufs_qcom_remove+0x34/0x48 [ufs_qcom]\n platform_remove+0x28/0x44\n device_remove+0x4c/0x80\n device_release_driver_internal+0xd8/0x178\n driver_detach+0x50/0x9c\n bus_remove_driver+0x6c/0xbc\n driver_unregister+0x30/0x60\n platform_driver_unregister+0x14/0x20\n ufs_qcom_pltform_exit+0x18/0xb94 [ufs_qcom]\n __arm64_sys_delete_module+0x180/0x260\n invoke_syscall+0x44/0x100\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x34/0xdc\n el0t_64_sync_handler+0xc0/0xc4\n el0t_64_sync+0x190/0x194",
"id": "GHSA-m39v-c9r9-vmwh",
"modified": "2025-04-07T09:30:23Z",
"published": "2024-12-27T15:31:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56620"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/64506b3d23a337e98a74b18dcb10c8619365f2bd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f16a097047e38dcdd169a15e3eed1b2f2147a2e7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f99cb5f6344ef93777fd3add7979ebf291a852df"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M3FC-5GX3-J98R
Vulnerability from github – Published: 2024-10-21 18:30 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
Input: adp5589-keys - fix NULL pointer dereference
We register a devm action to call adp5589_clear_config() and then pass the i2c client as argument so that we can call i2c_get_clientdata() in order to get our device object. However, i2c_set_clientdata() is only being set at the end of the probe function which means that we'll get a NULL pointer dereference in case the probe function fails early.
{
"affected": [],
"aliases": [
"CVE-2024-49871"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T18:15:08Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: adp5589-keys - fix NULL pointer dereference\n\nWe register a devm action to call adp5589_clear_config() and then pass\nthe i2c client as argument so that we can call i2c_get_clientdata() in\norder to get our device object. However, i2c_set_clientdata() is only\nbeing set at the end of the probe function which means that we\u0027ll get a\nNULL pointer dereference in case the probe function fails early.",
"id": "GHSA-m3fc-5gx3-j98r",
"modified": "2025-11-04T00:31:40Z",
"published": "2024-10-21T18:30:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49871"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/122b160561f6429701a0559a0f39b0ae309488c6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/34e304cc53ae5d3c8e3f08b41dd11e0d4f3e01ed"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4449fedb8a710043fc0925409eba844c192d4337"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7c3f04223aaf82489472d614c6decee5a1ce8d7f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9a38791ee79bd17d225c15a6d1479448be127a59"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fb5cc65f973661241e4a2b7390b429aa7b330c69"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M3GQ-3GW9-X3FV
Vulnerability from github – Published: 2022-01-16 00:00 – Updated: 2022-01-25 00:03Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6.
{
"affected": [],
"aliases": [
"CVE-2022-23094"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-15T02:15:00Z",
"severity": "HIGH"
},
"details": "Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6.",
"id": "GHSA-m3gq-3gw9-x3fv",
"modified": "2022-01-25T00:03:12Z",
"published": "2022-01-16T00:00:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23094"
},
{
"type": "WEB",
"url": "https://github.com/libreswan/libreswan/issues/585"
},
{
"type": "WEB",
"url": "https://libreswan.org/security/CVE-2022-23094"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPMIHAXWQUJAPCIGNJ5J5Q6ASWQBU7T5"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFZ7WP5LNNBW5ADIOPDSPQ23SXZJRNMP"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5048"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-M3H9-C5J7-Q6F4
Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-18 18:32In the Linux kernel, the following vulnerability has been resolved:
usb: cdns3: change place of 'priv_ep' assignment in cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enable()
If 'ep' is NULL, result of ep_to_cdns3_ep(ep) is invalid pointer and its dereference with priv_ep->cdns3_dev may cause panic.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
{
"affected": [],
"aliases": [
"CVE-2022-50132"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-18T11:15:43Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdns3: change place of \u0027priv_ep\u0027 assignment in cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enable()\n\nIf \u0027ep\u0027 is NULL, result of ep_to_cdns3_ep(ep) is invalid pointer\nand its dereference with priv_ep-\u003ecdns3_dev may cause panic.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"id": "GHSA-m3h9-c5j7-q6f4",
"modified": "2025-11-18T18:32:46Z",
"published": "2025-06-18T12:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50132"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7af83bb516d7aa4f96835288e4aeda21d7aa2a17"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bfa0201468587072454dba7933e4a4a7be44467a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c3ffc9c4ca44bfe9562166793d133e1fb0630ea6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d342203df9f2d0851b4acd9ed577d73d10eade77"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/eb82c0382285ee17a9966aaab27b8becb08eb1ac"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M3J2-9M66-R96H
Vulnerability from github – Published: 2026-07-09 12:30 – Updated: 2026-07-13 15:31GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unified-diff patch file. Improper handling of consecutive end-of-file newline markers can corrupt internal hunk (single block of changes in diff) data structures, causing the application to pass a NULL pointer to fwrite() during patch processing. An attacker can trigger this condition with a malicious patch file, causing the utility to crash and resulting in a denial of service.
This issue has been fixed in the commit e6d6a4e021660679d7fc9150f981d4920f722313
{
"affected": [],
"aliases": [
"CVE-2026-56288"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-09T11:16:40Z",
"severity": "MODERATE"
},
"details": "GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unified-diff patch file. Improper handling of consecutive end-of-file newline markers can corrupt internal hunk (single block of changes in diff) data structures, causing the application to pass a NULL pointer to fwrite() during patch processing.\nAn attacker can trigger this condition with a malicious patch file, causing the utility to crash and resulting in a denial of service.\n\n\n\nThis issue has been fixed in the commit e6d6a4e021660679d7fc9150f981d4920f722313",
"id": "GHSA-m3j2-9m66-r96h",
"modified": "2026-07-13T15:31:42Z",
"published": "2026-07-09T12:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-56288"
},
{
"type": "WEB",
"url": "https://cert.pl/en/posts/2026/07/CVE-2026-56288"
},
{
"type": "WEB",
"url": "https://cgit.git.savannah.gnu.org/cgit/patch.git"
},
{
"type": "WEB",
"url": "https://cgit.git.savannah.gnu.org/cgit/patch.git/commit/?id=e6d6a4e021660679d7fc9150f981d4920f722313"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.