CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6305 vulnerabilities reference this CWE, most recent first.
GHSA-M87G-MX4M-WGVW
Vulnerability from github – Published: 2023-03-10 03:30 – Updated: 2023-03-15 18:30radare2 v5.8.3 was discovered to contain a segmentation fault via the component wasm_dis at p/wasm/wasm.c.
{
"affected": [],
"aliases": [
"CVE-2023-27114"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-10T02:15:00Z",
"severity": "MODERATE"
},
"details": "radare2 v5.8.3 was discovered to contain a segmentation fault via the component wasm_dis at p/wasm/wasm.c.",
"id": "GHSA-m87g-mx4m-wgvw",
"modified": "2023-03-15T18:30:29Z",
"published": "2023-03-10T03:30:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27114"
},
{
"type": "WEB",
"url": "https://github.com/radareorg/radare2/issues/21363"
},
{
"type": "WEB",
"url": "https://github.com/radareorg/radare2/commit/13308c9aad79f9c7a3507ce549fe270103e8ceea"
},
{
"type": "WEB",
"url": "https://github.com/radareorg/radare2/commit/a15067a8eaa836bcc24b0882712c14d1baa66509"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M88M-RRVF-8RWP
Vulnerability from github – Published: 2026-02-06 09:30 – Updated: 2026-02-06 09:30Address read vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability.
{
"affected": [],
"aliases": [
"CVE-2026-24918"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-06T09:15:50Z",
"severity": "MODERATE"
},
"details": "Address read vulnerability in the communication module.\nImpact: Successful exploitation of this vulnerability may affect availability.",
"id": "GHSA-m88m-rrvf-8rwp",
"modified": "2026-02-06T09:30:29Z",
"published": "2026-02-06T09:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24918"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2026/2"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/2"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletinvision/2026/2"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M89V-F6FX-4VC4
Vulnerability from github – Published: 2023-09-08 03:30 – Updated: 2024-04-04 07:33An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos Mobile Processor, Automotive Processor, and Modem - Exynos 9810, Exynos 9610, Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123). In the Shannon MM Task, Missing validation of a NULL pointer can cause abnormal termination via a malformed NR MM packet.
{
"affected": [],
"aliases": [
"CVE-2023-37368"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-08T03:15:08Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos Mobile Processor, Automotive Processor, and Modem - Exynos 9810, Exynos 9610, Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123). In the Shannon MM Task, Missing validation of a NULL pointer can cause abnormal termination via a malformed NR MM packet.",
"id": "GHSA-m89v-f6fx-4vc4",
"modified": "2024-04-04T07:33:50Z",
"published": "2023-09-08T03:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37368"
},
{
"type": "WEB",
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M89V-JRP4-5Q36
Vulnerability from github – Published: 2025-08-19 18:31 – Updated: 2026-01-08 21:30In the Linux kernel, the following vulnerability has been resolved:
benet: fix BUG when creating VFs
benet crashes as soon as SRIOV VFs are created:
kernel BUG at mm/vmalloc.c:3457! Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI CPU: 4 UID: 0 PID: 7408 Comm: test.sh Kdump: loaded Not tainted 6.16.0+ #1 PREEMPT(voluntary) [...] RIP: 0010:vunmap+0x5f/0x70 [...] Call Trace: __iommu_dma_free+0xe8/0x1c0 be_cmd_set_mac_list+0x3fe/0x640 [be2net] be_cmd_set_mac+0xaf/0x110 [be2net] be_vf_eth_addr_config+0x19f/0x330 [be2net] be_vf_setup+0x4f7/0x990 [be2net] be_pci_sriov_configure+0x3a1/0x470 [be2net] sriov_numvfs_store+0x20b/0x380 kernfs_fop_write_iter+0x354/0x530 vfs_write+0x9b9/0xf60 ksys_write+0xf3/0x1d0 do_syscall_64+0x8c/0x3d0
be_cmd_set_mac_list() calls dma_free_coherent() under a spin_lock_bh. Fix it by freeing only after the lock has been released.
{
"affected": [],
"aliases": [
"CVE-2025-38569"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-19T17:15:33Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbenet: fix BUG when creating VFs\n\nbenet crashes as soon as SRIOV VFs are created:\n\n kernel BUG at mm/vmalloc.c:3457!\n Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI\n CPU: 4 UID: 0 PID: 7408 Comm: test.sh Kdump: loaded Not tainted 6.16.0+ #1 PREEMPT(voluntary)\n [...]\n RIP: 0010:vunmap+0x5f/0x70\n [...]\n Call Trace:\n \u003cTASK\u003e\n __iommu_dma_free+0xe8/0x1c0\n be_cmd_set_mac_list+0x3fe/0x640 [be2net]\n be_cmd_set_mac+0xaf/0x110 [be2net]\n be_vf_eth_addr_config+0x19f/0x330 [be2net]\n be_vf_setup+0x4f7/0x990 [be2net]\n be_pci_sriov_configure+0x3a1/0x470 [be2net]\n sriov_numvfs_store+0x20b/0x380\n kernfs_fop_write_iter+0x354/0x530\n vfs_write+0x9b9/0xf60\n ksys_write+0xf3/0x1d0\n do_syscall_64+0x8c/0x3d0\n\nbe_cmd_set_mac_list() calls dma_free_coherent() under a spin_lock_bh.\nFix it by freeing only after the lock has been released.",
"id": "GHSA-m89v-jrp4-5q36",
"modified": "2026-01-08T21:30:28Z",
"published": "2025-08-19T18:31:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38569"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0ddfe8b127ef1149fddccb79db6e6eaba7738e7d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3697e37e012bbd2bb5a5b467689811ba097b2eff"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/46d44a23a3723a89deeb65b13cddb17f8d9f2700"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5a40f8af2ba1b9bdf46e2db10e8c9710538fbc63"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/975e73b9102d844a3dc3f091ad631c56145c8b4c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c377ba2be9430d165a98e4b782902ed630bc7546"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d5dc09ee5d74277bc47193fe28ce8703e229331b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f4e4e0c4bc4d799d6fa39055acdbc3af066cd13e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f80b34ebc579216407b128e9d155bfcae875c30f"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M8C4-28P9-4W47
Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-06-29 00:00Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
{
"affected": [],
"aliases": [
"CVE-2020-20252"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-13T18:15:00Z",
"severity": "MODERATE"
},
"details": "Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).",
"id": "GHSA-m8c4-28p9-4w47",
"modified": "2022-06-29T00:00:30Z",
"published": "2022-05-24T19:07:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20252"
},
{
"type": "WEB",
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20252/README.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M8FJ-FQGQ-FJ22
Vulnerability from github – Published: 2026-02-24 03:30 – Updated: 2026-02-24 03:30A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B firmware version through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request.
{
"affected": [],
"aliases": [
"CVE-2025-11848"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-24T03:16:00Z",
"severity": "MODERATE"
},
"details": "A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B firmware version through\u00a05.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0\u00a0could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request.",
"id": "GHSA-m8fj-fqgq-fj22",
"modified": "2026-02-24T03:30:20Z",
"published": "2026-02-24T03:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11848"
},
{
"type": "WEB",
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-null-pointer-dereference-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-02-24-2026"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M8H2-G2G3-V35R
Vulnerability from github – Published: 2026-06-02 00:31 – Updated: 2026-06-02 00:31Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization.
{
"affected": [],
"aliases": [
"CVE-2025-59606"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-01T23:16:15Z",
"severity": "HIGH"
},
"details": "Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization.",
"id": "GHSA-m8h2-g2g3-v35r",
"modified": "2026-06-02T00:31:57Z",
"published": "2026-06-02T00:31:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59606"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2026-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M8HF-C8H9-XXGP
Vulnerability from github – Published: 2024-08-17 09:30 – Updated: 2025-09-29 15:30In the Linux kernel, the following vulnerability has been resolved:
media: imx-pxp: Fix ERR_PTR dereference in pxp_probe()
devm_regmap_init_mmio() can fail, add a check and bail out in case of error.
{
"affected": [],
"aliases": [
"CVE-2024-42303"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-17T09:15:10Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-pxp: Fix ERR_PTR dereference in pxp_probe()\n\ndevm_regmap_init_mmio() can fail, add a check and bail out in case of\nerror.",
"id": "GHSA-m8hf-c8h9-xxgp",
"modified": "2025-09-29T15:30:30Z",
"published": "2024-08-17T09:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42303"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/358bc85269d6a359fea597ef9fbb429cd3626e08"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/57e9ce68ae98551da9c161aaab12b41fe8601856"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5ab6ac4e9e165b0fe8a326308218337007224f05"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M8RJ-PPPH-MJ33
Vulnerability from github – Published: 2025-10-01 15:53 – Updated: 2025-10-03 13:22Impact
When visiting a specific URL, an anonymous user could cause the NodeJS server part of Volto to quit with an error.
Patches
The problem has been patched and the patch has been backported to Volto major versions down until 16. It is advised to upgrade to the latest patch release of your respective current major version:
- Volto 16: 16.34.1
- Volto 17: 17.22.2
- Volto 18: 18.27.2
- Volto 19: 19.0.0-alpha6
Workarounds
Make sure your setup automatically restarts processes that quit with an error. This won't prevent a crash, but it minimises downtime.
Report
The problem was discovered by FHNW, a client of Plone provider kitconcept, who shared it with the Plone Zope Security Team (security@plone.org).
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@plone/volto"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.34.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@plone/volto"
},
"ranges": [
{
"events": [
{
"introduced": "17.0.0"
},
{
"fixed": "17.22.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@plone/volto"
},
"ranges": [
{
"events": [
{
"introduced": "18.0.0"
},
{
"fixed": "18.27.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@plone/volto"
},
"ranges": [
{
"events": [
{
"introduced": "19.0.0-alpha.1"
},
{
"fixed": "19.0.0-alpha.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-61668"
],
"database_specific": {
"cwe_ids": [
"CWE-476",
"CWE-754"
],
"github_reviewed": true,
"github_reviewed_at": "2025-10-01T15:53:43Z",
"nvd_published_at": "2025-10-02T22:15:38Z",
"severity": "HIGH"
},
"details": "### Impact\nWhen visiting a specific URL, an anonymous user could cause the NodeJS server part of Volto to quit with an error.\n\n### Patches\nThe problem has been patched and the patch has been backported to Volto major versions down until 16. It is advised to upgrade to the latest patch release of your respective current major version:\n\n- Volto 16: [16.34.1](https://github.com/plone/volto/releases/tag/16.34.1)\n- Volto 17: [17.22.2](https://github.com/plone/volto/releases/tag/17.22.2)\n- Volto 18: [18.27.2](https://github.com/plone/volto/releases/tag/18.27.2)\n- Volto 19: [19.0.0-alpha6](https://github.com/plone/volto/releases/tag/19.0.0-alpha.6)\n\n### Workarounds\nMake sure your setup automatically restarts processes that quit with an error. This won\u0027t prevent a crash, but it minimises downtime.\n\n### Report\nThe problem was discovered by FHNW, a client of Plone provider kitconcept, who shared it with the Plone Zope Security Team (security@plone.org).",
"id": "GHSA-m8rj-ppph-mj33",
"modified": "2025-10-03T13:22:42Z",
"published": "2025-10-01T15:53:43Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/plone/volto/security/advisories/GHSA-m8rj-ppph-mj33"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61668"
},
{
"type": "WEB",
"url": "https://github.com/plone/volto/pull/7412"
},
{
"type": "WEB",
"url": "https://github.com/plone/volto/pull/7413"
},
{
"type": "WEB",
"url": "https://github.com/plone/volto/commit/58d9f82d2d50ca9a87edbe16fed91762e57c109c"
},
{
"type": "PACKAGE",
"url": "https://github.com/plone/volto"
},
{
"type": "WEB",
"url": "https://github.com/plone/volto/releases/tag/16.34.1"
},
{
"type": "WEB",
"url": "https://github.com/plone/volto/releases/tag/17.22.2"
},
{
"type": "WEB",
"url": "https://github.com/plone/volto/releases/tag/19.0.0-alpha.6"
},
{
"type": "WEB",
"url": "http://github.com/plone/volto/releases/tag/18.27.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": " @plone/volto vulnerable to potential DoS by invoking specific URL by anonymous user "
}
GHSA-M93M-C433-Q3H9
Vulnerability from github – Published: 2024-07-30 09:32 – Updated: 2025-10-06 18:31In the Linux kernel, the following vulnerability has been resolved:
wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband
We have some policy via BIOS to block uses of 6 GHz. In this case, 6 GHz sband will be NULL even if it is WiFi 7 chip. So, add NULL handling here to avoid crash.
{
"affected": [],
"aliases": [
"CVE-2024-42125"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-30T08:15:04Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband\n\nWe have some policy via BIOS to block uses of 6 GHz. In this case, 6 GHz\nsband will be NULL even if it is WiFi 7 chip. So, add NULL handling here\nto avoid crash.",
"id": "GHSA-m93m-c433-q3h9",
"modified": "2025-10-06T18:31:01Z",
"published": "2024-07-30T09:32:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42125"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bb38626f3f97e16e6d368a9ff6daf320f3fe31d9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ce4ba62f8bc5195a9a0d49c6235a9c99e619cadc"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.