CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6299 vulnerabilities reference this CWE, most recent first.
GHSA-MJ3G-9J9X-C556
Vulnerability from github – Published: 2026-05-12 18:30 – Updated: 2026-05-12 18:30Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network.
{
"affected": [],
"aliases": [
"CVE-2026-40405"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-12T18:17:18Z",
"severity": "HIGH"
},
"details": "Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network.",
"id": "GHSA-mj3g-9j9x-c556",
"modified": "2026-05-12T18:30:45Z",
"published": "2026-05-12T18:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40405"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40405"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MJ6P-CV54-5PH5
Vulnerability from github – Published: 2022-05-17 02:29 – Updated: 2022-05-17 02:29When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead to a NULL Pointer Dereference in the swf_FoldSprite() function in lib/rxfswf.c.
{
"affected": [],
"aliases": [
"CVE-2017-11100"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-07T18:29:00Z",
"severity": "HIGH"
},
"details": "When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead to a NULL Pointer Dereference in the swf_FoldSprite() function in lib/rxfswf.c.",
"id": "GHSA-mj6p-cv54-5ph5",
"modified": "2022-05-17T02:29:46Z",
"published": "2022-05-17T02:29:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11100"
},
{
"type": "WEB",
"url": "https://github.com/matthiaskramm/swftools/issues/27"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MJ77-9WJ4-9QVH
Vulnerability from github – Published: 2022-05-14 03:10 – Updated: 2022-05-14 03:10In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice. This vulnerability affects Firefox < 52 and Thunderbird < 52.
{
"affected": [],
"aliases": [
"CVE-2017-5416"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-11T21:29:00Z",
"severity": "HIGH"
},
"details": "In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice. This vulnerability affects Firefox \u003c 52 and Thunderbird \u003c 52.",
"id": "GHSA-mj77-9wj4-9qvh",
"modified": "2022-05-14T03:10:01Z",
"published": "2022-05-14T03:10:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5416"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1328121"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-05"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-09"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/96692"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1037966"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MJFR-HGMR-G3RV
Vulnerability from github – Published: 2024-02-13 09:30 – Updated: 2024-02-13 09:30A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
{
"affected": [],
"aliases": [
"CVE-2024-23801"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-13T09:15:48Z",
"severity": "LOW"
},
"details": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions \u003c V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.",
"id": "GHSA-mjfr-hgmr-g3rv",
"modified": "2024-02-13T09:30:33Z",
"published": "2024-02-13T09:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23801"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-MJG6-FGP9-MHGQ
Vulnerability from github – Published: 2022-05-24 19:14 – Updated: 2022-05-24 19:14Possible null pointer dereference due to race condition between timeline fence signal and time line fence destroy in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
{
"affected": [],
"aliases": [
"CVE-2021-30290"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-09T08:15:00Z",
"severity": "HIGH"
},
"details": "Possible null pointer dereference due to race condition between timeline fence signal and time line fence destroy in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile",
"id": "GHSA-mjg6-fgp9-mhgq",
"modified": "2022-05-24T19:14:04Z",
"published": "2022-05-24T19:14:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30290"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/september-2021-bulletin"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MJJP-XJFG-97WG
Vulnerability from github – Published: 2026-01-10 12:30 – Updated: 2026-02-23 22:38A security flaw has been discovered in lief-project LIEF up to 0.17.1. Affected by this issue is the function Parser::parse_binary of the file src/ELF/Parser.tcc of the component ELF Binary Parser. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. Upgrading to version 0.17.2 can resolve this issue. The patch is identified as 81bd5d7ea0c390563f1c4c017c9019d154802978. It is recommended to upgrade the affected component.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "lief"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.17.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "lief"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.17.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-15504"
],
"database_specific": {
"cwe_ids": [
"CWE-404",
"CWE-476"
],
"github_reviewed": true,
"github_reviewed_at": "2026-01-13T18:31:53Z",
"nvd_published_at": "2026-01-10T12:15:49Z",
"severity": "LOW"
},
"details": "A security flaw has been discovered in lief-project LIEF up to 0.17.1. Affected by this issue is the function Parser::parse_binary of the file src/ELF/Parser.tcc of the component ELF Binary Parser. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. Upgrading to version 0.17.2 can resolve this issue. The patch is identified as 81bd5d7ea0c390563f1c4c017c9019d154802978. It is recommended to upgrade the affected component.",
"id": "GHSA-mjjp-xjfg-97wg",
"modified": "2026-02-23T22:38:58Z",
"published": "2026-01-10T12:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15504"
},
{
"type": "WEB",
"url": "https://github.com/lief-project/LIEF/issues/1277"
},
{
"type": "WEB",
"url": "https://github.com/lief-project/LIEF/issues/1277#issuecomment-3693859001"
},
{
"type": "WEB",
"url": "https://github.com/lief-project/LIEF/commit/81bd5d7ea0c390563f1c4c017c9019d154802978"
},
{
"type": "PACKAGE",
"url": "https://github.com/lief-project/LIEF"
},
{
"type": "WEB",
"url": "https://github.com/lief-project/LIEF/releases/tag/0.17.2"
},
{
"type": "WEB",
"url": "https://github.com/oneafter/1210/blob/main/segv1"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.340375"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.340375"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.733329"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "LIEF is vulnerable to segmentation fault"
}
GHSA-MJPH-W86F-8CQM
Vulnerability from github – Published: 2024-09-27 15:30 – Updated: 2024-10-04 18:31In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct()
dc_state_destruct() nulls the resource context of the DC state. The pipe context passed to dcn10_set_drr() is a member of this resource context.
If dc_state_destruct() is called parallel to the IRQ processing (which calls dcn10_set_drr() at some point), we can end up using already nulled function callback fields of struct stream_resource.
The logic in dcn10_set_drr() already tries to avoid this, by checking tg against NULL. But if the nulling happens exactly after the NULL check and before the next access, then we get a race.
Avoid this by copying tg first to a local variable, and then use this variable for all the operations. This should work, as long as nobody frees the resource pool where the timing generators live.
(cherry picked from commit a3cc326a43bdc48fbdf53443e1027a03e309b643)
{
"affected": [],
"aliases": [
"CVE-2024-46851"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-27T13:15:16Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct()\n\ndc_state_destruct() nulls the resource context of the DC state. The pipe\ncontext passed to dcn10_set_drr() is a member of this resource context.\n\nIf dc_state_destruct() is called parallel to the IRQ processing (which\ncalls dcn10_set_drr() at some point), we can end up using already nulled\nfunction callback fields of struct stream_resource.\n\nThe logic in dcn10_set_drr() already tries to avoid this, by checking tg\nagainst NULL. But if the nulling happens exactly after the NULL check and\nbefore the next access, then we get a race.\n\nAvoid this by copying tg first to a local variable, and then use this\nvariable for all the operations. This should work, as long as nobody\nfrees the resource pool where the timing generators live.\n\n(cherry picked from commit a3cc326a43bdc48fbdf53443e1027a03e309b643)",
"id": "GHSA-mjph-w86f-8cqm",
"modified": "2024-10-04T18:31:09Z",
"published": "2024-09-27T15:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46851"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a7aeb03888b92304e2fc7d4d1c242f54a312561b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b6ce047a81f508f5c60756db8dfb5ff486e4dad0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MJPP-WXM2-VX37
Vulnerability from github – Published: 2022-12-20 18:30 – Updated: 2025-04-16 15:34An issue was discovered in the FFmpeg through 3.0. vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause the null pointer dereference, impacting confidentiality and availability.
{
"affected": [],
"aliases": [
"CVE-2022-3109"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-16T15:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in the FFmpeg through 3.0. vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause the null pointer dereference, impacting confidentiality and availability.",
"id": "GHSA-mjpp-wxm2-vx37",
"modified": "2025-04-16T15:34:03Z",
"published": "2022-12-20T18:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3109"
},
{
"type": "WEB",
"url": "https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153551"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00016.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KOMB6WRUC55VWV25IKJTV22KARBUGWGQ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOMB6WRUC55VWV25IKJTV22KARBUGWGQ"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5394"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MJR6-MGJJ-R5P7
Vulnerability from github – Published: 2022-09-03 00:00 – Updated: 2022-09-09 00:00A null pointer dereference may potentially occur during RSA key import in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
{
"affected": [],
"aliases": [
"CVE-2021-35135"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-02T12:15:00Z",
"severity": "MODERATE"
},
"details": "A null pointer dereference may potentially occur during RSA key import in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
"id": "GHSA-mjr6-mgjj-r5p7",
"modified": "2022-09-09T00:00:57Z",
"published": "2022-09-03T00:00:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35135"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/july-2022-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MM2V-M6VC-RHF4
Vulnerability from github – Published: 2024-09-18 09:30 – Updated: 2024-11-20 18:32In the Linux kernel, the following vulnerability has been resolved:
hwmon: (hp-wmi-sensors) Check if WMI event data exists
The BIOS can choose to return no event data in response to a WMI event, so the ACPI object passed to the WMI notify handler can be NULL.
Check for such a situation and ignore the event in such a case.
{
"affected": [],
"aliases": [
"CVE-2024-46768"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-18T08:15:04Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (hp-wmi-sensors) Check if WMI event data exists\n\nThe BIOS can choose to return no event data in response to a\nWMI event, so the ACPI object passed to the WMI notify handler\ncan be NULL.\n\nCheck for such a situation and ignore the event in such a case.",
"id": "GHSA-mm2v-m6vc-rhf4",
"modified": "2024-11-20T18:32:15Z",
"published": "2024-09-18T09:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46768"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/217539e994e53206bbf3fb330261cc78c480d311"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4b19c83ba108aa66226da5b79810e4d19e005f12"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a54da9df75cd1b4b5028f6c60f9a211532680585"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.