Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6305 vulnerabilities reference this CWE, most recent first.

GHSA-MPWV-4WMH-CVF7

Vulnerability from github – Published: 2026-01-23 09:30 – Updated: 2026-06-02 15:31
VLAI
Details

In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-24515"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-23T08:16:01Z",
    "severity": "LOW"
  },
  "details": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.",
  "id": "GHSA-mpwv-4wmh-cvf7",
  "modified": "2026-06-02T15:31:51Z",
  "published": "2026-01-23T09:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24515"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libexpat/libexpat/pull/1131"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MPX7-H62M-5FWV

Vulnerability from github – Published: 2022-05-14 03:37 – Updated: 2022-05-14 03:37
VLAI
Details

An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted messages, an attacker can cause a NULL pointer dereference, which can cause the product to crash.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-6534"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-02-27T19:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted messages, an attacker can cause a NULL pointer dereference, which can cause the product to crash.",
  "id": "GHSA-mpx7-h62m-5fwv",
  "modified": "2022-05-14T03:37:09Z",
  "published": "2022-05-14T03:37:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6534"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Icinga/icinga2/pull/6104"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MPXH-CQC3-VXPW

Vulnerability from github – Published: 2024-06-21 12:31 – Updated: 2024-09-09 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails

Calling a6xx_destroy() before adreno_gpu_init() leads to a null pointer dereference on:

msm_gpu_cleanup() : platform_set_drvdata(gpu->pdev, NULL);

as gpu->pdev is only assigned in:

a6xx_gpu_init() | adreno_gpu_init | msm_gpu_init()

Instead of relying on handwavy null checks down the cleanup chain, explicitly de-allocate the LLC data and free a6xx_gpu instead.

Patchwork: https://patchwork.freedesktop.org/patch/588919/

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-38390"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-21T11:15:10Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails\n\nCalling a6xx_destroy() before adreno_gpu_init() leads to a null pointer\ndereference on:\n\nmsm_gpu_cleanup() : platform_set_drvdata(gpu-\u003epdev, NULL);\n\nas gpu-\u003epdev is only assigned in:\n\na6xx_gpu_init()\n|_ adreno_gpu_init\n    |_ msm_gpu_init()\n\nInstead of relying on handwavy null checks down the cleanup chain,\nexplicitly de-allocate the LLC data and free a6xx_gpu instead.\n\nPatchwork: https://patchwork.freedesktop.org/patch/588919/",
  "id": "GHSA-mpxh-cqc3-vxpw",
  "modified": "2024-09-09T15:30:37Z",
  "published": "2024-06-21T12:31:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38390"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/247849eeb3fd88f8990ed73e33af70d5c10f9aec"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/46d4efcccc688cbacdd70a238bedca510acaa8e4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/617e3d1680504a3f9d88e1582892c68be155498f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a1955a6df91355fef72a3a254700acd3cc1fec0d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MQ27-R9Q4-8847

Vulnerability from github – Published: 2025-02-27 03:33 – Updated: 2026-05-12 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

usb: xhci: Fix NULL pointer dereference on certain command aborts

If a command is queued to the final usable TRB of a ring segment, the enqueue pointer is advanced to the subsequent link TRB and no further. If the command is later aborted, when the abort completion is handled the dequeue pointer is advanced to the first TRB of the next segment.

If no further commands are queued, xhci_handle_stopped_cmd_ring() sees the ring pointers unequal and assumes that there is a pending command, so it calls xhci_mod_cmd_timer() which crashes if cur_cmd was NULL.

Don't attempt timer setup if cur_cmd is NULL. The subsequent doorbell ring likely is unnecessary too, but it's harmless. Leave it alone.

This is probably Bug 219532, but no confirmation has been received.

The issue has been independently reproduced and confirmed fixed using a USB MCU programmed to NAK the Status stage of SET_ADDRESS forever. Everything continued working normally after several prevented crashes.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-57981"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-27T02:15:11Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Fix NULL pointer dereference on certain command aborts\n\nIf a command is queued to the final usable TRB of a ring segment, the\nenqueue pointer is advanced to the subsequent link TRB and no further.\nIf the command is later aborted, when the abort completion is handled\nthe dequeue pointer is advanced to the first TRB of the next segment.\n\nIf no further commands are queued, xhci_handle_stopped_cmd_ring() sees\nthe ring pointers unequal and assumes that there is a pending command,\nso it calls xhci_mod_cmd_timer() which crashes if cur_cmd was NULL.\n\nDon\u0027t attempt timer setup if cur_cmd is NULL. The subsequent doorbell\nring likely is unnecessary too, but it\u0027s harmless. Leave it alone.\n\nThis is probably Bug 219532, but no confirmation has been received.\n\nThe issue has been independently reproduced and confirmed fixed using\na USB MCU programmed to NAK the Status stage of SET_ADDRESS forever.\nEverything continued working normally after several prevented crashes.",
  "id": "GHSA-mq27-r9q4-8847",
  "modified": "2026-05-12T15:30:46Z",
  "published": "2025-02-27T03:33:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57981"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-503939.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0ce5c0dac768be14afe2426101b568a0f66bfc4d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1e0a19912adb68a4b2b74fd77001c96cd83eb073"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4ff18870af793ce2034a6ad746e91d0a3d985b88"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ae069cd2ba09a2bd6a87a68c59ef0b7ea39cd641"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b44253956407046e5907d4d72c8fa5b93ae94485"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b649f0d5bc256f691c7d234c3986685d54053de1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cf30300a216a4f8dce94e11781a866a09d4b50d4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fd8bfaeba4a85b14427899adec0efb3954300653"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MQ2H-65QJ-Q6WR

Vulnerability from github – Published: 2022-05-17 02:14 – Updated: 2025-04-20 03:38
VLAI
Details

VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host machine.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-4916"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-05-22T14:29:00Z",
    "severity": "MODERATE"
  },
  "details": "VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host machine.",
  "id": "GHSA-mq2h-65qj-q6wr",
  "modified": "2025-04-20T03:38:03Z",
  "published": "2022-05-17T02:14:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-4916"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/42140"
    },
    {
      "type": "WEB",
      "url": "https://www.vmware.com/security/advisories/VMSA-2017-0009.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/98560"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038526"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MQ4Q-Q9RW-JVPH

Vulnerability from github – Published: 2025-06-09 09:31 – Updated: 2025-06-09 09:31
VLAI
Details

A vulnerability classified as critical was found in RT-Thread 5.1.0. This vulnerability affects the function csys_sendto of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument to leads to null pointer dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-5867"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-404",
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-09T08:15:22Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability classified as critical was found in RT-Thread 5.1.0. This vulnerability affects the function csys_sendto of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument to leads to null pointer dereference.",
  "id": "GHSA-mq4q-q9rw-jvph",
  "modified": "2025-06-09T09:31:04Z",
  "published": "2025-06-09T09:31:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5867"
    },
    {
      "type": "WEB",
      "url": "https://github.com/RT-Thread/rt-thread/issues/10299"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.311626"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.311626"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.584129"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-MQF9-26MH-8FJ9

Vulnerability from github – Published: 2024-04-02 12:30 – Updated: 2024-04-02 12:30
VLAI
Details

There is a NULL dereference pointer vulnerability in some Hikvision NVRs. Due to an insufficient validation of a parameter in a message, an attacker may send specially crafted messages to an affected product, causing a process abnormality.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-29947"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-02T11:15:51Z",
    "severity": "LOW"
  },
  "details": "There is a NULL dereference pointer vulnerability in some Hikvision NVRs. Due to an insufficient validation of a parameter in a message, an attacker may send specially crafted messages to an affected product, causing a process abnormality. ",
  "id": "GHSA-mqf9-26mh-8fj9",
  "modified": "2024-04-02T12:30:32Z",
  "published": "2024-04-02T12:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29947"
    },
    {
      "type": "WEB",
      "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikvision-nvr-devices"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MQGC-WWFF-QC9Q

Vulnerability from github – Published: 2024-05-07 09:30 – Updated: 2024-05-07 09:30
VLAI
Details

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through NULL pointer dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-31078"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-07T07:15:48Z",
    "severity": "LOW"
  },
  "details": "in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through NULL pointer dereference.",
  "id": "GHSA-mqgc-wwff-qc9q",
  "modified": "2024-05-07T09:30:32Z",
  "published": "2024-05-07T09:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31078"
    },
    {
      "type": "WEB",
      "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-05.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MQJ7-RGCH-C85X

Vulnerability from github – Published: 2024-10-17 09:31 – Updated: 2024-10-17 09:31
VLAI
Details

CWE-476 NULL Pointer Dereference vulnerability in the evalExpr() function of GoAhead Web Server (version <= 6.0.0) when compiled with the ME_GOAHEAD_JAVASCRIPT flag. This vulnerability allows a remote attacker with the privileges to modify JavaScript template (JST) files to trigger a crash and cause a Denial of Service (DoS) by providing malicious templates.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-3186"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-17T08:15:02Z",
    "severity": "MODERATE"
  },
  "details": "CWE-476 NULL Pointer Dereference vulnerability in the evalExpr() function of GoAhead Web Server (version \u003c= 6.0.0) when compiled with the ME_GOAHEAD_JAVASCRIPT flag. This vulnerability allows a remote attacker with the privileges to modify JavaScript template (JST) files to trigger a crash and cause a Denial of Service (DoS) by providing malicious templates.",
  "id": "GHSA-mqj7-rgch-c85x",
  "modified": "2024-10-17T09:31:46Z",
  "published": "2024-10-17T09:31:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3186"
    },
    {
      "type": "WEB",
      "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-3186"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MQQF-QF5C-JG26

Vulnerability from github – Published: 2025-02-27 03:34 – Updated: 2026-05-12 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc

A NULL sock pointer is passed into l2cap_sock_alloc() when it is called from l2cap_sock_new_connection_cb() and the error handling paths should also be aware of it.

Seemingly a more elegant solution would be to swap bt_sock_alloc() and l2cap_chan_create() calls since they are not interdependent to that moment but then l2cap_chan_create() adds the soon to be deallocated and still dummy-initialized channel to the global list accessible by many L2CAP paths. The channel would be removed from the list in short period of time but be a bit more straight-forward here and just check for NULL instead of changing the order of function calls.

Found by Linux Verification Center (linuxtesting.org) with SVACE static analysis tool.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-58009"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-27T03:15:11Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc\n\nA NULL sock pointer is passed into l2cap_sock_alloc() when it is called\nfrom l2cap_sock_new_connection_cb() and the error handling paths should\nalso be aware of it.\n\nSeemingly a more elegant solution would be to swap bt_sock_alloc() and\nl2cap_chan_create() calls since they are not interdependent to that moment\nbut then l2cap_chan_create() adds the soon to be deallocated and still\ndummy-initialized channel to the global list accessible by many L2CAP\npaths. The channel would be removed from the list in short period of time\nbut be a bit more straight-forward here and just check for NULL instead of\nchanging the order of function calls.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE static\nanalysis tool.",
  "id": "GHSA-mqqf-qf5c-jg26",
  "modified": "2026-05-12T15:30:46Z",
  "published": "2025-02-27T03:34:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-58009"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/245d48c1ba3e7a1779c2f4cbc6f581ddc8a78e22"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/297ce7f544aa675b0d136d788cad0710cdfb0785"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/49c0d55d59662430f1829ae85b969619573d0fa1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5f397409f8ee5bc82901eeaf799e1cbc4f8edcf1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/691218a50c3139f7f57ffa79fb89d932eda9571e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8e605f580a97530e5a3583beea458a3fa4cbefbd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a9a7672fc1a0fe18502493936ccb06413ab89ea6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cf601a24120c674cd7c907ea695f92617af6abd0"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.