Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6305 vulnerabilities reference this CWE, most recent first.

GHSA-P8VV-WC7J-9RP3

Vulnerability from github – Published: 2023-05-09 03:30 – Updated: 2024-04-04 03:53
VLAI
Details

In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-48231"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-09T02:15:10Z",
    "severity": "MODERATE"
  },
  "details": "In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.",
  "id": "GHSA-p8vv-wc7j-9rp3",
  "modified": "2024-04-04T03:53:55Z",
  "published": "2023-05-09T03:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48231"
    },
    {
      "type": "WEB",
      "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P8W7-VVC7-Q62H

Vulnerability from github – Published: 2024-02-23 15:30 – Updated: 2024-04-30 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Fix NULL pointer dereference at hibernate

During hibernate sequence the source context might not have a clk_mgr. So don't use it to look for DML2 support.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52460"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-23T15:15:08Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix NULL pointer dereference at hibernate\n\nDuring hibernate sequence the source context might not have a clk_mgr.\nSo don\u0027t use it to look for DML2 support.",
  "id": "GHSA-p8w7-vvc7-q62h",
  "modified": "2024-04-30T21:30:31Z",
  "published": "2024-02-23T15:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52460"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6b80326efff093d037e0971831dca6ebddba9b45"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b719a9c15d52d4f56bdea8241a5d90fd9197ce99"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P8X3-XPCH-P28R

Vulnerability from github – Published: 2022-03-11 00:02 – Updated: 2022-03-17 00:01
VLAI
Details

A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVM_XEN_HVM_SET_ATTR ioctl. This flaw affects Linux kernel versions prior to 5.17-rc1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-4095"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-10T17:44:00Z",
    "severity": "MODERATE"
  },
  "details": "A NULL pointer dereference was found in the Linux kernel\u0027s KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVM_XEN_HVM_SET_ATTR ioctl. This flaw affects Linux kernel versions prior to 5.17-rc1.",
  "id": "GHSA-p8x3-xpch-p28r",
  "modified": "2022-03-17T00:01:39Z",
  "published": "2022-03-11T00:02:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4095"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031194"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QIOQN7JJNN6ABIDGRSTVZA65MHRLMH2Q"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VT6573CGKVK3DU2632VVO5BVM4IU7SBV"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2022/01/17/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P928-C9C9-QW29

Vulnerability from github – Published: 2022-05-24 17:35 – Updated: 2022-12-12 03:31
VLAI
Details

A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-16588"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-09T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file.",
  "id": "GHSA-p928-c9c9-qw29",
  "modified": "2022-12-12T03:31:05Z",
  "published": "2022-05-24T17:35:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16588"
    },
    {
      "type": "WEB",
      "url": "https://github.com/AcademySoftwareFoundation/openexr/issues/493"
    },
    {
      "type": "WEB",
      "url": "https://github.com/AcademySoftwareFoundation/openexr/commit/74504503cff86e986bac441213c403b0ba28d58f"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P92R-95QG-V4VF

Vulnerability from github – Published: 2022-12-31 00:30 – Updated: 2023-01-06 21:30
VLAI
Details

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a null-pointer dereference occurs, which may lead to denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-34683"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-30T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a null-pointer dereference occurs, which may lead to denial of service.",
  "id": "GHSA-p92r-95qg-v4vf",
  "modified": "2023-01-06T21:30:40Z",
  "published": "2022-12-31T00:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34683"
    },
    {
      "type": "WEB",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P92R-XPJH-HCCH

Vulnerability from github – Published: 2026-01-14 15:32 – Updated: 2026-03-25 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/msm: adreno: fix deferencing ifpc_reglist when not declared

On plaforms with an a7xx GPU not supporting IFPC, the ifpc_reglist if still deferenced in a7xx_patch_pwrup_reglist() which causes a kernel crash: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 ... pc : a6xx_hw_init+0x155c/0x1e4c [msm] lr : a6xx_hw_init+0x9a8/0x1e4c [msm] ... Call trace: a6xx_hw_init+0x155c/0x1e4c [msm] (P) msm_gpu_hw_init+0x58/0x88 [msm] adreno_load_gpu+0x94/0x1fc [msm] msm_open+0xe4/0xf4 [msm] drm_file_alloc+0x1a0/0x2e4 [drm] drm_client_init+0x7c/0x104 [drm] drm_fbdev_client_setup+0x94/0xcf0 [drm_client_lib] drm_client_setup+0xb4/0xd8 [drm_client_lib] msm_drm_kms_post_init+0x2c/0x3c [msm] msm_drm_init+0x1a4/0x228 [msm] msm_drm_bind+0x30/0x3c [msm] ...

Check the validity of ifpc_reglist before deferencing the table to setup the register values.

Patchwork: https://patchwork.freedesktop.org/patch/688944/

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-71103"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-14T15:15:59Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: adreno: fix deferencing ifpc_reglist when not declared\n\nOn plaforms with an a7xx GPU not supporting IFPC, the ifpc_reglist\nif still deferenced in a7xx_patch_pwrup_reglist() which causes\na kernel crash:\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000008\n...\npc : a6xx_hw_init+0x155c/0x1e4c [msm]\nlr : a6xx_hw_init+0x9a8/0x1e4c [msm]\n...\nCall trace:\n  a6xx_hw_init+0x155c/0x1e4c [msm] (P)\n  msm_gpu_hw_init+0x58/0x88 [msm]\n  adreno_load_gpu+0x94/0x1fc [msm]\n  msm_open+0xe4/0xf4 [msm]\n  drm_file_alloc+0x1a0/0x2e4 [drm]\n  drm_client_init+0x7c/0x104 [drm]\n  drm_fbdev_client_setup+0x94/0xcf0 [drm_client_lib]\n  drm_client_setup+0xb4/0xd8 [drm_client_lib]\n  msm_drm_kms_post_init+0x2c/0x3c [msm]\n  msm_drm_init+0x1a4/0x228 [msm]\n  msm_drm_bind+0x30/0x3c [msm]\n...\n\nCheck the validity of ifpc_reglist before deferencing the table\nto setup the register values.\n\nPatchwork: https://patchwork.freedesktop.org/patch/688944/",
  "id": "GHSA-p92r-xpjh-hcch",
  "modified": "2026-03-25T21:30:22Z",
  "published": "2026-01-14T15:32:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71103"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/129049d4fe22c998ae9fd1ec479fbb4ed5338c15"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/19648135e904bce447d368ecb6136e5da809639c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P93H-VC42-6HF8

Vulnerability from github – Published: 2026-01-31 12:30 – Updated: 2026-03-25 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix NULL dereference on root when tracing inode eviction

When evicting an inode the first thing we do is to setup tracing for it, which implies fetching the root's id. But in btrfs_evict_inode() the root might be NULL, as implied in the next check that we do in btrfs_evict_inode().

Hence, we either should set the ->root_objectid to 0 in case the root is NULL, or we move tracing setup after checking that the root is not NULL. Setting the rootid to 0 at least gives us the possibility to trace this call even in the case when the root is NULL, so that's the solution taken here.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-71184"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-31T12:16:03Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix NULL dereference on root when tracing inode eviction\n\nWhen evicting an inode the first thing we do is to setup tracing for it,\nwhich implies fetching the root\u0027s id. But in btrfs_evict_inode() the\nroot might be NULL, as implied in the next check that we do in\nbtrfs_evict_inode().\n\nHence, we either should set the -\u003eroot_objectid to 0 in case the root is\nNULL, or we move tracing setup after checking that the root is not\nNULL. Setting the rootid to 0 at least gives us the possibility to trace\nthis call even in the case when the root is NULL, so that\u0027s the solution\ntaken here.",
  "id": "GHSA-p93h-vc42-6hf8",
  "modified": "2026-03-25T21:30:24Z",
  "published": "2026-01-31T12:30:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71184"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/582ba48e4a4c06fef6bdcf4e57b7b9af660bbd0c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/64d8abd8c5305795a2b35fc96039d99d34f5e762"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/99e057f3d3ef24b99a7b1d84e01dd1bd890098da"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f157dd661339fc6f5f2b574fe2429c43bd309534"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P94W-66WM-PQJ8

Vulnerability from github – Published: 2022-05-14 03:05 – Updated: 2025-04-20 03:48
VLAI
Details

The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-16537"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-11-04T01:29:00Z",
    "severity": "HIGH"
  },
  "details": "The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.",
  "id": "GHSA-p94w-66wm-pqj8",
  "modified": "2025-04-20T03:48:03Z",
  "published": "2022-05-14T03:05:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16537"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/d/msg/syzkaller/bBFN8imrjjo/-5jCl8EiCQAJ"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "https://patchwork.kernel.org/patch/9994017"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3617-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3617-2"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3617-3"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3619-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3619-2"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3754-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P956-W6XF-6V9R

Vulnerability from github – Published: 2022-05-24 17:05 – Updated: 2022-09-13 00:00
VLAI
Details

GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-6615"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-01-08T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl).",
  "id": "GHSA-p956-w6xf-6v9r",
  "modified": "2022-09-13T00:00:36Z",
  "published": "2022-05-24T17:05:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6615"
    },
    {
      "type": "WEB",
      "url": "https://github.com/LibreDWG/libredwg/issues/179#issuecomment-570447223"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00046.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00052.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P9CF-Q2GF-35MQ

Vulnerability from github – Published: 2026-06-26 21:32 – Updated: 2026-06-30 03:37
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

iommu/vt-d: Avoid NULL pointer dereference or refcount corruption

Commit 60f030f7418d ("iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE") fixed a NULL pointer dereference in an unlikely situation partly.

If dev_pasid is not found in the dev_pasids list, it remains NULL. However, the teardown operations are executed unconditionally, this lead to a NULL pointer dereference or refcount corruption.

If the domain was never attached to this IOMMU, info will be NULL, which would cause an immediate dereference when checking --info->refcnt.

Even if info is not NULL, decrementing the refcount without having removed a valid PASID might unbalance the count. This could lead to premature dropping of the refcount to 0, potentially causing a use-after-free for the remaining active devices sharing the domain.

Fix it by returning early if dev_pasid is NULL, before executing the teardown operations.

Issue found by AI review and suggested by Kevin Tian. https://sashiko.dev/#/patchset/20260421031347.1408890-1-zhenzhong.duan%40intel.com

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-53281"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-26T20:17:19Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Avoid NULL pointer dereference or refcount corruption\n\nCommit 60f030f7418d (\"iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE\")\nfixed a NULL pointer dereference in an unlikely situation partly.\n\nIf dev_pasid is not found in the dev_pasids list, it remains NULL.\nHowever, the teardown operations are executed unconditionally, this lead\nto a NULL pointer dereference or refcount corruption.\n\nIf the domain was never attached to this IOMMU, info will be NULL, which\nwould cause an immediate dereference when checking --info-\u003erefcnt.\n\nEven if info is not NULL, decrementing the refcount without having removed\na valid PASID might unbalance the count. This could lead to premature\ndropping of the refcount to 0, potentially causing a use-after-free for the\nremaining active devices sharing the domain.\n\nFix it by returning early if dev_pasid is NULL, before executing the\nteardown operations.\n\nIssue found by AI review and suggested by Kevin Tian.\nhttps://sashiko.dev/#/patchset/20260421031347.1408890-1-zhenzhong.duan%40intel.com",
  "id": "GHSA-p9cf-q2gf-35mq",
  "modified": "2026-06-30T03:37:14Z",
  "published": "2026-06-26T21:32:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53281"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-53281"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493728"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/79ea2feb917b05366b49d85573c9c5331f043b2c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9022cb9ac0c2a72a57fa8ebf92ac74f953ca0153"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cdfe3c9f2c9e28a8651ee463c88ad191ced2f840"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-53281.json"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.