CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6305 vulnerabilities reference this CWE, most recent first.
GHSA-PHP7-7869-J4QF
Vulnerability from github – Published: 2022-05-13 01:32 – Updated: 2022-05-13 01:32Proxygen fails to validate that a secondary auth manager is set before dereferencing it. That can cause a denial of service issue when parsing a Certificate/CertificateRequest HTTP2 Frame over a fizz (TLS 1.3) transport. This issue affects Proxygen releases starting from v2018.10.29.00 until the fix in v2018.11.19.00.
{
"affected": [],
"aliases": [
"CVE-2018-6343"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-31T22:29:00Z",
"severity": "HIGH"
},
"details": "Proxygen fails to validate that a secondary auth manager is set before dereferencing it. That can cause a denial of service issue when parsing a Certificate/CertificateRequest HTTP2 Frame over a fizz (TLS 1.3) transport. This issue affects Proxygen releases starting from v2018.10.29.00 until the fix in v2018.11.19.00.",
"id": "GHSA-php7-7869-j4qf",
"modified": "2022-05-13T01:32:03Z",
"published": "2022-05-13T01:32:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6343"
},
{
"type": "WEB",
"url": "https://github.com/facebook/proxygen/commit/0600ebe59c3e82cd012def77ca9ca1918da74a71"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PHXR-R4XW-V9Q5
Vulnerability from github – Published: 2022-05-24 16:45 – Updated: 2023-03-01 15:30vcodec2_hls_filter in libvoipCodec_v7a.so in the WeChat application through 7.0.3 for Android allows attackers to cause a denial of service (application crash) by replacing an emoji file (under the /sdcard/tencent/MicroMsg directory) with a crafted .wxgf file. The content of the replacement must be derived from the phone's IMEI. The crash occurs upon receiving a message that contains the replaced emoji.
{
"affected": [],
"aliases": [
"CVE-2019-11419"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-05-14T19:29:00Z",
"severity": "MODERATE"
},
"details": "vcodec2_hls_filter in libvoipCodec_v7a.so in the WeChat application through 7.0.3 for Android allows attackers to cause a denial of service (application crash) by replacing an emoji file (under the /sdcard/tencent/MicroMsg directory) with a crafted .wxgf file. The content of the replacement must be derived from the phone\u0027s IMEI. The crash occurs upon receiving a message that contains the replaced emoji.",
"id": "GHSA-phxr-r4xw-v9q5",
"modified": "2023-03-01T15:30:25Z",
"published": "2022-05-24T16:45:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11419"
},
{
"type": "WEB",
"url": "https://awakened1712.github.io/hacking/hacking-wechat-dos"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/46853"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/152947/WeChat-7.0.4-Denial-Of-Service.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PJ5X-CJ5M-45MX
Vulnerability from github – Published: 2022-05-14 00:55 – Updated: 2025-04-20 03:32The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.
{
"affected": [],
"aliases": [
"CVE-2016-3616"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-02-13T18:59:00Z",
"severity": "HIGH"
},
"details": "The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.",
"id": "GHSA-pj5x-cj5m-45mx",
"modified": "2025-04-20T03:32:41Z",
"published": "2022-05-14T00:55:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3616"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2052"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1318509"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1319661"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3706-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3706-2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PJ73-4V3V-X53G
Vulnerability from github – Published: 2025-09-17 15:30 – Updated: 2025-12-11 18:30In the Linux kernel, the following vulnerability has been resolved:
media: ipu-bridge: Fix null pointer deref on SSDB/PLD parsing warnings
When ipu_bridge_parse_rotation() and ipu_bridge_parse_orientation() run sensor->adev is not set yet.
So if either of the dev_warn() calls about unknown values are hit this will lead to a NULL pointer deref.
Set sensor->adev earlier, with a borrowed ref to avoid making unrolling on errors harder, to fix this.
{
"affected": [],
"aliases": [
"CVE-2023-53336"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-17T15:15:36Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ipu-bridge: Fix null pointer deref on SSDB/PLD parsing warnings\n\nWhen ipu_bridge_parse_rotation() and ipu_bridge_parse_orientation() run\nsensor-\u003eadev is not set yet.\n\nSo if either of the dev_warn() calls about unknown values are hit this\nwill lead to a NULL pointer deref.\n\nSet sensor-\u003eadev earlier, with a borrowed ref to avoid making unrolling\non errors harder, to fix this.",
"id": "GHSA-pj73-4v3v-x53g",
"modified": "2025-12-11T18:30:32Z",
"published": "2025-09-17T15:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53336"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/284be5693163343e1cf17c03917eecd1d6681bcf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3de35e29cfddfe6bff762b15bcfe8d80bebac6cb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e08b091e33ecf6e4cb2c0c5820a69abe7673280b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PJ74-6489-HFX6
Vulnerability from github – Published: 2022-05-14 00:53 – Updated: 2022-05-14 00:53An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value.
{
"affected": [],
"aliases": [
"CVE-2018-10548"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-04-29T21:29:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value.",
"id": "GHSA-pj74-6489-hfx6",
"modified": "2022-05-14T00:53:53Z",
"published": "2022-05-14T00:53:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10548"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"type": "WEB",
"url": "https://bugs.php.net/bug.php?id=76248"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00004.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201812-01"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20180607-0003"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3646-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3646-2"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4240"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2018-12"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2019-07"
},
{
"type": "WEB",
"url": "http://php.net/ChangeLog-5.php"
},
{
"type": "WEB",
"url": "http://php.net/ChangeLog-7.php"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104019"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1040807"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PJ7H-HW7V-PG79
Vulnerability from github – Published: 2025-07-25 15:30 – Updated: 2025-11-19 21:31In the Linux kernel, the following vulnerability has been resolved:
Input: cs40l50-vibra - fix potential NULL dereference in cs40l50_upload_owt()
The cs40l50_upload_owt() function allocates memory via kmalloc() without checking for allocation failure, which could lead to a NULL pointer dereference.
Return -ENOMEM in case allocation fails.
{
"affected": [],
"aliases": [
"CVE-2025-38381"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-25T13:15:27Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: cs40l50-vibra - fix potential NULL dereference in cs40l50_upload_owt()\n\nThe cs40l50_upload_owt() function allocates memory via kmalloc()\nwithout checking for allocation failure, which could lead to a\nNULL pointer dereference.\n\nReturn -ENOMEM in case allocation fails.",
"id": "GHSA-pj7h-hw7v-pg79",
"modified": "2025-11-19T21:31:16Z",
"published": "2025-07-25T15:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38381"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4cf65845fdd09d711fc7546d60c9abe010956922"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e87fc697fa4be5164e47cfba4ddd4732499adc60"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ea20568895c1122f15b6fc9e8d02c6cbe22964f8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PJ84-FGGF-8PF6
Vulnerability from github – Published: 2026-05-06 12:30 – Updated: 2026-05-08 18:31In the Linux kernel, the following vulnerability has been resolved:
drm/amd/pm: Fix null pointer dereference issue
If SMU is disabled, during RAS initialization, there will be null pointer dereference issue here.
{
"affected": [],
"aliases": [
"CVE-2026-43131"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-06T12:16:30Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Fix null pointer dereference issue\n\nIf SMU is disabled, during RAS initialization,\nthere will be null pointer dereference issue here.",
"id": "GHSA-pj84-fggf-8pf6",
"modified": "2026-05-08T18:31:27Z",
"published": "2026-05-06T12:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43131"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1197366cca89a4c44c541ddedb8ce8bf0757993d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8e035505fa0e5b7c4306fd3f4e27f8e8f5bfad8c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PJ8G-XGCW-9P63
Vulnerability from github – Published: 2024-08-08 09:30 – Updated: 2025-03-24 18:30In the Linux kernel, the following vulnerability has been resolved:
io_uring: fix error pbuf checking
Syz reports a problem, which boils down to NULL vs IS_ERR inconsistent error handling in io_alloc_pbuf_ring().
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] RIP: 0010:__io_remove_buffers+0xac/0x700 io_uring/kbuf.c:341 Call Trace: io_put_bl io_uring/kbuf.c:378 [inline] io_destroy_buffers+0x14e/0x490 io_uring/kbuf.c:392 io_ring_ctx_free+0xa00/0x1070 io_uring/io_uring.c:2613 io_ring_exit_work+0x80f/0x8a0 io_uring/io_uring.c:2844 process_one_work kernel/workqueue.c:3231 [inline] process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312 worker_thread+0x86d/0xd40 kernel/workqueue.c:3390 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
{
"affected": [],
"aliases": [
"CVE-2024-42254"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-08T09:15:08Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix error pbuf checking\n\nSyz reports a problem, which boils down to NULL vs IS_ERR inconsistent\nerror handling in io_alloc_pbuf_ring().\n\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nRIP: 0010:__io_remove_buffers+0xac/0x700 io_uring/kbuf.c:341\nCall Trace:\n \u003cTASK\u003e\n io_put_bl io_uring/kbuf.c:378 [inline]\n io_destroy_buffers+0x14e/0x490 io_uring/kbuf.c:392\n io_ring_ctx_free+0xa00/0x1070 io_uring/io_uring.c:2613\n io_ring_exit_work+0x80f/0x8a0 io_uring/io_uring.c:2844\n process_one_work kernel/workqueue.c:3231 [inline]\n process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312\n worker_thread+0x86d/0xd40 kernel/workqueue.c:3390\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244",
"id": "GHSA-pj8g-xgcw-9p63",
"modified": "2025-03-24T18:30:43Z",
"published": "2024-08-08T09:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42254"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/68d19af95a353f5e2b021602180b65b303eba99d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/78aefac7efdffddf7889405b7c08e6e0f030fa35"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bcc87d978b834c298bbdd9c52454c5d0a946e97e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PJFG-6MWR-J367
Vulnerability from github – Published: 2022-05-13 01:12 – Updated: 2022-05-13 01:12An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.
{
"affected": [],
"aliases": [
"CVE-2018-6942"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-02-13T05:29:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.",
"id": "GHSA-pjfg-6mwr-j367",
"modified": "2022-05-13T01:12:00Z",
"published": "2022-05-13T01:12:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6942"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736"
},
{
"type": "WEB",
"url": "https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3572-1"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00054.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PJV9-3C8F-MR4H
Vulnerability from github – Published: 2022-05-17 02:52 – Updated: 2022-05-17 02:52The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PE file.
{
"affected": [],
"aliases": [
"CVE-2017-7274"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-27T17:59:00Z",
"severity": "MODERATE"
},
"details": "The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PE file.",
"id": "GHSA-pjv9-3c8f-mr4h",
"modified": "2022-05-17T02:52:23Z",
"published": "2022-05-17T02:52:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7274"
},
{
"type": "WEB",
"url": "https://github.com/radare/radare2/issues/7152"
},
{
"type": "WEB",
"url": "https://github.com/radare/radare2/commit/7ab66cca5bbdf6cb2d69339ef4f513d95e532dbf"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97181"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.