CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-QG8H-9C83-R4H2
Vulnerability from github – Published: 2022-05-24 16:49 – Updated: 2024-04-04 01:06An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx() or GetRelativePathsToXhtmlDocuments() when a NULL pointer is passed to xc::XMLUri::isValidURI(). This affects third-party software (not Sigil) that uses FlightCrew as a library.
{
"affected": [],
"aliases": [
"CVE-2019-13032"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-06-28T23:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx() or GetRelativePathsToXhtmlDocuments() when a NULL pointer is passed to xc::XMLUri::isValidURI(). This affects third-party software (not Sigil) that uses FlightCrew as a library.",
"id": "GHSA-qg8h-9c83-r4h2",
"modified": "2024-04-04T01:06:46Z",
"published": "2022-05-24T16:49:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13032"
},
{
"type": "WEB",
"url": "https://github.com/Sigil-Ebook/flightcrew/issues/53"
},
{
"type": "WEB",
"url": "https://salvatoresecurity.com/fun-with-fuzzers-or-how-i-discovered-three-vulnerabilities-part-1-of-3"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4055-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QG9F-PH29-82PG
Vulnerability from github – Published: 2022-05-17 01:58 – Updated: 2022-05-17 01:58In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer may be dereferenced in the front end.
{
"affected": [],
"aliases": [
"CVE-2015-9038"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-18T18:29:00Z",
"severity": "CRITICAL"
},
"details": "In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer may be dereferenced in the front end.",
"id": "GHSA-qg9f-ph29-82pg",
"modified": "2022-05-17T01:58:17Z",
"published": "2022-05-17T01:58:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9038"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/99467"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QG9W-6W4C-Q3PF
Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2022-05-24 19:10Null pointer dereference vulnerability in D-Link DAP-2310 2,10RC039, DAP-2330 1.10RC036 BETA, DAP-2360 2.10RC055, DAP-2553 3.10rc039 BETA, DAP-2660 1.15rc131b, DAP-2690 3.20RC115 BETA, DAP-2695 1.20RC093, DAP-3320 1.05RC027 BETA and DAP-3662 1.05rc069 in the sbin/httpd binary. The crash happens at the `atoi' operation when a specific network package are sent to the httpd binary.
{
"affected": [],
"aliases": [
"CVE-2021-28838"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-10T18:15:00Z",
"severity": "HIGH"
},
"details": "Null pointer dereference vulnerability in D-Link DAP-2310 2,10RC039, DAP-2330 1.10RC036 BETA, DAP-2360 2.10RC055, DAP-2553 3.10rc039 BETA, DAP-2660 1.15rc131b, DAP-2690 3.20RC115 BETA, DAP-2695 1.20RC093, DAP-3320 1.05RC027 BETA and DAP-3662 1.05rc069 in the sbin/httpd binary. The crash happens at the `atoi\u0027 operation when a specific network package are sent to the httpd binary.",
"id": "GHSA-qg9w-6w4c-q3pf",
"modified": "2022-05-24T19:10:33Z",
"published": "2022-05-24T19:10:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28838"
},
{
"type": "WEB",
"url": "https://github.com/zyw-200/EQUAFL/blob/main/dlink-email-cve.pdf"
},
{
"type": "WEB",
"url": "https://github.com/zyw-200/EQUAFL/blob/main/dlink-email-cve2.pdf"
},
{
"type": "WEB",
"url": "https://www.dlink.com/en/security-bulletin"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-QGCQ-F5V5-F8V8
Vulnerability from github – Published: 2025-10-28 15:30 – Updated: 2025-10-28 18:30FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
{
"affected": [],
"aliases": [
"CVE-2025-61104"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-28T15:16:13Z",
"severity": "HIGH"
},
"details": "FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.",
"id": "GHSA-qgcq-f5v5-f8v8",
"modified": "2025-10-28T18:30:28Z",
"published": "2025-10-28T15:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61104"
},
{
"type": "WEB",
"url": "https://github.com/FRRouting/frr/issues/19471"
},
{
"type": "WEB",
"url": "https://github.com/FRRouting/frr/pull/19480"
},
{
"type": "WEB",
"url": "https://github.com/FRRouting/frr/pull/19480/commits/fdd957408605d4a1766225630aafc7e6b7c3daf3"
},
{
"type": "WEB",
"url": "https://github.com/s1awwhy/BugList/blob/main/CVE-2025-61104.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QGG6-HJ2R-3X43
Vulnerability from github – Published: 2026-01-09 18:31 – Updated: 2026-01-12 18:30fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer dereference in fluid_synth_monopoly.c, that can be triggered when loading an invalid midi file.
{
"affected": [],
"aliases": [
"CVE-2025-56225"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-09T16:16:06Z",
"severity": "HIGH"
},
"details": "fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer dereference in fluid_synth_monopoly.c, that can be triggered when loading an invalid midi file.",
"id": "GHSA-qgg6-hj2r-3x43",
"modified": "2026-01-12T18:30:29Z",
"published": "2026-01-09T18:31:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-56225"
},
{
"type": "WEB",
"url": "https://github.com/FluidSynth/fluidsynth/issues/1602"
},
{
"type": "WEB",
"url": "https://github.com/FluidSynth/fluidsynth/pull/1607"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QGGW-79C9-7RQV
Vulnerability from github – Published: 2025-06-20 15:30 – Updated: 2025-06-23 15:31An issue was discovered in COROS PACE 3 through 3.0808.0. Due to a NULL pointer dereference vulnerability, sending a crafted BLE message forces the device to reboot.
{
"affected": [],
"aliases": [
"CVE-2025-48705"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-20T14:15:29Z",
"severity": "HIGH"
},
"details": "An issue was discovered in COROS PACE 3 through 3.0808.0. Due to a NULL pointer dereference vulnerability, sending a crafted BLE message forces the device to reboot.",
"id": "GHSA-qggw-79c9-7rqv",
"modified": "2025-06-23T15:31:38Z",
"published": "2025-06-20T15:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48705"
},
{
"type": "WEB",
"url": "https://syss.de"
},
{
"type": "WEB",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-027.txt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QGP7-V6FQ-JXVW
Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-19 15:31In the Linux kernel, the following vulnerability has been resolved:
arm64: fix oops in concurrently setting insn_emulation sysctls
emulation_proc_handler() changes table->data for proc_dointvec_minmax and can generate the following Oops if called concurrently with itself:
| Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010 | Internal error: Oops: 96000006 [#1] SMP | Call trace: | update_insn_emulation_mode+0xc0/0x148 | emulation_proc_handler+0x64/0xb8 | proc_sys_call_handler+0x9c/0xf8 | proc_sys_write+0x18/0x20 | __vfs_write+0x20/0x48 | vfs_write+0xe4/0x1d0 | ksys_write+0x70/0xf8 | __arm64_sys_write+0x20/0x28 | el0_svc_common.constprop.0+0x7c/0x1c0 | el0_svc_handler+0x2c/0xa0 | el0_svc+0x8/0x200
To fix this issue, keep the table->data as &insn->current_mode and use container_of() to retrieve the insn pointer. Another mutex is used to protect against the current_mode update but not for retrieving insn_emulation as table->data is no longer changing.
{
"affected": [],
"aliases": [
"CVE-2022-50206"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-18T11:15:51Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: fix oops in concurrently setting insn_emulation sysctls\n\nemulation_proc_handler() changes table-\u003edata for proc_dointvec_minmax\nand can generate the following Oops if called concurrently with itself:\n\n | Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010\n | Internal error: Oops: 96000006 [#1] SMP\n | Call trace:\n | update_insn_emulation_mode+0xc0/0x148\n | emulation_proc_handler+0x64/0xb8\n | proc_sys_call_handler+0x9c/0xf8\n | proc_sys_write+0x18/0x20\n | __vfs_write+0x20/0x48\n | vfs_write+0xe4/0x1d0\n | ksys_write+0x70/0xf8\n | __arm64_sys_write+0x20/0x28\n | el0_svc_common.constprop.0+0x7c/0x1c0\n | el0_svc_handler+0x2c/0xa0\n | el0_svc+0x8/0x200\n\nTo fix this issue, keep the table-\u003edata as \u0026insn-\u003ecurrent_mode and\nuse container_of() to retrieve the insn pointer. Another mutex is\nused to protect against the current_mode update but not for retrieving\ninsn_emulation as table-\u003edata is no longer changing.",
"id": "GHSA-qgp7-v6fq-jxvw",
"modified": "2025-11-19T15:31:30Z",
"published": "2025-06-18T12:30:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50206"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/04549063d5701976034d8c2bfda3d3a8cbf0409f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/07022e07017ee5540f5559b0aeb916e8383c1e1a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/353b4673d01c512303c45cf2346f630cda73b5c9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6a2fd114678d7fc1b5a0f8865ae98f1c17787455"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9d5fec6ba2e4117d196a8259ab54615ffe562460"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/af483947d472eccb79e42059276c4deed76f99a6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b51881b1da57fe9877125dfdd0aac5172958fcfd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cc69ef95988b9ef2fc730ec452a7441efb90ef5e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QGPJ-59QM-CX5G
Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-19 15:31In the Linux kernel, the following vulnerability has been resolved:
iio: light: isl29028: Fix the warning in isl29028_remove()
The driver use the non-managed form of the register function in isl29028_remove(). To keep the release order as mirroring the ordering in probe, the driver should use non-managed form in probe, too.
The following log reveals it:
[ 32.374955] isl29028 0-0010: remove [ 32.376861] general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN PTI [ 32.377676] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] [ 32.379432] RIP: 0010:kernfs_find_and_get_ns+0x28/0xe0 [ 32.385461] Call Trace: [ 32.385807] sysfs_unmerge_group+0x59/0x110 [ 32.386110] dpm_sysfs_remove+0x58/0xc0 [ 32.386391] device_del+0x296/0xe50 [ 32.386959] cdev_device_del+0x1d/0xd0 [ 32.387231] devm_iio_device_unreg+0x27/0xb0 [ 32.387542] devres_release_group+0x319/0x3d0 [ 32.388162] i2c_device_remove+0x93/0x1f0
{
"affected": [],
"aliases": [
"CVE-2022-50218"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-18T11:15:52Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: light: isl29028: Fix the warning in isl29028_remove()\n\nThe driver use the non-managed form of the register function in\nisl29028_remove(). To keep the release order as mirroring the ordering\nin probe, the driver should use non-managed form in probe, too.\n\nThe following log reveals it:\n\n[ 32.374955] isl29028 0-0010: remove\n[ 32.376861] general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN PTI\n[ 32.377676] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]\n[ 32.379432] RIP: 0010:kernfs_find_and_get_ns+0x28/0xe0\n[ 32.385461] Call Trace:\n[ 32.385807] sysfs_unmerge_group+0x59/0x110\n[ 32.386110] dpm_sysfs_remove+0x58/0xc0\n[ 32.386391] device_del+0x296/0xe50\n[ 32.386959] cdev_device_del+0x1d/0xd0\n[ 32.387231] devm_iio_device_unreg+0x27/0xb0\n[ 32.387542] devres_release_group+0x319/0x3d0\n[ 32.388162] i2c_device_remove+0x93/0x1f0",
"id": "GHSA-qgpj-59qm-cx5g",
"modified": "2025-11-19T15:31:31Z",
"published": "2025-06-18T12:30:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50218"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/06674fc7c003b9d0aa1d37fef7ab2c24802cc6ad"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/359f3b150eab30805fe0e4e9d616887d7257a625"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4f0ebfb4b9bfad2326c0b2c3cc7e37f4b9ee9eba"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a1135205b0affd255510775a27df571aca84ab4b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ca63d5abf404d2934e2ac03545350de7bb8c8e96"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ed43fb20d3d1fca9d79db0d5faf4321a4dd58c23"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fac589fb764699a4bcd288f6656b8cd0408ea968"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fb1888205c0782f287e5dd4ffff1f665332e868c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QGPM-JG9J-H3FQ
Vulnerability from github – Published: 2024-05-21 18:31 – Updated: 2024-06-03 18:55In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Avoid NULL dereference of timing generator
[Why & How] Check whether assigned timing generator is NULL or not before accessing its funcs to prevent NULL dereference.
{
"affected": [],
"aliases": [
"CVE-2023-52753"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-21T16:15:14Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid NULL dereference of timing generator\n\n[Why \u0026 How]\nCheck whether assigned timing generator is NULL or not before\naccessing its funcs to prevent NULL dereference.",
"id": "GHSA-qgpm-jg9j-h3fq",
"modified": "2024-06-03T18:55:25Z",
"published": "2024-05-21T18:31:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52753"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/09909f515032fa80b921fd3118efe66b185d10fd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4e497f1acd99075b13605b2e7fa0cba721a2cfd9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6d8653b1a7a8dc938b566ae8c4f373b36e792c68"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/79b6a90f4f2433312154cd68452b0ba501fa74db"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8a06894666e0b462c9316b26ab615cefdd0d676c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b1904ed480cee3f9f4036ea0e36d139cb5fee2d6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/df8bc953eed72371e43ca407bd063507f760cf89"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/eac3e4760aa12159f7f5475d55a67b7933abc195"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QGQ4-89P9-QFRH
Vulnerability from github – Published: 2025-05-16 18:31 – Updated: 2026-05-06 18:30A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 (Unauthorized) HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed header can lead to a crash of the client application using libsoup. An attacker could exploit this by setting up a malicious HTTP server. If a user's application using the vulnerable libsoup library connects to this malicious server, it could result in a denial-of-service. Successful exploitation requires tricking a user's client application into connecting to the attacker's malicious server.
{
"affected": [],
"aliases": [
"CVE-2025-4476"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-16T18:16:10Z",
"severity": "MODERATE"
},
"details": "A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 (Unauthorized) HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed header can lead to a crash of the client application using libsoup. An attacker could exploit this by setting up a malicious HTTP server. If a user\u0027s application using the vulnerable libsoup library connects to this malicious server, it could result in a denial-of-service. Successful exploitation requires tricking a user\u0027s client application into connecting to the attacker\u0027s malicious server.",
"id": "GHSA-qgq4-89p9-qfrh",
"modified": "2026-05-06T18:30:23Z",
"published": "2025-05-16T18:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4476"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-4476"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2366513"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/440"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/libsoup/-/work_items/440"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.