CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-QP52-65CQ-8G48
Vulnerability from github – Published: 2022-05-13 01:27 – Updated: 2022-05-13 01:27An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service.
{
"affected": [],
"aliases": [
"CVE-2018-19542"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-11-26T03:29:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service.",
"id": "GHSA-qp52-65cq-8g48",
"modified": "2022-05-13T01:27:18Z",
"published": "2022-05-13T01:27:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19542"
},
{
"type": "WEB",
"url": "https://github.com/mdadams/jasper/issues/182"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00004.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QP63-W47Q-G9VJ
Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-12-24 18:30In the Linux kernel, the following vulnerability has been resolved:
usb: dwc3: ep0: fix NULL pointer exception
There is no validation of the index from dwc3_wIndex_to_dep() and we might be referring a non-existing ep and trigger a NULL pointer exception. In certain configurations we might use fewer eps and the index might wrongly indicate a larger ep index than existing.
By adding this validation from the patch we can actually report a wrong index back to the caller.
In our usecase we are using a composite device on an older kernel, but upstream might use this fix also. Unfortunately, I cannot describe the hardware for others to reproduce the issue as it is a proprietary implementation.
[ 82.958261] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a4 [ 82.966891] Mem abort info: [ 82.969663] ESR = 0x96000006 [ 82.972703] Exception class = DABT (current EL), IL = 32 bits [ 82.978603] SET = 0, FnV = 0 [ 82.981642] EA = 0, S1PTW = 0 [ 82.984765] Data abort info: [ 82.987631] ISV = 0, ISS = 0x00000006 [ 82.991449] CM = 0, WnR = 0 [ 82.994409] user pgtable: 4k pages, 39-bit VAs, pgdp = 00000000c6210ccc [ 83.000999] [00000000000000a4] pgd=0000000053aa5003, pud=0000000053aa5003, pmd=0000000000000000 [ 83.009685] Internal error: Oops: 96000006 [#1] PREEMPT SMP [ 83.026433] Process irq/62-dwc3 (pid: 303, stack limit = 0x000000003985154c) [ 83.033470] CPU: 0 PID: 303 Comm: irq/62-dwc3 Not tainted 4.19.124 #1 [ 83.044836] pstate: 60000085 (nZCv daIf -PAN -UAO) [ 83.049628] pc : dwc3_ep0_handle_feature+0x414/0x43c [ 83.054558] lr : dwc3_ep0_interrupt+0x3b4/0xc94
...
[ 83.141788] Call trace: [ 83.144227] dwc3_ep0_handle_feature+0x414/0x43c [ 83.148823] dwc3_ep0_interrupt+0x3b4/0xc94 [ 83.181546] ---[ end trace aac6b5267d84c32f ]---
{
"affected": [],
"aliases": [
"CVE-2021-47269"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-21T15:15:15Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: ep0: fix NULL pointer exception\n\nThere is no validation of the index from dwc3_wIndex_to_dep() and we might\nbe referring a non-existing ep and trigger a NULL pointer exception. In\ncertain configurations we might use fewer eps and the index might wrongly\nindicate a larger ep index than existing.\n\nBy adding this validation from the patch we can actually report a wrong\nindex back to the caller.\n\nIn our usecase we are using a composite device on an older kernel, but\nupstream might use this fix also. Unfortunately, I cannot describe the\nhardware for others to reproduce the issue as it is a proprietary\nimplementation.\n\n[ 82.958261] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a4\n[ 82.966891] Mem abort info:\n[ 82.969663] ESR = 0x96000006\n[ 82.972703] Exception class = DABT (current EL), IL = 32 bits\n[ 82.978603] SET = 0, FnV = 0\n[ 82.981642] EA = 0, S1PTW = 0\n[ 82.984765] Data abort info:\n[ 82.987631] ISV = 0, ISS = 0x00000006\n[ 82.991449] CM = 0, WnR = 0\n[ 82.994409] user pgtable: 4k pages, 39-bit VAs, pgdp = 00000000c6210ccc\n[ 83.000999] [00000000000000a4] pgd=0000000053aa5003, pud=0000000053aa5003, pmd=0000000000000000\n[ 83.009685] Internal error: Oops: 96000006 [#1] PREEMPT SMP\n[ 83.026433] Process irq/62-dwc3 (pid: 303, stack limit = 0x000000003985154c)\n[ 83.033470] CPU: 0 PID: 303 Comm: irq/62-dwc3 Not tainted 4.19.124 #1\n[ 83.044836] pstate: 60000085 (nZCv daIf -PAN -UAO)\n[ 83.049628] pc : dwc3_ep0_handle_feature+0x414/0x43c\n[ 83.054558] lr : dwc3_ep0_interrupt+0x3b4/0xc94\n\n...\n\n[ 83.141788] Call trace:\n[ 83.144227] dwc3_ep0_handle_feature+0x414/0x43c\n[ 83.148823] dwc3_ep0_interrupt+0x3b4/0xc94\n[ 83.181546] ---[ end trace aac6b5267d84c32f ]---",
"id": "GHSA-qp63-w47q-g9vj",
"modified": "2024-12-24T18:30:48Z",
"published": "2024-05-21T15:31:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47269"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/366369b89bedd59b1425386e8d4a18a466e420e4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/470403639114895e2697c766fbe17be8d0e9b67a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/60156089f07e724e4dc8483702d5e1ede4522749"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/788755756dd4a6aba1de479fec20b0fa600e7f19"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/96b74a99d360235c24052f1d060e64ac53f43528"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/990dc90750772622d44ca2ea6652c521e6f67e16"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bd551e7c85939de2182010273450bfa78c3742fc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d00889080ab60051627dab1d85831cd9db750e2a"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QP6C-P26Q-WJQF
Vulnerability from github – Published: 2022-05-14 01:47 – Updated: 2022-05-14 01:47A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service.
{
"affected": [],
"aliases": [
"CVE-2018-19532"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-11-26T02:29:00Z",
"severity": "HIGH"
},
"details": "A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service.",
"id": "GHSA-qp6c-p26q-wjqf",
"modified": "2022-05-14T01:47:09Z",
"published": "2022-05-14T01:47:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19532"
},
{
"type": "WEB",
"url": "https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-pdftranslatorsettarget-podofo-0-9-6"
},
{
"type": "WEB",
"url": "https://sourceforge.net/p/podofo/tickets/32"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QP76-QQR3-XHV8
Vulnerability from github – Published: 2025-09-05 18:31 – Updated: 2026-05-12 15:31In the Linux kernel, the following vulnerability has been resolved:
media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar
In w7090p_tuner_write_serpar, msg is controlled by user. When msg[0].buf is null and msg[0].len is zero, former checks on msg[0].buf would be passed. If accessing msg[0].buf[2] without sanity check, null pointer deref would happen. We add check on msg[0].len to prevent crash.
Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()")
{
"affected": [],
"aliases": [
"CVE-2025-38693"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-04T16:15:37Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar\n\nIn w7090p_tuner_write_serpar, msg is controlled by user. When msg[0].buf is null and msg[0].len is zero, former checks on msg[0].buf would be passed. If accessing msg[0].buf[2] without sanity check, null pointer deref would happen. We add\ncheck on msg[0].len to prevent crash.\n\nSimilar commit: commit 0ed554fd769a (\"media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()\")",
"id": "GHSA-qp76-qqr3-xhv8",
"modified": "2026-05-12T15:31:00Z",
"published": "2025-09-05T18:31:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38693"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/17b30e5ded062bd74f8ca6f317e1d415a8680665"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/39b06b93f24dff923c4183d564ed28c039150554"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/454a443eaa792c8865c861a282fe6d4f596abc3a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6bbaec6a036940e22318f0454b50b8000845ab59"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7a41ecfc3415ebe3b4c44f96b3337691dcf431a3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/99690a494d91a0dc86cebd628da4c62c40552bcb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b3d77a3fc71c084575d3df4ec6544b3fb6ce587d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ddd1f0e0b6991e4f1b5d08a74de388564b7c4ac6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ed0234c8458b3149f15e496b48a1c9874dd24a1b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f98132a59ccc59a8b97987363bc99c8968934756"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QP9G-95JM-JWFJ
Vulnerability from github – Published: 2024-05-20 12:30 – Updated: 2025-01-16 18:30In the Linux kernel, the following vulnerability has been resolved:
sched/eevdf: Prevent vlag from going out of bounds in reweight_eevdf()
It was possible to have pick_eevdf() return NULL, which then causes a NULL-deref. This turned out to be due to entity_eligible() returning falsely negative because of a s64 multiplcation overflow.
Specifically, reweight_eevdf() computes the vlag without considering the limit placed upon vlag as update_entity_lag() does, and then the scaling multiplication (remember that weight is 20bit fixed point) can overflow. This then leads to the new vruntime being weird which then causes the above entity_eligible() to go side-ways and claim nothing is eligible.
Thus limit the range of vlag accordingly.
All this was quite rare, but fatal when it does happen.
{
"affected": [],
"aliases": [
"CVE-2024-35985"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-20T10:15:12Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/eevdf: Prevent vlag from going out of bounds in reweight_eevdf()\n\nIt was possible to have pick_eevdf() return NULL, which then causes a\nNULL-deref. This turned out to be due to entity_eligible() returning\nfalsely negative because of a s64 multiplcation overflow.\n\nSpecifically, reweight_eevdf() computes the vlag without considering\nthe limit placed upon vlag as update_entity_lag() does, and then the\nscaling multiplication (remember that weight is 20bit fixed point) can\noverflow. This then leads to the new vruntime being weird which then\ncauses the above entity_eligible() to go side-ways and claim nothing\nis eligible.\n\nThus limit the range of vlag accordingly.\n\nAll this was quite rare, but fatal when it does happen.",
"id": "GHSA-qp9g-95jm-jwfj",
"modified": "2025-01-16T18:30:58Z",
"published": "2024-05-20T12:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35985"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/06f27e6d7bf0abf54488259ef36bbf0e1fccb35c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1560d1f6eb6b398bddd80c16676776c0325fe5fe"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/470d347b14b0ecffa9b39cf8f644fa2351db3efb"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QP9J-3HXC-WM7P
Vulnerability from github – Published: 2023-10-26 00:30 – Updated: 2023-11-03 18:30Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/xlsparse.c.
{
"affected": [],
"aliases": [
"CVE-2023-46345"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-26T00:15:12Z",
"severity": "HIGH"
},
"details": "Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/xlsparse.c.",
"id": "GHSA-qp9j-3hxc-wm7p",
"modified": "2023-11-03T18:30:23Z",
"published": "2023-10-26T00:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46345"
},
{
"type": "WEB",
"url": "https://gist.github.com/rycbar77/d747b2c37b544ece30b2353a65ab41f9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QPF6-M6MQ-HCMQ
Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-12-23 21:30In the Linux kernel, the following vulnerability has been resolved:
HID: amd_sfh: Fix potential NULL pointer dereference
devm_add_action_or_reset() can suddenly invoke amd_mp2_pci_remove() at registration that will cause NULL pointer dereference since corresponding data is not initialized yet. The patch moves initialization of data before devm_add_action_or_reset().
Found by Linux Driver Verification project (linuxtesting.org).
[jkosina@suse.cz: rebase]
{
"affected": [],
"aliases": [
"CVE-2021-47380"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-21T15:15:23Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: amd_sfh: Fix potential NULL pointer dereference\n\ndevm_add_action_or_reset() can suddenly invoke amd_mp2_pci_remove() at\nregistration that will cause NULL pointer dereference since\ncorresponding data is not initialized yet. The patch moves\ninitialization of data before devm_add_action_or_reset().\n\nFound by Linux Driver Verification project (linuxtesting.org).\n\n[jkosina@suse.cz: rebase]",
"id": "GHSA-qpf6-m6mq-hcmq",
"modified": "2024-12-23T21:30:51Z",
"published": "2024-05-21T15:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47380"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/283e4bee701dfcd409dd293f19a268bb2bc8ff38"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d46ef750ed58cbeeba2d9a55c99231c30a172764"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QPG7-FJP7-H39J
Vulnerability from github – Published: 2022-06-03 00:00 – Updated: 2022-06-09 00:00An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function main() located in swfdump.c. It allows an attacker to cause Denial of Service.
{
"affected": [],
"aliases": [
"CVE-2021-42200"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-02T14:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function main() located in swfdump.c. It allows an attacker to cause Denial of Service.",
"id": "GHSA-qpg7-fjp7-h39j",
"modified": "2022-06-09T00:00:17Z",
"published": "2022-06-03T00:00:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42200"
},
{
"type": "WEB",
"url": "https://github.com/matthiaskramm/swftools/issues/170"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QPMJ-GFG7-C4VM
Vulnerability from github – Published: 2022-05-24 19:09 – Updated: 2022-05-24 19:09A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application.
{
"affected": [],
"aliases": [
"CVE-2021-25804"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-26T17:15:00Z",
"severity": "HIGH"
},
"details": "A NULL-pointer dereference in \"Open\" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application.",
"id": "GHSA-qpmj-gfg7-c4vm",
"modified": "2022-05-24T19:09:12Z",
"published": "2022-05-24T19:09:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25804"
},
{
"type": "WEB",
"url": "https://code.videolan.org/videolan/vlc-3.0/-/commit/a7f577ec26d35bbd7b2a3cda89d1b41bde69de9c"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-QPMM-4HHQ-C2QC
Vulnerability from github – Published: 2025-08-07 21:31 – Updated: 2025-08-07 21:31In GStreamer through 1.26.1, the subparse plugin's tmplayer_parse_line function may dereference a NULL pointer while parsing a subtitle file, leading to a crash.
{
"affected": [],
"aliases": [
"CVE-2025-47808"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-07T20:15:27Z",
"severity": "MODERATE"
},
"details": "In GStreamer through 1.26.1, the subparse plugin\u0027s tmplayer_parse_line function may dereference a NULL pointer while parsing a subtitle file, leading to a crash.",
"id": "GHSA-qpmm-4hhq-c2qc",
"modified": "2025-08-07T21:31:08Z",
"published": "2025-08-07T21:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47808"
},
{
"type": "WEB",
"url": "https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md"
},
{
"type": "WEB",
"url": "https://gstreamer.freedesktop.org/security"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.