Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-WPG9-Q9RC-8CX9

Vulnerability from github – Published: 2022-04-16 00:00 – Updated: 2022-04-23 00:03
VLAI
Details

An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause calls to ZRead to crash due to a NULL pointer dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-44501"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-15T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause calls to ZRead to crash due to a NULL pointer dereference.",
  "id": "GHSA-wpg9-q9rc-8cx9",
  "modified": "2022-04-23T00:03:14Z",
  "published": "2022-04-16T00:00:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44501"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/YottaDB/DB/YDB/-/issues/828"
    },
    {
      "type": "WEB",
      "url": "https://sourceforge.net/projects/fis-gtm/files"
    },
    {
      "type": "WEB",
      "url": "http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WPHX-9M7P-VHWC

Vulnerability from github – Published: 2022-05-01 17:41 – Updated: 2022-05-01 17:41
VLAI
Details

The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2007-0039"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-05-08T23:19:00Z",
    "severity": "HIGH"
  },
  "details": "The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.",
  "id": "GHSA-wphx-9m7p-vhwc",
  "modified": "2022-05-01T17:41:23Z",
  "published": "2022-05-01T17:41:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0039"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-026"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33888"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1593"
    },
    {
      "type": "WEB",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063232.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25183"
    },
    {
      "type": "WEB",
      "url": "http://www.determina.com/security.research/vulnerabilities/exchange-ical-modprops.html"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/34390"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/468047/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/23808"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1018015"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-128A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/1711"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-WPMX-4JMR-JX6R

Vulnerability from github – Published: 2023-08-29 06:30 – Updated: 2023-11-15 06:30
VLAI
Details

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-41358"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-29T04:15:16Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.",
  "id": "GHSA-wpmx-4jmr-jx6r",
  "modified": "2023-11-15T06:30:28Z",
  "published": "2023-08-29T06:30:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41358"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FRRouting/frr/pull/14260"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JLG64IF3FU7V76K4TKCCXVNEE6P2VUDO"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LMJNX44SMJM25JZO7XWHDQCOB4SNJPIE"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXR6PIVY4SWO7HDT4EY733H4X32SCPM4"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5495"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WPR2-JMM7-J55J

Vulnerability from github – Published: 2022-05-13 01:03 – Updated: 2022-05-13 01:03
VLAI
Details

dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a debugging information entry using DWARF5 and without a DW_AT_name.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-5041"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-10T16:59:00Z",
    "severity": "HIGH"
  },
  "details": "dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a debugging information entry using DWARF5 and without a DW_AT_name.",
  "id": "GHSA-wpr2-jmm7-j55j",
  "modified": "2022-05-13T01:03:25Z",
  "published": "2022-05-13T01:03:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5041"
    },
    {
      "type": "WEB",
      "url": "https://www.prevanders.net/dwarfbug.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WPR8-M35F-2W5C

Vulnerability from github – Published: 2026-06-10 00:31 – Updated: 2026-06-10 00:31
VLAI
Details

An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polygon with a strict-winding CRS.

Strict-winding polygons are intentionally unsupported for indexing, but the guard that rejects them does not inspect members of a GeometryCollection, allowing the unsafe path to be reached which ends with an ensuing null-pointer dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-9752"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-09T23:17:04Z",
    "severity": "HIGH"
  },
  "details": "An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polygon with a strict-winding CRS.\n\nStrict-winding polygons are intentionally unsupported for indexing, but the guard that rejects them does not inspect members of a GeometryCollection, allowing the unsafe path to be reached which ends with an ensuing null-pointer dereference.",
  "id": "GHSA-wpr8-m35f-2w5c",
  "modified": "2026-06-10T00:31:50Z",
  "published": "2026-06-10T00:31:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9752"
    },
    {
      "type": "WEB",
      "url": "https://jira.mongodb.org/browse/SERVER-123440"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-WPRV-4WQ2-C8JP

Vulnerability from github – Published: 2026-05-28 12:30 – Updated: 2026-06-10 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

media: rockchip: rkcif: Add missing MUST_CONNECT flag to pads

The pads missed checks for connected devices which may a null dereference when the stream is enabled.

Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020 pc : rkcif_interface_enable_streams+0x48/0xf0 lr : rkcif_interface_enable_streams+0x44/0xf0 Call trace: rkcif_interface_enable_streams+0x48/0xf0 v4l2_subdev_enable_streams+0x26c/0x3f0 rkcif_stream_start_streaming+0x140/0x278 vb2_start_streaming+0x74/0x188 vb2_core_streamon+0xe0/0x1d8 vb2_ioctl_streamon+0x60/0xa8 v4l_streamon+0x2c/0x40 __video_do_ioctl+0x34c/0x400 video_usercopy+0x2d0/0x800 video_ioctl2+0x20/0x60 v4l2_ioctl+0x48/0x78

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-46222"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-28T10:16:37Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rockchip: rkcif: Add missing MUST_CONNECT flag to pads\n\nThe pads missed checks for connected devices which may a null dereference\nwhen the stream is enabled.\n\nUnable to handle kernel NULL pointer dereference at virtual address\n0000000000000020\npc : rkcif_interface_enable_streams+0x48/0xf0\nlr : rkcif_interface_enable_streams+0x44/0xf0\nCall trace:\n rkcif_interface_enable_streams+0x48/0xf0\n v4l2_subdev_enable_streams+0x26c/0x3f0\n rkcif_stream_start_streaming+0x140/0x278\n vb2_start_streaming+0x74/0x188\n vb2_core_streamon+0xe0/0x1d8\n vb2_ioctl_streamon+0x60/0xa8\n v4l_streamon+0x2c/0x40\n __video_do_ioctl+0x34c/0x400\n video_usercopy+0x2d0/0x800\n video_ioctl2+0x20/0x60\n v4l2_ioctl+0x48/0x78",
  "id": "GHSA-wprv-4wq2-c8jp",
  "modified": "2026-06-10T21:31:25Z",
  "published": "2026-05-28T12:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46222"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/318142640590342bfec7aa06d0bdcd0ddbf953d0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8e3c751259dc2d1325838eff26f41032523c7b57"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WQ3X-CWMW-CM9J

Vulnerability from github – Published: 2022-05-17 01:22 – Updated: 2025-04-20 03:43
VLAI
Details

The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-13710"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-08-27T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small.",
  "id": "GHSA-wq3x-cwmw-cm9j",
  "modified": "2025-04-20T03:43:51Z",
  "published": "2022-05-17T01:22:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13710"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=0c54f69295208331faab9bc5e995111a35672f9b"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0c54f69295208331faab9bc5e995111a35672f9b"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/100499"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WQ43-RQVV-V7RP

Vulnerability from github – Published: 2022-05-14 03:25 – Updated: 2022-05-14 03:25
VLAI
Details

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, in a DIAG ioctl handler, an untrusted pointer dereference can occur.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-9149"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-04-18T14:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, in a DIAG ioctl handler, an untrusted pointer dereference can occur.",
  "id": "GHSA-wq43-rqvv-v7rp",
  "modified": "2022-05-14T03:25:49Z",
  "published": "2022-05-14T03:25:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9149"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2018-04-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/103671"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WQ92-R227-XXXP

Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-16 03:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

staging: greybus: lights: avoid NULL deref

gb_lights_light_config() stores channel_count before allocating the channels array. If kcalloc() fails, gb_lights_release() iterates the non-zero count and dereferences light->channels, which is NULL.

Allocate channels first and only then publish channels_count so the cleanup path can't walk a NULL pointer.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-45978"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-27T14:17:14Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: greybus: lights: avoid NULL deref\n\ngb_lights_light_config() stores channel_count before allocating the\nchannels array. If kcalloc() fails, gb_lights_release() iterates the\nnon-zero count and dereferences light-\u003echannels, which is NULL.\n\nAllocate channels first and only then publish channels_count so the\ncleanup path can\u0027t walk a NULL pointer.",
  "id": "GHSA-wq92-r227-xxxp",
  "modified": "2026-06-16T03:30:33Z",
  "published": "2026-05-27T15:33:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45978"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/01b91cb3e748032fd96bbe0043812b426a52f091"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/06162d85f830582da6e9e5fcf9c9504d6da9ae0b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3cbe694d235d96f628ec7dc6ae4d8bdddb768699"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/65f2c608096d766540953d9b170d216aa3b5eb95"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a118724d7641b832fa14323e2733e28ae4834552"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ba5022162da63059bae36c4fd84d7031f582c71f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/da46264a7016034a5bbbad034c012ef218b7d0af"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/efcffd9a6ad8d190651498d5eda53bfc7cf683a7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WQCW-WH9G-67RG

Vulnerability from github – Published: 2025-03-03 03:31 – Updated: 2025-03-03 15:31
VLAI
Details

In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00791311 / MOLY01067019; Issue ID: MSV-2721.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-20647"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-03T03:15:09Z",
    "severity": "HIGH"
  },
  "details": "In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00791311 /  MOLY01067019; Issue ID: MSV-2721.",
  "id": "GHSA-wqcw-wh9g-67rg",
  "modified": "2025-03-03T15:31:25Z",
  "published": "2025-03-03T03:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20647"
    },
    {
      "type": "WEB",
      "url": "https://corp.mediatek.com/product-security-bulletin/March-2025"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.