CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6309 vulnerabilities reference this CWE, most recent first.
GHSA-X7XX-Q6M5-JW79
Vulnerability from github – Published: 2024-12-27 15:31 – Updated: 2025-01-08 21:32In the Linux kernel, the following vulnerability has been resolved:
ASoC: imx-audmix: Add NULL check in imx_audmix_probe
devm_kasprintf() can return a NULL pointer on failure,but this returned value in imx_audmix_probe() is not checked. Add NULL check in imx_audmix_probe(), to handle kernel NULL pointer dereference error.
{
"affected": [],
"aliases": [
"CVE-2024-53199"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T14:15:27Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: imx-audmix: Add NULL check in imx_audmix_probe\n\ndevm_kasprintf() can return a NULL pointer on failure,but this\nreturned value in imx_audmix_probe() is not checked.\nAdd NULL check in imx_audmix_probe(), to handle kernel NULL\npointer dereference error.",
"id": "GHSA-x7xx-q6m5-jw79",
"modified": "2025-01-08T21:32:24Z",
"published": "2024-12-27T15:31:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53199"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c040cbe2e13da6454ae4748e04e53d885e1c9603"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dc5aa71f39b44d8117b2417dafd0e2884a75dd37"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e038f43edaf0083f6aa7c9415d86cf28dfd152f9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X82J-M6F3-7F78
Vulnerability from github – Published: 2022-10-20 12:00 – Updated: 2022-10-24 19:00In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when DNS profile is configured on a virtual server with DNS Express enabled, undisclosed DNS queries with DNSSEC can cause TMM to terminate.
{
"affected": [],
"aliases": [
"CVE-2022-41787"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-19T22:15:00Z",
"severity": "HIGH"
},
"details": "In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when DNS profile is configured on a virtual server with DNS Express enabled, undisclosed DNS queries with DNSSEC can cause TMM to terminate.",
"id": "GHSA-x82j-m6f3-7f78",
"modified": "2022-10-24T19:00:25Z",
"published": "2022-10-20T12:00:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41787"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K70569537"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X852-P4X4-VCGF
Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-05-24 19:03A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
{
"affected": [],
"aliases": [
"CVE-2020-35503"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-02T14:15:00Z",
"severity": "MODERATE"
},
"details": "A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.",
"id": "GHSA-x852-p4x4-vcgf",
"modified": "2022-05-24T19:03:54Z",
"published": "2022-05-24T19:03:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35503"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1910346"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210720-0008"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X87M-JMX5-5M6G
Vulnerability from github – Published: 2022-05-24 17:05 – Updated: 2022-10-14 19:00An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_odf_avc_cfg_write_bs() in odf/descriptors.c.
{
"affected": [],
"aliases": [
"CVE-2019-20163"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-12-31T00:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_odf_avc_cfg_write_bs() in odf/descriptors.c.",
"id": "GHSA-x87m-jmx5-5m6g",
"modified": "2022-10-14T19:00:16Z",
"published": "2022-05-24T17:05:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20163"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/issues/1335"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00017.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X8FR-74RG-389V
Vulnerability from github – Published: 2025-03-07 21:31 – Updated: 2025-03-07 21:31In the Linux kernel, the following vulnerability has been resolved:
ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()
In an unlikely (and probably wrong?) case that the 'ppi' parameter of ata_host_alloc_pinfo() points to an array starting with a NULL pointer, there's going to be a kernel oops as the 'pi' local variable won't get reassigned from the initial value of NULL. Initialize 'pi' instead to '&ata_dummy_port_info' to fix the possible kernel oops for good...
Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool.
{
"affected": [],
"aliases": [
"CVE-2022-49731"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:48Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()\n\nIn an unlikely (and probably wrong?) case that the \u0027ppi\u0027 parameter of\nata_host_alloc_pinfo() points to an array starting with a NULL pointer,\nthere\u0027s going to be a kernel oops as the \u0027pi\u0027 local variable won\u0027t get\nreassigned from the initial value of NULL. Initialize \u0027pi\u0027 instead to\n\u0027\u0026ata_dummy_port_info\u0027 to fix the possible kernel oops for good...\n\nFound by Linux Verification Center (linuxtesting.org) with the SVACE static\nanalysis tool.",
"id": "GHSA-x8fr-74rg-389v",
"modified": "2025-03-07T21:31:04Z",
"published": "2025-03-07T21:31:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49731"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/07cbdb4807d369fbda73062a91b570c4dc5ec429"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1ac5efee33f29e704226506d429b84575a5d66f8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/253334f84c81bc6a43af489f108c0bddad989eef"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/36cd19e7d4e5571d77a2ed20c5b6ef50cf57734a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a810bd5af06977a847d1f202b22d7defd5c62497"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bf476fe22aa1851bab4728e0c49025a6a0bea307"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ca4693e6e06e4fd2b240c0fec47aa2498c94848e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ff128fbea720bf763fa345680dda5f050bc24a47"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X8RM-M93R-JQP2
Vulnerability from github – Published: 2024-04-05 21:32 – Updated: 2025-06-17 21:31In asn1_ec_pkey_parse of asn1_common.c, there is a possible OOB read due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2024-27232"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-05T20:15:07Z",
"severity": "MODERATE"
},
"details": "In asn1_ec_pkey_parse of asn1_common.c, there is a possible OOB read due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-x8rm-m93r-jqp2",
"modified": "2025-06-17T21:31:38Z",
"published": "2024-04-05T21:32:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27232"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2024-04-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X8WR-3XMC-RP7M
Vulnerability from github – Published: 2022-05-14 00:58 – Updated: 2022-05-14 00:58An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc.
{
"affected": [],
"aliases": [
"CVE-2019-10873"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-04-05T04:29:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc.",
"id": "GHSA-x8wr-3xmc-rp7m",
"modified": "2022-05-14T00:58:03Z",
"published": "2022-05-14T00:58:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10873"
},
{
"type": "WEB",
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/748"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4042-1"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/107862"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X8X6-CPP7-M689
Vulnerability from github – Published: 2026-02-10 18:30 – Updated: 2026-02-10 18:30Substance3D - Designer versions 15.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2026-21336"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-10T18:16:31Z",
"severity": "MODERATE"
},
"details": "Substance3D - Designer versions 15.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-x8x6-cpp7-m689",
"modified": "2026-02-10T18:30:42Z",
"published": "2026-02-10T18:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21336"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/substance3d_designer/apsb26-19.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X938-FVFW-7JH5
Vulnerability from github – Published: 2022-06-25 07:11 – Updated: 2022-06-25 07:11Impact
A malicious message response from KubeEdge can crash the CSI Driver controller server by triggering a nil-pointer dereference panic. As a consequence, the CSI Driver controller will be in denial of service. An attacker would already need to be an authenticated user of the Cloud, and only when the authenticated user launches the csidriver then CloudCore may be attacked.
Patches
This bug has been fixed in Kubeedge 1.11.0, 1.10.1, and 1.9.3. Users should update to these versions to resolve the issue.
Workarounds
At the time of writing, no workaround exists.
References
NA
Credits
Thanks David Korczynski and Adam Korczynski of ADA Logics for responsibly disclosing this issue in accordance with the kubeedge security policy during a security audit sponsored by CNCF and facilitated by OSTIF.
For more information
If you have any questions or comments about this advisory: * Open an issue in KubeEdge repo * To make a vulnerability report, email your vulnerability to the private cncf-kubeedge-security@lists.cncf.io list with the security details and the details expected for KubeEdge bug reports.
Notes: This vulnerability was found by fuzzing KubeEdge by way of OSS-Fuzz.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/kubeedge/kubeedge"
},
"ranges": [
{
"events": [
{
"introduced": "1.10.0"
},
{
"fixed": "1.10.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.10.0"
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/kubeedge/kubeedge"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.9.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-31077"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": true,
"github_reviewed_at": "2022-06-25T07:11:05Z",
"nvd_published_at": "2022-06-27T21:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nA malicious message response from KubeEdge can crash the CSI Driver controller server by triggering a nil-pointer dereference panic. As a consequence, the CSI Driver controller will be in denial of service. An attacker would already need to be an authenticated user of the Cloud, and only when the authenticated user launches the `csidriver` then CloudCore may be attacked.\n\n### Patches\nThis bug has been fixed in Kubeedge 1.11.0, 1.10.1, and 1.9.3. Users should update to these versions to resolve the issue.\n\n### Workarounds\nAt the time of writing, no workaround exists.\n\n### References\nNA\n\n### Credits\nThanks David Korczynski and Adam Korczynski of ADA Logics for responsibly disclosing this issue in accordance with the [kubeedge security policy](https://github.com/kubeedge/kubeedge/security/policy) during a security audit sponsored by CNCF and facilitated by OSTIF.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [KubeEdge repo](https://github.com/kubeedge/kubeedge/issues/new/choose)\n* To make a vulnerability report, email your vulnerability to the private [cncf-kubeedge-security@lists.cncf.io](mailto:cncf-kubeedge-security@lists.cncf.io) list with the security details and the details expected for [KubeEdge bug reports](https://github.com/kubeedge/kubeedge/blob/master/.github/ISSUE_TEMPLATE/bug-report.md).\n\n**Notes:** This vulnerability was found by fuzzing KubeEdge by way of OSS-Fuzz.",
"id": "GHSA-x938-fvfw-7jh5",
"modified": "2022-06-25T07:11:05Z",
"published": "2022-06-25T07:11:05Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/kubeedge/kubeedge/security/advisories/GHSA-x938-fvfw-7jh5"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31077"
},
{
"type": "WEB",
"url": "https://github.com/kubeedge/kubeedge/pull/3899"
},
{
"type": "WEB",
"url": "https://github.com/kubeedge/kubeedge/pull/3899/commits/5d60ae9eabd6b6b7afe38758e19bbe8137664701"
},
{
"type": "PACKAGE",
"url": "https://github.com/kubeedge/kubeedge"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "CloudCore CSI Driver: Malicious response from KubeEdge can crash CSI Driver controller server"
}
GHSA-X954-5GXX-H6V4
Vulnerability from github – Published: 2026-02-10 15:30 – Updated: 2026-02-10 15:30A security vulnerability has been detected in ckolivas lrzip up to 0.651. This vulnerability affects the function ucompthread of the file stream.c. Such manipulation leads to null pointer dereference. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
{
"affected": [],
"aliases": [
"CVE-2025-15571"
],
"database_specific": {
"cwe_ids": [
"CWE-404",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-10T15:16:04Z",
"severity": "MODERATE"
},
"details": "A security vulnerability has been detected in ckolivas lrzip up to 0.651. This vulnerability affects the function ucompthread of the file stream.c. Such manipulation leads to null pointer dereference. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.",
"id": "GHSA-x954-5gxx-h6v4",
"modified": "2026-02-10T15:30:28Z",
"published": "2026-02-10T15:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15571"
},
{
"type": "WEB",
"url": "https://github.com/ckolivas/lrzip/issues/263"
},
{
"type": "WEB",
"url": "https://github.com/ckolivas/lrzip"
},
{
"type": "WEB",
"url": "https://github.com/user-attachments/files/21726331/PoC_NPD.zip"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.344931"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.344931"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.752603"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.