Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6298 vulnerabilities reference this CWE, most recent first.

GHSA-F975-788F-CHX9

Vulnerability from github – Published: 2022-05-13 01:31 – Updated: 2022-05-13 01:31
VLAI
Details

In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed packet by a certain executable may cause an untrusted pointer dereference vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-7525"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-03-21T20:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed packet by a certain executable may cause an untrusted pointer dereference vulnerability.",
  "id": "GHSA-f975-788f-chx9",
  "modified": "2022-05-13T01:31:51Z",
  "published": "2022-05-13T01:31:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7525"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/103394"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F98P-Q24C-XW97

Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2022-05-24 19:02
VLAI
Details

A NULL pointer dereference vulnerability exists in eXcall_api.c in Antisip eXosip2 through 5.2.0 when handling certain 3xx redirect responses.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-32611"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-12T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "A NULL pointer dereference vulnerability exists in eXcall_api.c in Antisip eXosip2 through 5.2.0 when handling certain 3xx redirect responses.",
  "id": "GHSA-f98p-q24c-xw97",
  "modified": "2022-05-24T19:02:12Z",
  "published": "2022-05-24T19:02:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32611"
    },
    {
      "type": "WEB",
      "url": "http://git.savannah.nongnu.org/cgit/exosip.git/commit/?id=f2ed389fe84613512cc560127883e51e6cf8c054"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-F9CX-48M4-2XP7

Vulnerability from github – Published: 2022-02-15 00:02 – Updated: 2025-11-04 00:30
VLAI
Details

Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-0582"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476",
      "CWE-74"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-14T22:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file",
  "id": "GHSA-f9cx-48m4-2xp7",
  "modified": "2025-11-04T00:30:30Z",
  "published": "2022-02-15T00:02:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0582"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0582.json"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/wireshark/wireshark/-/issues/17882"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00049.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRJ24JRKLA6XMDKLGVTOPM5KBBU4UHLN"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3DZD2JU56ZI4XV2B3HGVGA5PXQDNA5T"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HRJ24JRKLA6XMDKLGVTOPM5KBBU4UHLN"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V3DZD2JU56ZI4XV2B3HGVGA5PXQDNA5T"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202210-04"
    },
    {
      "type": "WEB",
      "url": "https://www.wireshark.org/security/wnpa-sec-2022-04.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F9FV-GRCF-QQ4W

Vulnerability from github – Published: 2022-05-17 02:42 – Updated: 2022-05-17 02:42
VLAI
Details

In TrustZone in all Android releases from CAF using the Linux kernel, an Untrusted Pointer Dereference vulnerability could potentially exist.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-9949"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-06T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "In TrustZone in all Android releases from CAF using the Linux kernel, an Untrusted Pointer Dereference vulnerability could potentially exist.",
  "id": "GHSA-f9fv-grcf-qq4w",
  "modified": "2022-05-17T02:42:20Z",
  "published": "2022-05-17T02:42:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9949"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2017-05-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/98250"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F9FX-WVGJ-VVXM

Vulnerability from github – Published: 2024-07-29 15:30 – Updated: 2024-08-21 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: ufs: core: Fix ufshcd_abort_one racing issue

When ufshcd_abort_one is racing with the completion ISR, the completed tag of the request's mq_hctx pointer will be set to NULL by ISR. Return success when request is completed by ISR because ufshcd_abort_one does not need to do anything.

The racing flow is:

Thread A ufshcd_err_handler step 1 ... ufshcd_abort_one ufshcd_try_to_abort_task ufshcd_cmd_inflight(true) step 3 ufshcd_mcq_req_to_hwq blk_mq_unique_tag rq->mq_hctx->queue_num step 5

Thread B ufs_mtk_mcq_intr(cq complete ISR) step 2 scsi_done ... __blk_mq_free_request rq->mq_hctx = NULL; step 4

Below is KE back trace. ufshcd_try_to_abort_task: cmd at tag 41 not pending in the device. ufshcd_try_to_abort_task: cmd at tag=41 is cleared. Aborting tag 41 / CDB 0x28 succeeded Unable to handle kernel NULL pointer dereference at virtual address 0000000000000194 pc : [0xffffffddd7a79bf8] blk_mq_unique_tag+0x8/0x14 lr : [0xffffffddd6155b84] ufshcd_mcq_req_to_hwq+0x1c/0x40 [ufs_mediatek_mod_ise] do_mem_abort+0x58/0x118 el1_abort+0x3c/0x5c el1h_64_sync_handler+0x54/0x90 el1h_64_sync+0x68/0x6c blk_mq_unique_tag+0x8/0x14 ufshcd_err_handler+0xae4/0xfa8 [ufs_mediatek_mod_ise] process_one_work+0x208/0x4fc worker_thread+0x228/0x438 kthread+0x104/0x1d4 ret_from_fork+0x10/0x20

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-41053"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-29T15:15:13Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix ufshcd_abort_one racing issue\n\nWhen ufshcd_abort_one is racing with the completion ISR, the completed tag\nof the request\u0027s mq_hctx pointer will be set to NULL by ISR.  Return\nsuccess when request is completed by ISR because ufshcd_abort_one does not\nneed to do anything.\n\nThe racing flow is:\n\nThread A\nufshcd_err_handler\t\t\t\t\tstep 1\n\t...\n\tufshcd_abort_one\n\t\tufshcd_try_to_abort_task\n\t\t\tufshcd_cmd_inflight(true)\tstep 3\n\t\tufshcd_mcq_req_to_hwq\n\t\t\tblk_mq_unique_tag\n\t\t\t\trq-\u003emq_hctx-\u003equeue_num\tstep 5\n\nThread B\nufs_mtk_mcq_intr(cq complete ISR)\t\t\tstep 2\n\tscsi_done\n\t\t...\n\t\t__blk_mq_free_request\n\t\t\trq-\u003emq_hctx = NULL;\t\tstep 4\n\nBelow is KE back trace.\n  ufshcd_try_to_abort_task: cmd at tag 41 not pending in the device.\n  ufshcd_try_to_abort_task: cmd at tag=41 is cleared.\n  Aborting tag 41 / CDB 0x28 succeeded\n  Unable to handle kernel NULL pointer dereference at virtual address 0000000000000194\n  pc : [0xffffffddd7a79bf8] blk_mq_unique_tag+0x8/0x14\n  lr : [0xffffffddd6155b84] ufshcd_mcq_req_to_hwq+0x1c/0x40 [ufs_mediatek_mod_ise]\n   do_mem_abort+0x58/0x118\n   el1_abort+0x3c/0x5c\n   el1h_64_sync_handler+0x54/0x90\n   el1h_64_sync+0x68/0x6c\n   blk_mq_unique_tag+0x8/0x14\n   ufshcd_err_handler+0xae4/0xfa8 [ufs_mediatek_mod_ise]\n   process_one_work+0x208/0x4fc\n   worker_thread+0x228/0x438\n   kthread+0x104/0x1d4\n   ret_from_fork+0x10/0x20",
  "id": "GHSA-f9fx-wvgj-vvxm",
  "modified": "2024-08-21T21:30:45Z",
  "published": "2024-07-29T15:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41053"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/74736103fb4123c71bf11fb7a6abe7c884c5269e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b5a6ac887256762758bfe7f2918cb0233aa544f4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c3111b3cf3889bfa7b73ebff83d7397db9b7e5e0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F9MX-XFWP-HVJF

Vulnerability from github – Published: 2025-12-09 18:30 – Updated: 2025-12-10 21:31
VLAI
Details

A NULL pointer dereference vulnerability in the importDataObject() function of PDF-XChange Editor v10.7.3.401 allows attackers to cause a Denial of Service (DoS) via a crafted input.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-64085"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-09T18:16:04Z",
    "severity": "HIGH"
  },
  "details": "A NULL pointer dereference vulnerability in the importDataObject() function of PDF-XChange Editor v10.7.3.401 allows attackers to cause a Denial of Service (DoS) via a crafted input.",
  "id": "GHSA-f9mx-xfwp-hvjf",
  "modified": "2025-12-10T21:31:31Z",
  "published": "2025-12-09T18:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64085"
    },
    {
      "type": "WEB",
      "url": "https://jeroscope.com/advisories/2025/jero-2025-012"
    },
    {
      "type": "WEB",
      "url": "https://www.pdf-xchange.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F9P9-JG9G-HHQP

Vulnerability from github – Published: 2023-08-22 21:30 – Updated: 2024-04-04 07:07
VLAI
Details

Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-35206"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-22T19:16:23Z",
    "severity": "MODERATE"
  },
  "details": "Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c.",
  "id": "GHSA-f9p9-jg9g-hhqp",
  "modified": "2024-04-04T07:07:12Z",
  "published": "2023-08-22T21:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35206"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29290"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F9Q3-7JWW-GPW7

Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2022-06-29 00:00
VLAI
Details

Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/dot1x process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-20266"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-19T12:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/dot1x process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).",
  "id": "GHSA-f9q3-7jww-gpw7",
  "modified": "2022-06-29T00:00:30Z",
  "published": "2022-05-24T19:02:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20266"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_dot1x/README.md"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/fulldisclosure/2021/May/11"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F9RF-C3R2-696Q

Vulnerability from github – Published: 2024-05-01 06:31 – Updated: 2025-09-18 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

media: nxp: imx8-isi: Check whether crossbar pad is non-NULL before access

When translating source to sink streams in the crossbar subdev, the driver tries to locate the remote subdev connected to the sink pad. The remote pad may be NULL, if userspace tries to enable a stream that ends at an unconnected crossbar sink. When that occurs, the driver dereferences the NULL pad, leading to a crash.

Prevent the crash by checking if the pad is NULL before using it, and return an error if it is.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52647"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-01T06:15:06Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: nxp: imx8-isi: Check whether crossbar pad is non-NULL before access\n\nWhen translating source to sink streams in the crossbar subdev, the\ndriver tries to locate the remote subdev connected to the sink pad. The\nremote pad may be NULL, if userspace tries to enable a stream that ends\nat an unconnected crossbar sink. When that occurs, the driver\ndereferences the NULL pad, leading to a crash.\n\nPrevent the crash by checking if the pad is NULL before using it, and\nreturn an error if it is.",
  "id": "GHSA-f9rf-c3r2-696q",
  "modified": "2025-09-18T15:30:21Z",
  "published": "2024-05-01T06:31:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52647"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/91c8ce42fcde09f1da24acab9013b3e19cb88a4e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c4bd29bf5b7f67925bc1abd16069f22dadf5f061"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c95318607fbe8fdd44991a8dad2e44118e6b8812"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eb2f932100288dbb881eadfed02e1459c6b9504c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F9VG-J4H6-X22W

Vulnerability from github – Published: 2022-06-15 00:00 – Updated: 2022-06-23 00:00
VLAI
Details

Possible null pointer access due to improper validation of system information message to be processed in Snapdragon Industrial IOT, Snapdragon Mobile

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-35087"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-14T10:15:00Z",
    "severity": "HIGH"
  },
  "details": "Possible null pointer access due to improper validation of system information message to be processed in Snapdragon Industrial IOT, Snapdragon Mobile",
  "id": "GHSA-f9vg-j4h6-x22w",
  "modified": "2022-06-23T00:00:28Z",
  "published": "2022-06-15T00:00:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35087"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.