Common Weakness Enumeration

CWE-395

Allowed

Use of NullPointerException Catch to Detect NULL Pointer Dereference

Abstraction: Base · Status: Draft

Catching NullPointerException should not be used as an alternative to programmatic checks to prevent dereferencing a null pointer.

30 vulnerabilities reference this CWE, most recent first.

GHSA-C8H7-RW5F-PM89

Vulnerability from github – Published: 2023-05-10 15:30 – Updated: 2024-04-04 04:00
VLAI
Details

Null pointer dereference for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable information disclosure via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-42878"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-395",
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-10T14:15:23Z",
    "severity": "MODERATE"
  },
  "details": "Null pointer dereference for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable information disclosure via local access.",
  "id": "GHSA-c8h7-rw5f-pm89",
  "modified": "2024-04-04T04:00:01Z",
  "published": "2023-05-10T15:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42878"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00805.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CF2P-HQC9-VHMW

Vulnerability from github – Published: 2024-04-10 15:30 – Updated: 2024-08-22 21:31
VLAI
Details

FreeChart v1.5.4 was discovered to contain a NullPointerException via the component /labels/BubbleXYItemLabelGenerator.java.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-23076"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-395",
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-10T12:15:09Z",
    "severity": "HIGH"
  },
  "details": "FreeChart v1.5.4 was discovered to contain a NullPointerException via the component /labels/BubbleXYItemLabelGenerator.java.",
  "id": "GHSA-cf2p-hqc9-vhmw",
  "modified": "2024-08-22T21:31:27Z",
  "published": "2024-04-10T15:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23076"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/LLM4IG/115de1f7c3051403f0301cee0d293518"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jfree/jfreechart"
    },
    {
      "type": "WEB",
      "url": "http://jfreechart.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G9V3-RGCC-7JQH

Vulnerability from github – Published: 2024-11-13 21:30 – Updated: 2024-11-13 21:30
VLAI
Details

NULL pointer dereference in some Intel(R) Optane(TM) PMem Management software versions before CR_MGMT_02.00.00.4040, CR_MGMT_03.00.00.0499 may allow a authenticated user to potentially enable denial of service via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-36275"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-395"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-13T21:15:22Z",
    "severity": "MODERATE"
  },
  "details": "NULL pointer dereference in some Intel(R) Optane(TM) PMem Management software versions before CR_MGMT_02.00.00.4040, CR_MGMT_03.00.00.0499 may allow a authenticated user to potentially enable denial of service via local access.",
  "id": "GHSA-g9v3-rgcc-7jqh",
  "modified": "2024-11-13T21:30:37Z",
  "published": "2024-11-13T21:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36275"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01189.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-HWGQ-3F27-H736

Vulnerability from github – Published: 2024-05-16 21:31 – Updated: 2024-05-16 21:31
VLAI
Details

Null pointer dereference for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable denial of service via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-41082"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-395"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-16T21:15:54Z",
    "severity": "MODERATE"
  },
  "details": "Null pointer dereference for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable denial of service via local access.",
  "id": "GHSA-hwgq-3f27-h736",
  "modified": "2024-05-16T21:31:59Z",
  "published": "2024-05-16T21:31:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41082"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01021.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JW85-MC7H-C36V

Vulnerability from github – Published: 2022-08-17 00:00 – Updated: 2022-08-19 00:00
VLAI
Details

When rendering with headless builds, show an error instead of crashing. Previously GPU_backend_init was called indirectly from DRW_opengl_context_create, a new function is now called from the window manager (GPU_backend_init_once), so it's possible to check if the GPU has a back-end. This also disables the bgl Python module when building WITH_HEADLESS.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-2832"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-395",
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-16T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "When rendering with headless builds, show an error instead of crashing. Previously GPU_backend_init was called indirectly from DRW_opengl_context_create, a new function is now called from the window manager (GPU_backend_init_once), so it\u0027s possible to check if the GPU has a back-end. This also disables the bgl Python module when building WITH_HEADLESS.",
  "id": "GHSA-jw85-mc7h-c36v",
  "modified": "2022-08-19T00:00:21Z",
  "published": "2022-08-17T00:00:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2832"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2022:7058"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2022-2832"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118556"
    },
    {
      "type": "WEB",
      "url": "https://developer.blender.org/D15463"
    },
    {
      "type": "WEB",
      "url": "https://developer.blender.org/T99706"
    },
    {
      "type": "WEB",
      "url": "https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MFP8-JPMH-X36J

Vulnerability from github – Published: 2025-09-11 15:31 – Updated: 2025-11-05 00:31
VLAI
Details

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.]

There are multiple issues related to the handling and accessing of guest memory pages in the viridian code:

  1. A NULL pointer dereference in the updating of the reference TSC area. This is CVE-2025-27466.

  2. A NULL pointer dereference by assuming the SIM page is mapped when a synthetic timer message has to be delivered. This is CVE-2025-58142.

  3. A race in the mapping of the reference TSC page, where a guest can get Xen to free a page while still present in the guest physical to machine (p2m) page tables. This is CVE-2025-58143.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-58142"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-395"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-11T14:15:42Z",
    "severity": "CRITICAL"
  },
  "details": "[This CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nThere are multiple issues related to the handling and accessing of guest\nmemory pages in the viridian code:\n\n 1. A NULL pointer dereference in the updating of the reference TSC area.\n    This is CVE-2025-27466.\n\n 2. A NULL pointer dereference by assuming the SIM page is mapped when\n    a synthetic timer message has to be delivered.  This is\n    CVE-2025-58142.\n\n 3. A race in the mapping of the reference TSC page, where a guest can\n    get Xen to free a page while still present in the guest physical to\n    machine (p2m) page tables.  This is CVE-2025-58143.",
  "id": "GHSA-mfp8-jpmh-x36j",
  "modified": "2025-11-05T00:31:26Z",
  "published": "2025-09-11T15:31:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58142"
    },
    {
      "type": "WEB",
      "url": "https://xenbits.xenproject.org/xsa/advisory-472.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/09/09/1"
    },
    {
      "type": "WEB",
      "url": "http://xenbits.xen.org/xsa/advisory-472.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PH8R-8PVQ-X7XC

Vulnerability from github – Published: 2024-05-16 21:32 – Updated: 2024-05-16 21:32
VLAI
Details

NULL pointer dereference in some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable information disclosure via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-48727"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-395"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-16T21:16:01Z",
    "severity": "LOW"
  },
  "details": "NULL pointer dereference in some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable information disclosure via local access.",
  "id": "GHSA-ph8r-8pvq-x7xc",
  "modified": "2024-05-16T21:32:01Z",
  "published": "2024-05-16T21:32:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48727"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V9X5-9RJ9-J343

Vulnerability from github – Published: 2024-02-29 21:30 – Updated: 2024-08-01 15:31
VLAI
Details

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_4110f4(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-27662"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-395",
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-29T20:15:41Z",
    "severity": "MODERATE"
  },
  "details": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_4110f4(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.",
  "id": "GHSA-v9x5-9rj9-j343",
  "modified": "2024-08-01T15:31:29Z",
  "published": "2024-02-29T21:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27662"
    },
    {
      "type": "WEB",
      "url": "https://calm-healer-839.notion.site/D-LINK-DIR-823G-NPD-0x4116F0-5befc4a65457482c8c4dcb16910ab820?pvs=4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WX7G-7G56-C87J

Vulnerability from github – Published: 2025-09-11 15:31 – Updated: 2025-11-05 00:31
VLAI
Details

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.]

There are multiple issues related to the handling and accessing of guest memory pages in the viridian code:

  1. A NULL pointer dereference in the updating of the reference TSC area. This is CVE-2025-27466.

  2. A NULL pointer dereference by assuming the SIM page is mapped when a synthetic timer message has to be delivered. This is CVE-2025-58142.

  3. A race in the mapping of the reference TSC page, where a guest can get Xen to free a page while still present in the guest physical to machine (p2m) page tables. This is CVE-2025-58143.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-27466"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-395"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-11T14:15:41Z",
    "severity": "CRITICAL"
  },
  "details": "[This CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nThere are multiple issues related to the handling and accessing of guest\nmemory pages in the viridian code:\n\n 1. A NULL pointer dereference in the updating of the reference TSC area.\n    This is CVE-2025-27466.\n\n 2. A NULL pointer dereference by assuming the SIM page is mapped when\n    a synthetic timer message has to be delivered.  This is\n    CVE-2025-58142.\n\n 3. A race in the mapping of the reference TSC page, where a guest can\n    get Xen to free a page while still present in the guest physical to\n    machine (p2m) page tables.  This is CVE-2025-58143.",
  "id": "GHSA-wx7g-7g56-c87j",
  "modified": "2025-11-05T00:31:26Z",
  "published": "2025-09-11T15:31:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27466"
    },
    {
      "type": "WEB",
      "url": "https://xenbits.xenproject.org/xsa/advisory-472.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/09/09/1"
    },
    {
      "type": "WEB",
      "url": "http://xenbits.xen.org/xsa/advisory-472.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X33V-F3GP-GW2C

Vulnerability from github – Published: 2022-05-14 02:10 – Updated: 2024-10-15 16:20
VLAI
Summary
Use of NullPointerException Catch to Detect NULL Pointer Dereference in Pymongo
Details

bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef."

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "pymongo"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.5.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2013-2132"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-395"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-08T19:07:51Z",
    "nvd_published_at": "2013-08-15T17:55:00Z",
    "severity": "MODERATE"
  },
  "details": "bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an \"invalid DBRef.\"",
  "id": "GHSA-x33v-f3gp-gw2c",
  "modified": "2024-10-15T16:20:38Z",
  "published": "2022-05-14T02:10:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2132"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2"
    },
    {
      "type": "WEB",
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710597"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/mongodb/mongo-python-driver"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pymongo/PYSEC-2013-30.yaml"
    },
    {
      "type": "WEB",
      "url": "https://jira.mongodb.org/browse/PYTHON-532"
    },
    {
      "type": "WEB",
      "url": "https://lists.opensuse.org/opensuse-updates/2013-06/msg00180.html"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/oss-sec/2013/q2/447"
    },
    {
      "type": "WEB",
      "url": "https://ubuntu.com/usn/usn-1897-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2013/dsa-2705"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Use of NullPointerException Catch to Detect NULL Pointer Dereference in Pymongo"
}

Mitigation
Architecture and Design Implementation

Do not extensively rely on catching exceptions (especially for validating user input) to handle errors. Handling exceptions can decrease the performance of an application.

No CAPEC attack patterns related to this CWE.