CWE-395
AllowedUse of NullPointerException Catch to Detect NULL Pointer Dereference
Abstraction: Base · Status: Draft
Catching NullPointerException should not be used as an alternative to programmatic checks to prevent dereferencing a null pointer.
30 vulnerabilities reference this CWE, most recent first.
GHSA-C8H7-RW5F-PM89
Vulnerability from github – Published: 2023-05-10 15:30 – Updated: 2024-04-04 04:00Null pointer dereference for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable information disclosure via local access.
{
"affected": [],
"aliases": [
"CVE-2022-42878"
],
"database_specific": {
"cwe_ids": [
"CWE-395",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-10T14:15:23Z",
"severity": "MODERATE"
},
"details": "Null pointer dereference for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable information disclosure via local access.",
"id": "GHSA-c8h7-rw5f-pm89",
"modified": "2024-04-04T04:00:01Z",
"published": "2023-05-10T15:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42878"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00805.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-CF2P-HQC9-VHMW
Vulnerability from github – Published: 2024-04-10 15:30 – Updated: 2024-08-22 21:31FreeChart v1.5.4 was discovered to contain a NullPointerException via the component /labels/BubbleXYItemLabelGenerator.java.
{
"affected": [],
"aliases": [
"CVE-2024-23076"
],
"database_specific": {
"cwe_ids": [
"CWE-395",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-10T12:15:09Z",
"severity": "HIGH"
},
"details": "FreeChart v1.5.4 was discovered to contain a NullPointerException via the component /labels/BubbleXYItemLabelGenerator.java.",
"id": "GHSA-cf2p-hqc9-vhmw",
"modified": "2024-08-22T21:31:27Z",
"published": "2024-04-10T15:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23076"
},
{
"type": "WEB",
"url": "https://gist.github.com/LLM4IG/115de1f7c3051403f0301cee0d293518"
},
{
"type": "WEB",
"url": "https://github.com/jfree/jfreechart"
},
{
"type": "WEB",
"url": "http://jfreechart.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G9V3-RGCC-7JQH
Vulnerability from github – Published: 2024-11-13 21:30 – Updated: 2024-11-13 21:30NULL pointer dereference in some Intel(R) Optane(TM) PMem Management software versions before CR_MGMT_02.00.00.4040, CR_MGMT_03.00.00.0499 may allow a authenticated user to potentially enable denial of service via local access.
{
"affected": [],
"aliases": [
"CVE-2024-36275"
],
"database_specific": {
"cwe_ids": [
"CWE-395"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-13T21:15:22Z",
"severity": "MODERATE"
},
"details": "NULL pointer dereference in some Intel(R) Optane(TM) PMem Management software versions before CR_MGMT_02.00.00.4040, CR_MGMT_03.00.00.0499 may allow a authenticated user to potentially enable denial of service via local access.",
"id": "GHSA-g9v3-rgcc-7jqh",
"modified": "2024-11-13T21:30:37Z",
"published": "2024-11-13T21:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36275"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01189.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-HWGQ-3F27-H736
Vulnerability from github – Published: 2024-05-16 21:31 – Updated: 2024-05-16 21:31Null pointer dereference for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable denial of service via local access.
{
"affected": [],
"aliases": [
"CVE-2023-41082"
],
"database_specific": {
"cwe_ids": [
"CWE-395"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-16T21:15:54Z",
"severity": "MODERATE"
},
"details": "Null pointer dereference for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable denial of service via local access.",
"id": "GHSA-hwgq-3f27-h736",
"modified": "2024-05-16T21:31:59Z",
"published": "2024-05-16T21:31:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41082"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01021.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-JW85-MC7H-C36V
Vulnerability from github – Published: 2022-08-17 00:00 – Updated: 2022-08-19 00:00When rendering with headless builds, show an error instead of crashing. Previously GPU_backend_init was called indirectly from DRW_opengl_context_create, a new function is now called from the window manager (GPU_backend_init_once), so it's possible to check if the GPU has a back-end. This also disables the bgl Python module when building WITH_HEADLESS.
{
"affected": [],
"aliases": [
"CVE-2022-2832"
],
"database_specific": {
"cwe_ids": [
"CWE-395",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-16T21:15:00Z",
"severity": "HIGH"
},
"details": "When rendering with headless builds, show an error instead of crashing. Previously GPU_backend_init was called indirectly from DRW_opengl_context_create, a new function is now called from the window manager (GPU_backend_init_once), so it\u0027s possible to check if the GPU has a back-end. This also disables the bgl Python module when building WITH_HEADLESS.",
"id": "GHSA-jw85-mc7h-c36v",
"modified": "2022-08-19T00:00:21Z",
"published": "2022-08-17T00:00:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2832"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2022:7058"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2022-2832"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118556"
},
{
"type": "WEB",
"url": "https://developer.blender.org/D15463"
},
{
"type": "WEB",
"url": "https://developer.blender.org/T99706"
},
{
"type": "WEB",
"url": "https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MFP8-JPMH-X36J
Vulnerability from github – Published: 2025-09-11 15:31 – Updated: 2025-11-05 00:31[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.]
There are multiple issues related to the handling and accessing of guest memory pages in the viridian code:
-
A NULL pointer dereference in the updating of the reference TSC area. This is CVE-2025-27466.
-
A NULL pointer dereference by assuming the SIM page is mapped when a synthetic timer message has to be delivered. This is CVE-2025-58142.
-
A race in the mapping of the reference TSC page, where a guest can get Xen to free a page while still present in the guest physical to machine (p2m) page tables. This is CVE-2025-58143.
{
"affected": [],
"aliases": [
"CVE-2025-58142"
],
"database_specific": {
"cwe_ids": [
"CWE-395"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-11T14:15:42Z",
"severity": "CRITICAL"
},
"details": "[This CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nThere are multiple issues related to the handling and accessing of guest\nmemory pages in the viridian code:\n\n 1. A NULL pointer dereference in the updating of the reference TSC area.\n This is CVE-2025-27466.\n\n 2. A NULL pointer dereference by assuming the SIM page is mapped when\n a synthetic timer message has to be delivered. This is\n CVE-2025-58142.\n\n 3. A race in the mapping of the reference TSC page, where a guest can\n get Xen to free a page while still present in the guest physical to\n machine (p2m) page tables. This is CVE-2025-58143.",
"id": "GHSA-mfp8-jpmh-x36j",
"modified": "2025-11-05T00:31:26Z",
"published": "2025-09-11T15:31:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58142"
},
{
"type": "WEB",
"url": "https://xenbits.xenproject.org/xsa/advisory-472.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/09/09/1"
},
{
"type": "WEB",
"url": "http://xenbits.xen.org/xsa/advisory-472.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PH8R-8PVQ-X7XC
Vulnerability from github – Published: 2024-05-16 21:32 – Updated: 2024-05-16 21:32NULL pointer dereference in some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable information disclosure via local access.
{
"affected": [],
"aliases": [
"CVE-2023-48727"
],
"database_specific": {
"cwe_ids": [
"CWE-395"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-16T21:16:01Z",
"severity": "LOW"
},
"details": "NULL pointer dereference in some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable information disclosure via local access.",
"id": "GHSA-ph8r-8pvq-x7xc",
"modified": "2024-05-16T21:32:01Z",
"published": "2024-05-16T21:32:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48727"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-V9X5-9RJ9-J343
Vulnerability from github – Published: 2024-02-29 21:30 – Updated: 2024-08-01 15:31D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_4110f4(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
{
"affected": [],
"aliases": [
"CVE-2024-27662"
],
"database_specific": {
"cwe_ids": [
"CWE-395",
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-29T20:15:41Z",
"severity": "MODERATE"
},
"details": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_4110f4(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.",
"id": "GHSA-v9x5-9rj9-j343",
"modified": "2024-08-01T15:31:29Z",
"published": "2024-02-29T21:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27662"
},
{
"type": "WEB",
"url": "https://calm-healer-839.notion.site/D-LINK-DIR-823G-NPD-0x4116F0-5befc4a65457482c8c4dcb16910ab820?pvs=4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WX7G-7G56-C87J
Vulnerability from github – Published: 2025-09-11 15:31 – Updated: 2025-11-05 00:31[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.]
There are multiple issues related to the handling and accessing of guest memory pages in the viridian code:
-
A NULL pointer dereference in the updating of the reference TSC area. This is CVE-2025-27466.
-
A NULL pointer dereference by assuming the SIM page is mapped when a synthetic timer message has to be delivered. This is CVE-2025-58142.
-
A race in the mapping of the reference TSC page, where a guest can get Xen to free a page while still present in the guest physical to machine (p2m) page tables. This is CVE-2025-58143.
{
"affected": [],
"aliases": [
"CVE-2025-27466"
],
"database_specific": {
"cwe_ids": [
"CWE-395"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-11T14:15:41Z",
"severity": "CRITICAL"
},
"details": "[This CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nThere are multiple issues related to the handling and accessing of guest\nmemory pages in the viridian code:\n\n 1. A NULL pointer dereference in the updating of the reference TSC area.\n This is CVE-2025-27466.\n\n 2. A NULL pointer dereference by assuming the SIM page is mapped when\n a synthetic timer message has to be delivered. This is\n CVE-2025-58142.\n\n 3. A race in the mapping of the reference TSC page, where a guest can\n get Xen to free a page while still present in the guest physical to\n machine (p2m) page tables. This is CVE-2025-58143.",
"id": "GHSA-wx7g-7g56-c87j",
"modified": "2025-11-05T00:31:26Z",
"published": "2025-09-11T15:31:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27466"
},
{
"type": "WEB",
"url": "https://xenbits.xenproject.org/xsa/advisory-472.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/09/09/1"
},
{
"type": "WEB",
"url": "http://xenbits.xen.org/xsa/advisory-472.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X33V-F3GP-GW2C
Vulnerability from github – Published: 2022-05-14 02:10 – Updated: 2024-10-15 16:20bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef."
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "pymongo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2013-2132"
],
"database_specific": {
"cwe_ids": [
"CWE-395"
],
"github_reviewed": true,
"github_reviewed_at": "2022-07-08T19:07:51Z",
"nvd_published_at": "2013-08-15T17:55:00Z",
"severity": "MODERATE"
},
"details": "bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an \"invalid DBRef.\"",
"id": "GHSA-x33v-f3gp-gw2c",
"modified": "2024-10-15T16:20:38Z",
"published": "2022-05-14T02:10:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2132"
},
{
"type": "WEB",
"url": "https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2"
},
{
"type": "WEB",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710597"
},
{
"type": "PACKAGE",
"url": "https://github.com/mongodb/mongo-python-driver"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/pymongo/PYSEC-2013-30.yaml"
},
{
"type": "WEB",
"url": "https://jira.mongodb.org/browse/PYTHON-532"
},
{
"type": "WEB",
"url": "https://lists.opensuse.org/opensuse-updates/2013-06/msg00180.html"
},
{
"type": "WEB",
"url": "https://seclists.org/oss-sec/2013/q2/447"
},
{
"type": "WEB",
"url": "https://ubuntu.com/usn/usn-1897-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2013/dsa-2705"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Use of NullPointerException Catch to Detect NULL Pointer Dereference in Pymongo"
}
Mitigation
Do not extensively rely on catching exceptions (especially for validating user input) to handle errors. Handling exceptions can decrease the performance of an application.
No CAPEC attack patterns related to this CWE.