CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-454X-H9G9-7VMJ
Vulnerability from github – Published: 2021-12-22 00:00 – Updated: 2021-12-28 00:01A null pointer dereference vulnerability exists in gpac 1.1.0 in the BD_CheckSFTimeOffset function, which causes a segmentation fault and application crash.
{
"affected": [],
"aliases": [
"CVE-2021-44922"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-21T21:15:00Z",
"severity": "MODERATE"
},
"details": "A null pointer dereference vulnerability exists in gpac 1.1.0 in the BD_CheckSFTimeOffset function, which causes a segmentation fault and application crash.",
"id": "GHSA-454x-h9g9-7vmj",
"modified": "2021-12-28T00:01:06Z",
"published": "2021-12-22T00:00:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44922"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/issues/1969"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-4555-4GMG-WPCM
Vulnerability from github – Published: 2022-04-08 00:00 – Updated: 2022-04-16 00:01An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash.
{
"affected": [],
"aliases": [
"CVE-2022-22513"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-07T19:15:00Z",
"severity": "MODERATE"
},
"details": "An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash.",
"id": "GHSA-4555-4gmg-wpcm",
"modified": "2022-04-16T00:01:30Z",
"published": "2022-04-08T00:00:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22513"
},
{
"type": "WEB",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-458Q-P5FC-J68H
Vulnerability from github – Published: 2022-05-17 00:27 – Updated: 2022-05-17 00:27The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file that is mishandled in the PDF Transparency module.
{
"affected": [],
"aliases": [
"CVE-2016-10220"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-04-03T05:59:00Z",
"severity": "MODERATE"
},
"details": "The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file that is mishandled in the PDF Transparency module.",
"id": "GHSA-458q-p5fc-j68h",
"modified": "2022-05-17T00:27:43Z",
"published": "2022-05-17T00:27:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10220"
},
{
"type": "WEB",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=697450"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201708-06"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3838"
},
{
"type": "WEB",
"url": "http://www.ghostscript.com/cgi-bin/findgit.cgi?daf85701dab05f17e924a48a81edc9195b4a04e8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-45FF-V9GQ-XWW8
Vulnerability from github – Published: 2025-03-12 12:30 – Updated: 2026-05-12 15:30In the Linux kernel, the following vulnerability has been resolved:
smb: client: Add check for next_buffer in receive_encrypted_standard()
Add check for the return value of cifs_buf_get() and cifs_small_buf_get() in receive_encrypted_standard() to prevent null pointer dereference.
{
"affected": [],
"aliases": [
"CVE-2025-21844"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-12T10:15:16Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: Add check for next_buffer in receive_encrypted_standard()\n\nAdd check for the return value of cifs_buf_get() and cifs_small_buf_get()\nin receive_encrypted_standard() to prevent null pointer dereference.",
"id": "GHSA-45ff-v9gq-xww8",
"modified": "2026-05-12T15:30:50Z",
"published": "2025-03-12T12:30:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21844"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/24e8e4523d3071bc5143b0db9127d511489f7b3b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/554736b583f529ee159aa95af9a0cbc12b5ffc96"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/860ca5e50f73c2a1cef7eefc9d39d04e275417f7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9e5d99a4cf2e23c716b44862975548415fae5391"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a9b0b4b29877cb4dc5d0842b59b5ccbacddb85bd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f277e479eea3d1aa18bc712abe1d2bf3dece2e30"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f618aeb6cad2307e48a641379db610abcf593edf"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-45H5-CQQW-9RJW
Vulnerability from github – Published: 2022-05-14 03:07 – Updated: 2024-09-06 15:28A NULL pointer dereference (DoS) Vulnerability was found in the function aubio_source_avcodec_readframe in io/source_avcodec.c of aubio, which may lead to DoS when playing a crafted audio file.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "aubio"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.4.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2017-17554"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": true,
"github_reviewed_at": "2023-08-02T22:37:01Z",
"nvd_published_at": "2017-12-12T01:29:00Z",
"severity": "MODERATE"
},
"details": "A NULL pointer dereference (DoS) Vulnerability was found in the function `aubio_source_avcodec_readframe` in io/source_avcodec.c of aubio, which may lead to DoS when playing a crafted audio file.",
"id": "GHSA-45h5-cqqw-9rjw",
"modified": "2024-09-06T15:28:38Z",
"published": "2022-05-14T03:07:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17554"
},
{
"type": "WEB",
"url": "https://github.com/aubio/aubio/commit/a81b12a3b4174953b3bc7ef4c37103f4d5636740"
},
{
"type": "WEB",
"url": "https://github.com/IvanCql/vulnerability/blob/master/An%20NULL%20pointer%20dereference(DoS)%20Vulnerability%20was%20found%20in%20function%20%20aubio_source_avcodec_readframe%20of%20aubio.md"
},
{
"type": "PACKAGE",
"url": "https://github.com/aubio/aubio"
},
{
"type": "WEB",
"url": "https://github.com/aubio/aubio/blob/0.4.7/ChangeLog"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/aubio/PYSEC-2017-76.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Aubio is vulnerable to a NULL pointer dereference"
}
GHSA-45PW-H44C-JMQC
Vulnerability from github – Published: 2023-12-25 09:30 – Updated: 2023-12-29 21:30C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_rate_decompress at zfp/blosc2-zfp.c.
{
"affected": [],
"aliases": [
"CVE-2023-37188"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-25T07:15:09Z",
"severity": "HIGH"
},
"details": "C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_rate_decompress at zfp/blosc2-zfp.c.",
"id": "GHSA-45pw-h44c-jmqc",
"modified": "2023-12-29T21:30:46Z",
"published": "2023-12-25T09:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37188"
},
{
"type": "WEB",
"url": "https://github.com/Blosc/c-blosc2/issues/521"
},
{
"type": "WEB",
"url": "https://github.com/Blosc/c-blosc2/commit/425e8a9a59d49378d57e2116b6c9b0190a5986f5"
},
{
"type": "WEB",
"url": "https://github.com/Blosc/c-blosc2/compare/v2.9.2...v2.9.3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-45R6-RWFW-29CQ
Vulnerability from github – Published: 2022-05-24 17:31 – Updated: 2022-05-24 17:31In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.
{
"affected": [],
"aliases": [
"CVE-2018-18508"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-10-22T21:15:00Z",
"severity": "MODERATE"
},
"details": "In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.",
"id": "GHSA-45r6-rwfw-29cq",
"modified": "2022-05-24T17:31:54Z",
"published": "2022-05-24T17:31:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18508"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
},
{
"type": "WEB",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.7_release_notes"
},
{
"type": "WEB",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes"
},
{
"type": "WEB",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-45RH-35P3-X338
Vulnerability from github – Published: 2025-04-23 21:30 – Updated: 2025-11-03 21:33Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via read_arcobject function.
{
"affected": [],
"aliases": [
"CVE-2025-46400"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-23T21:15:17Z",
"severity": "HIGH"
},
"details": "Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via read_arcobject function.",
"id": "GHSA-45rh-35p3-x338",
"modified": "2025-11-03T21:33:41Z",
"published": "2025-04-23T21:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46400"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-46400"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362054"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00043.html"
},
{
"type": "WEB",
"url": "https://sourceforge.net/p/mcj/tickets/187"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-45W3-V3G4-54PM
Vulnerability from github – Published: 2022-02-11 19:11 – Updated: 2022-09-12 20:44Impact
Several vulnerabilities have been reported in the time and chrono crates related to handling of calls to localtime_r. You can follow some of the discussions here and here, and the associated CVE here. In our case, the issue with the dependency was flagged by our nightly CI build running cargo-audit.
The vulnerability leads to a segfault in specific circumstances - namely, when one of a number of functions in the time crate is called while any other thread is setting an environment variable. Given that in the case of the Parsec service this affects the SPIFFE authenticator, Parsec service users can encounter the issue only when the JWT SVID authenticator is enabled and being used. We have not undergone any manual tracing to understand if the vulnerable methods are called anywhere in our stack, however it seems reasonable to expect that if that were to be the case, the issue would lie in JWT validation (i.e. when handling the dates found within a Json Web Token). JWT validation could thus fail, bringing down the thread in which the request happens. The rest of the threads continue to work. Since the threadpool implementation that we use continues replenishing the pool when one thread panics, the impact on the service should be minimal.
Patches
No current patches exist as the problems lie in a number of dependencies that are not under our control (see more details here).
The issue tracking the required change in the rust-spiffe crate (through which the vulnerable dependencies are imported in Parsec) can be seen here. Once updates happen in our dependency chain that allow us to update beyond the vulnerable versions of time and chrono, a new version of the Parsec service will be tagged and released with the appropriate notifications.
Workarounds
The only complete workaround is to use a different type of authenticator with the Parsec service.
References
As quoted in the initial paragraph, you can find out more information:
* in the chrono repo issue here
* in the time repo issue here
* in the official CVE report here
* in our tracking issue here
For more information:
If you have any questions or comments about this advisory: * Open an issue in the Parsec service repo * Email us at cncf-parsec-maintainers@lists.cncf.io
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "parsec-service"
},
"ranges": [
{
"events": [
{
"introduced": "0.8.0"
},
{
"fixed": "1.1.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": true,
"github_reviewed_at": "2022-02-11T19:11:36Z",
"nvd_published_at": null,
"severity": "LOW"
},
"details": "### Impact\nSeveral vulnerabilities have been reported in the `time` and `chrono` crates related to handling of calls to `localtime_r`. You can follow some of the discussions [here](https://github.com/chronotope/chrono/issues/602) and [here](https://github.com/time-rs/time/issues/293), and the associated CVE [here](https://nvd.nist.gov/vuln/detail/CVE-2020-26235). In our case, the issue with the dependency was flagged by our nightly CI build running [`cargo-audit`](https://github.com/parallaxsecond/parsec/issues/544). \n\nThe vulnerability leads to a segfault in specific circumstances - namely, when one of a number of functions in the `time` crate is called while any other thread is setting an environment variable. Given that in the case of the Parsec service this affects the SPIFFE authenticator, Parsec service users can encounter the issue only when the JWT SVID authenticator is enabled and being used. We have not undergone any manual tracing to understand if the vulnerable methods are called anywhere in our stack, however it seems reasonable to expect that if that were to be the case, the issue would lie in JWT validation (i.e. when handling the dates found within a Json Web Token). JWT validation could thus fail, bringing down the thread in which the request happens. The rest of the threads continue to work. Since the threadpool implementation that we use [continues replenishing the pool](https://docs.rs/threadpool/latest/threadpool/) when one thread panics, the impact on the service should be minimal.\n\n### Patches\nNo current patches exist as the problems lie in a number of dependencies that are not under our control (see more details [here](https://github.com/parallaxsecond/parsec/issues/544#issuecomment-1024185688)).\n\nThe issue tracking the required change in the `rust-spiffe` crate (through which the vulnerable dependencies are imported in Parsec) can be seen [here](https://github.com/maxlambrecht/rust-spiffe/issues/17). Once updates happen in our dependency chain that allow us to update beyond the vulnerable versions of `time` and `chrono`, a new version of the Parsec service will be tagged and released with the appropriate notifications.\n\n### Workarounds\nThe only complete workaround is to use a different type of authenticator with the Parsec service. \n\n### References\nAs quoted in the initial paragraph, you can find out more information:\n* in the `chrono` repo issue [here](https://github.com/chronotope/chrono/issues/602)\n* in the `time` repo issue [here](https://github.com/time-rs/time/issues/293)\n* in the official CVE report [here](https://nvd.nist.gov/vuln/detail/CVE-2020-26235)\n* in our tracking issue [here](https://github.com/parallaxsecond/parsec/issues/544)\n\n### For more information:\nIf you have any questions or comments about this advisory:\n* Open an issue in [the Parsec service repo](https://github.com/parallaxsecond/parsec)\n* Email us at [cncf-parsec-maintainers@lists.cncf.io](mailto:cncf-parsec-maintainers@lists.cncf.io)",
"id": "GHSA-45w3-v3g4-54pm",
"modified": "2022-09-12T20:44:49Z",
"published": "2022-02-11T19:11:36Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/parallaxsecond/parsec/security/advisories/GHSA-45w3-v3g4-54pm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26235"
},
{
"type": "WEB",
"url": "https://github.com/chronotope/chrono/issues/602"
},
{
"type": "WEB",
"url": "https://github.com/parallaxsecond/parsec/issues/544"
},
{
"type": "WEB",
"url": "https://github.com/parallaxsecond/parsec/issues/544#issuecomment-1024185688"
},
{
"type": "WEB",
"url": "https://github.com/time-rs/time/issues/293"
},
{
"type": "PACKAGE",
"url": "https://github.com/parallaxsecond/parsec"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Chrono has potential segfault issue in SPIFFE authenticator"
}
GHSA-463R-P989-2F9J
Vulnerability from github – Published: 2024-07-01 21:31 – Updated: 2024-11-25 18:33Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.
{
"affected": [],
"aliases": [
"CVE-2024-36387"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-01T19:15:03Z",
"severity": "MODERATE"
},
"details": "Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.",
"id": "GHSA-463r-p989-2f9j",
"modified": "2024-11-25T18:33:24Z",
"published": "2024-07-01T21:31:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36387"
},
{
"type": "WEB",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240712-0001"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/07/01/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.