CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-4C54-JJ6J-3J34
Vulnerability from github – Published: 2026-05-06 12:30 – Updated: 2026-06-01 18:31In the Linux kernel, the following vulnerability has been resolved:
wifi: wl1251: validate packet IDs before indexing tx_frames
wl1251_tx_packet_cb() uses the firmware completion ID directly to index the fixed 16-entry wl->tx_frames[] array. The ID is a raw u8 from the completion block, and the callback does not currently verify that it fits the array before dereferencing it.
Reject completion IDs that fall outside wl->tx_frames[] and keep the existing NULL check in the same guard. This keeps the fix local to the trust boundary and avoids touching the rest of the completion flow.
{
"affected": [],
"aliases": [
"CVE-2026-43113"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-06T10:16:25Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wl1251: validate packet IDs before indexing tx_frames\n\nwl1251_tx_packet_cb() uses the firmware completion ID directly to index\nthe fixed 16-entry wl-\u003etx_frames[] array. The ID is a raw u8 from the\ncompletion block, and the callback does not currently verify that it\nfits the array before dereferencing it.\n\nReject completion IDs that fall outside wl-\u003etx_frames[] and keep the\nexisting NULL check in the same guard. This keeps the fix local to the\ntrust boundary and avoids touching the rest of the completion flow.",
"id": "GHSA-4c54-jj6j-3j34",
"modified": "2026-06-01T18:31:30Z",
"published": "2026-05-06T12:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43113"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0fd56fad9c56356e7fa7a7c52e7ecbf807a44eb0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/26ee518695c484f75e3606d631278e84bd24ae02"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6509dbece7339dbc8980c706b9d623119a6de105"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8d7465be5163a923ee5d7459719ef5a021c1584a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a8a11a876f0a97061ee5d9e61d0f5a0df7e241c7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b6ba1eacf276063ebeefbbae8056043c24f2efaf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/df15adc692a802636dd3f258fc7cca8bf7a0ed9a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e0dc1ad870d6788b049bfe1511ac75b2333a7550"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4C88-2H2M-GJMM
Vulnerability from github – Published: 2024-09-27 15:30 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix smatch static checker warning
adev->gfx.imu.funcs could be NULL
{
"affected": [],
"aliases": [
"CVE-2024-46835"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-27T13:15:15Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix smatch static checker warning\n\nadev-\u003egfx.imu.funcs could be NULL",
"id": "GHSA-4c88-2h2m-gjmm",
"modified": "2025-11-04T00:31:31Z",
"published": "2024-09-27T15:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46835"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8bc7b3ce33e64c74211ed17aec823fc4e523426a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bdbdc7cecd00305dc844a361f9883d3a21022027"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c2056c7a840f0dbf293bc3b0d91826d001668fb0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d40c2c3dd0395fe7fdc19bd96551e87251426d66"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4C94-48C4-M77X
Vulnerability from github – Published: 2022-05-14 01:57 – Updated: 2025-04-20 03:32The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command.
{
"affected": [],
"aliases": [
"CVE-2016-8690"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-02-15T19:59:00Z",
"severity": "MODERATE"
},
"details": "The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command.",
"id": "GHSA-4c94-48c4-m77x",
"modified": "2025-04-20T03:32:56Z",
"published": "2022-05-14T01:57:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8690"
},
{
"type": "WEB",
"url": "https://github.com/mdadams/jasper/commit/8f62b4761711d036fd8964df256b938c809b7fca"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1208"
},
{
"type": "WEB",
"url": "https://blogs.gentoo.org/ago/2016/10/16/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385499"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00023.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/08/23/6"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/10/16/14"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/93590"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4CMC-V7WX-GXJQ
Vulnerability from github – Published: 2026-02-10 18:30 – Updated: 2026-02-10 18:30After Effects versions 25.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2026-21350"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-10T18:16:32Z",
"severity": "MODERATE"
},
"details": "After Effects versions 25.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-4cmc-v7wx-gxjq",
"modified": "2026-02-10T18:30:42Z",
"published": "2026-02-10T18:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21350"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/after_effects/apsb26-15.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4CPF-HVFQ-QWQ6
Vulnerability from github – Published: 2021-11-23 00:00 – Updated: 2022-03-17 00:06Adobe Prelude version 10.1 (and earlier) is affected by an improper input validation vulnerability in the XDCAMSAM directory. An unauthenticated attacker could leverage this vulnerability to execute arbitrary code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2021-42733"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-22T16:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Prelude version 10.1 (and earlier) is affected by an improper input validation vulnerability in the XDCAMSAM directory. An unauthenticated attacker could leverage this vulnerability to execute arbitrary code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-4cpf-hvfq-qwq6",
"modified": "2022-03-17T00:06:43Z",
"published": "2021-11-23T00:00:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42733"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/bridge/apsb21-94.html"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/prelude/apsb21-96.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4CRX-48P2-6MJX
Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-05-24 19:15An issue was discovered in gravity through 0.8.1. A NULL pointer dereference exists in the function ircode_register_pop_context_protect() located in gravity_ircode.c. It allows an attacker to cause Denial of Service.
{
"affected": [],
"aliases": [
"CVE-2021-32284"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-20T16:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in gravity through 0.8.1. A NULL pointer dereference exists in the function ircode_register_pop_context_protect() located in gravity_ircode.c. It allows an attacker to cause Denial of Service.",
"id": "GHSA-4crx-48p2-6mjx",
"modified": "2022-05-24T19:15:13Z",
"published": "2022-05-24T19:15:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32284"
},
{
"type": "WEB",
"url": "https://github.com/marcobambini/gravity/issues/321"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-4CXP-JJ37-CMRX
Vulnerability from github – Published: 2025-01-22 00:33 – Updated: 2025-01-23 15:31A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP Initial UE Message packet missing an expected EUTRAN_CGI field.
{
"affected": [],
"aliases": [
"CVE-2023-37033"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-21T23:15:10Z",
"severity": "MODERATE"
},
"details": "A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma \u003c= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `Initial UE Message` packet missing an expected `EUTRAN_CGI` field.",
"id": "GHSA-4cxp-jj37-cmrx",
"modified": "2025-01-23T15:31:05Z",
"published": "2025-01-22T00:33:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37033"
},
{
"type": "WEB",
"url": "https://cellularsecurity.org/ransacked"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4F59-X6GM-7H9H
Vulnerability from github – Published: 2022-05-17 00:14 – Updated: 2022-05-17 00:14TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730010 DeviceIoControl request to \.\Viragtlt.
{
"affected": [],
"aliases": [
"CVE-2017-17049"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-11-29T03:29:00Z",
"severity": "HIGH"
},
"details": "TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730010 DeviceIoControl request to \\\\.\\Viragtlt.",
"id": "GHSA-4f59-x6gm-7h9h",
"modified": "2022-05-17T00:14:09Z",
"published": "2022-05-17T00:14:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17049"
},
{
"type": "WEB",
"url": "https://github.com/k0keoyo/Vir.IT-explorer-Anti-Virus-Null-Pointer-Reference-PoC/tree/master/VirIT_NullPointerReference_0x82730010"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4F5W-42G5-F95Q
Vulnerability from github – Published: 2026-01-13 21:31 – Updated: 2026-01-13 21:31Illustrator versions 29.8.3, 30.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2026-21288"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-13T19:16:26Z",
"severity": "MODERATE"
},
"details": "Illustrator versions 29.8.3, 30.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-4f5w-42g5-f95q",
"modified": "2026-01-13T21:31:44Z",
"published": "2026-01-13T21:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21288"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/illustrator/apsb26-03.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4F5W-5X35-7VGH
Vulnerability from github – Published: 2022-05-14 00:53 – Updated: 2022-05-14 00:53An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c can be a NULL value that is mishandled in an atoi call.
{
"affected": [],
"aliases": [
"CVE-2018-14884"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-08-03T13:29:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c can be a NULL value that is mishandled in an atoi call.",
"id": "GHSA-4f5w-5x35-7vgh",
"modified": "2022-05-14T00:53:49Z",
"published": "2022-05-14T00:53:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14884"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"type": "WEB",
"url": "https://bugs.php.net/bug.php?id=75535"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20181107-0003"
},
{
"type": "WEB",
"url": "http://php.net/ChangeLog-7.php"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.