CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-5444-33R6-WMW7
Vulnerability from github – Published: 2022-01-07 00:00 – Updated: 2023-05-27 06:30A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1via ShiftMetaOffset.isra, which causes a Denial of Service (context-dependent).
{
"affected": [],
"aliases": [
"CVE-2021-46044"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-06T21:15:00Z",
"severity": "MODERATE"
},
"details": "A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1via ShiftMetaOffset.isra, which causes a Denial of Service (context-dependent).",
"id": "GHSA-5444-33r6-wmw7",
"modified": "2023-05-27T06:30:37Z",
"published": "2022-01-07T00:00:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46044"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/issues/2006"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5411"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-544Q-M99H-WG4H
Vulnerability from github – Published: 2025-12-18 21:31 – Updated: 2025-12-19 18:31A denial-of-service vulnerability exists in the omec-project UPF (component upf-epc/pfcpiface) up to at least version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Association Setup Request that is missing the mandatory NodeID Information Element, the association setup handler dereferences a nil pointer instead of validating the message, causing a panic and terminating the UPF process. An attacker who can send PFCP Association Setup Request messages to the UPF's N4/PFCP endpoint can exploit this issue to repeatedly crash the UPF and disrupt user-plane services.
{
"affected": [],
"aliases": [
"CVE-2025-65563"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-18T19:16:33Z",
"severity": "HIGH"
},
"details": "A denial-of-service vulnerability exists in the omec-project UPF (component upf-epc/pfcpiface) up to at least version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Association Setup Request that is missing the mandatory NodeID Information Element, the association setup handler dereferences a nil pointer instead of validating the message, causing a panic and terminating the UPF process. An attacker who can send PFCP Association Setup Request messages to the UPF\u0027s N4/PFCP endpoint can exploit this issue to repeatedly crash the UPF and disrupt user-plane services.",
"id": "GHSA-544q-m99h-wg4h",
"modified": "2025-12-19T18:31:12Z",
"published": "2025-12-18T21:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65563"
},
{
"type": "WEB",
"url": "https://github.com/omec-project/upf/issues/955"
},
{
"type": "WEB",
"url": "https://github.com/omec-project/upf/pull/963"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-544V-7W28-M77X
Vulnerability from github – Published: 2022-08-31 00:00 – Updated: 2022-09-07 00:01res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation.
{
"affected": [],
"aliases": [
"CVE-2021-46837"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-30T07:15:00Z",
"severity": "MODERATE"
},
"details": "res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation.",
"id": "GHSA-544v-7w28-m77x",
"modified": "2022-09-07T00:01:49Z",
"published": "2022-08-31T00:00:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46837"
},
{
"type": "WEB",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-006.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5285"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-547M-23X7-CXG5
Vulnerability from github – Published: 2024-01-03 09:30 – Updated: 2024-11-22 18:17Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "PaddlePaddle"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.6.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-52302"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": true,
"github_reviewed_at": "2024-01-03T20:10:38Z",
"nvd_published_at": "2024-01-03T09:15:09Z",
"severity": "MODERATE"
},
"details": "Nullptr in paddle.nextafter\u00a0in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.\n\n\n\n",
"id": "GHSA-547m-23x7-cxg5",
"modified": "2024-11-22T18:17:42Z",
"published": "2024-01-03T09:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52302"
},
{
"type": "WEB",
"url": "https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc"
},
{
"type": "PACKAGE",
"url": "https://github.com/PaddlePaddle/Paddle"
},
{
"type": "WEB",
"url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-011.md"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-134.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "PaddlePaddle null pointer dereference in paddle.nextafter"
}
GHSA-54CH-GJQ5-4976
Vulnerability from github – Published: 2022-05-24 22:12 – Updated: 2022-05-24 22:12Impact
There is a potential for segfault / denial of service in TensorFlow by calling tf.compat.v1.* ops which don't yet have support for quantized types (added after migration to TF 2.x):
import numpy as np
import tensorflow as tf
tf.compat.v1.placeholder_with_default(input=np.array([2]),shape=tf.constant(dtype=tf.qint8, value=np.array([1])))
In these scenarios, since the kernel is missing, a nullptr value is passed to ParseDimensionValue for the py_value argument. Then, this is dereferenced, resulting in segfault.
Patches
We have patched the issue in GitHub commit 237822b59fc504dda2c564787f5d3ad9c4aa62d9.
The fix will be included in TensorFlow 2.9.0. We will also cherrypick this commit on TensorFlow 2.8.1, TensorFlow 2.7.2, and TensorFlow 2.6.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Hong Jin from Singapore Management University.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.6.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.6.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.6.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-29205"
],
"database_specific": {
"cwe_ids": [
"CWE-476",
"CWE-908"
],
"github_reviewed": true,
"github_reviewed_at": "2022-05-24T22:12:52Z",
"nvd_published_at": "2022-05-20T23:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nThere is a potential for segfault / denial of service in TensorFlow by calling `tf.compat.v1.*` ops which don\u0027t yet have support for quantized types (added after migration to TF 2.x):\n\n```python\nimport numpy as np\nimport tensorflow as tf\n\ntf.compat.v1.placeholder_with_default(input=np.array([2]),shape=tf.constant(dtype=tf.qint8, value=np.array([1])))\n```\n\nIn these scenarios, since the kernel is missing, a [`nullptr` value is passed](https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/eager/pywrap_tfe_src.cc#L480-L482) to [`ParseDimensionValue`](https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/eager/pywrap_tfe_src.cc#L296-L320) for the `py_value` argument. Then, this is dereferenced, resulting in segfault.\n\n### Patches\nWe have patched the issue in GitHub commit [237822b59fc504dda2c564787f5d3ad9c4aa62d9](https://github.com/tensorflow/tensorflow/commit/237822b59fc504dda2c564787f5d3ad9c4aa62d9).\n\nThe fix will be included in TensorFlow 2.9.0. We will also cherrypick this commit on TensorFlow 2.8.1, TensorFlow 2.7.2, and TensorFlow 2.6.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by Hong Jin from Singapore Management University.",
"id": "GHSA-54ch-gjq5-4976",
"modified": "2022-05-24T22:12:52Z",
"published": "2022-05-24T22:12:52Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-54ch-gjq5-4976"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29205"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/237822b59fc504dda2c564787f5d3ad9c4aa62d9"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/eager/pywrap_tfe_src.cc#L296-L320"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/eager/pywrap_tfe_src.cc#L480-L482"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Segfault due to missing support for quantized types"
}
GHSA-54H6-8X6R-VR9V
Vulnerability from github – Published: 2022-05-17 00:26 – Updated: 2022-05-17 00:26An issue was discovered in Irssi before 1.0.4. When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer.
{
"affected": [],
"aliases": [
"CVE-2017-10965"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-07T14:29:00Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in Irssi before 1.0.4. When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer.",
"id": "GHSA-54h6-8x6r-vr9v",
"modified": "2022-05-17T00:26:31Z",
"published": "2022-05-17T00:26:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10965"
},
{
"type": "WEB",
"url": "https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291"
},
{
"type": "WEB",
"url": "https://irssi.org/security/irssi_sa_2017_07.txt"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-4016"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-54HC-GQ3W-C935
Vulnerability from github – Published: 2024-11-19 18:31 – Updated: 2024-11-20 18:32In the Linux kernel, the following vulnerability has been resolved:
drm/i915/hdcp: Add encoder check in hdcp2_get_capability
Add encoder check in intel_hdcp2_get_capability to avoid null pointer error.
{
"affected": [],
"aliases": [
"CVE-2024-53050"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-19T18:15:25Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/hdcp: Add encoder check in hdcp2_get_capability\n\nAdd encoder check in intel_hdcp2_get_capability to avoid\nnull pointer error.",
"id": "GHSA-54hc-gq3w-c935",
"modified": "2024-11-20T18:32:16Z",
"published": "2024-11-19T18:31:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53050"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5b89dcf23575eb5bb95ce8d672cbc2232c2eb096"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d34f4f058edf1235c103ca9c921dc54820d14d40"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-54JG-MRHP-6457
Vulnerability from github – Published: 2024-06-07 00:30 – Updated: 2024-10-15 21:30{
"affected": [],
"aliases": [
"CVE-2024-22525"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-06T22:15:10Z",
"severity": "MODERATE"
},
"details": "dnspod-sr 0dfbd37 contains a SEGV.",
"id": "GHSA-54jg-mrhp-6457",
"modified": "2024-10-15T21:30:35Z",
"published": "2024-06-07T00:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22525"
},
{
"type": "WEB",
"url": "https://github.com/DNSPod/dnspod-sr/issues/61"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-54JH-FPRR-26MW
Vulnerability from github – Published: 2022-05-14 03:32 – Updated: 2025-04-20 03:48drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device.
{
"affected": [],
"aliases": [
"CVE-2017-16646"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-11-07T23:29:00Z",
"severity": "HIGH"
},
"details": "drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device.",
"id": "GHSA-54jh-fprr-26mw",
"modified": "2025-04-20T03:48:09Z",
"published": "2022-05-14T03:32:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16646"
},
{
"type": "WEB",
"url": "https://groups.google.com/d/msg/syzkaller/-d6ilzbVu_g/OBy8_62mAwAJ"
},
{
"type": "WEB",
"url": "https://patchwork.linuxtv.org/patch/45291"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3617-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3617-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3617-3"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3619-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3619-2"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/101846"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-54P3-947H-6FPR
Vulnerability from github – Published: 2022-01-22 00:00 – Updated: 2022-01-28 00:03NULL Pointer Dereference in Homebrew mruby prior to 3.2.
{
"affected": [],
"aliases": [
"CVE-2022-0326"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-21T07:15:00Z",
"severity": "MODERATE"
},
"details": "NULL Pointer Dereference in Homebrew mruby prior to 3.2.",
"id": "GHSA-54p3-947h-6fpr",
"modified": "2022-01-28T00:03:47Z",
"published": "2022-01-22T00:00:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0326"
},
{
"type": "WEB",
"url": "https://github.com/mruby/mruby/commit/b611c43a5de061ec21b343967e1b64c45c373d7e"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/795dcbd9-1695-44bb-8c59-ad327c97c976"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.