CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6305 vulnerabilities reference this CWE, most recent first.
GHSA-665F-P6V8-5227
Vulnerability from github – Published: 2025-03-25 15:31 – Updated: 2025-03-25 15:31A vulnerability exists in the RTU500 web server component that can cause a denial of service to the RTU500 CMU application if a specially crafted message sequence is executed on a WebSocket connection. An attacker must be properly authenticated and the test mode function of RTU500 must be enabled to exploit this vulnerability.
The affected CMU will automatically recover itself if an attacker successfully exploits this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2024-10037"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-25T13:15:39Z",
"severity": "MODERATE"
},
"details": "A vulnerability exists in the RTU500 web server component that can cause a denial of service to the RTU500 CMU application if a specially crafted message sequence is executed on a WebSocket connection.\nAn attacker must be properly authenticated and the test mode function of RTU500 must be enabled to exploit this vulnerability.\n\nThe affected CMU will automatically recover itself if an attacker successfully exploits this vulnerability.",
"id": "GHSA-665f-p6v8-5227",
"modified": "2025-03-25T15:31:29Z",
"published": "2025-03-25T15:31:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10037"
},
{
"type": "WEB",
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000207\u0026languageCode=en\u0026Preview=true"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-666J-Q553-89QQ
Vulnerability from github – Published: 2025-08-29 18:30 – Updated: 2025-09-19 18:31A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later
{
"affected": [],
"aliases": [
"CVE-2025-30275"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-29T18:15:40Z",
"severity": "MODERATE"
},
"details": "A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following version:\nQsync Central 4.5.0.7 ( 2025/04/23 ) and later",
"id": "GHSA-666j-q553-89qq",
"modified": "2025-09-19T18:31:21Z",
"published": "2025-08-29T18:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30275"
},
{
"type": "WEB",
"url": "https://www.qnap.com/en/security-advisory/qsa-25-22"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-6676-VP22-397G
Vulnerability from github – Published: 2022-05-14 01:39 – Updated: 2022-05-14 01:39An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_field_set_name() in the file rec-field.c in librec.a.
{
"affected": [],
"aliases": [
"CVE-2019-6460"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-01-16T18:29:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_field_set_name() in the file rec-field.c in librec.a.",
"id": "GHSA-6676-vp22-397g",
"modified": "2022-05-14T01:39:58Z",
"published": "2022-05-14T01:39:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6460"
},
{
"type": "WEB",
"url": "https://github.com/TeamSeri0us/pocs/tree/master/recutils"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-66CX-2VHC-36F5
Vulnerability from github – Published: 2025-04-01 18:30 – Updated: 2025-11-03 21:33In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name()
Add check for the return value of mgmt_alloc_skb() in mgmt_remote_name() to prevent null pointer dereference.
{
"affected": [],
"aliases": [
"CVE-2025-21937"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-01T16:15:24Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name()\n\nAdd check for the return value of mgmt_alloc_skb() in\nmgmt_remote_name() to prevent null pointer dereference.",
"id": "GHSA-66cx-2vhc-36f5",
"modified": "2025-11-03T21:33:24Z",
"published": "2025-04-01T18:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21937"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/37785a01040cb5d11ed0ddbcbf78491fcd073161"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/69fb168b88e4d62cb31cdd725b67ccc5216cfcaf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/88310caff68ae69d0574859f7926a59c1da2d60b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c5845c73cbacf5704169283ef29ca02031a36564"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f2176a07e7b19f73e05c805cf3d130a2999154cb"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-66HJ-W2GX-RG6C
Vulnerability from github – Published: 2024-06-21 12:31 – Updated: 2025-11-04 00:30In the Linux kernel, the following vulnerability has been resolved:
null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues'
Writing 'power' and 'submit_queues' concurrently will trigger kernel panic:
Test script:
modprobe null_blk nr_devices=0 mkdir -p /sys/kernel/config/nullb/nullb0 while true; do echo 1 > submit_queues; echo 4 > submit_queues; done & while true; do echo 1 > power; echo 0 > power; done
Test result:
BUG: kernel NULL pointer dereference, address: 0000000000000148 Oops: 0000 [#1] PREEMPT SMP RIP: 0010:__lock_acquire+0x41d/0x28f0 Call Trace: lock_acquire+0x121/0x450 down_write+0x5f/0x1d0 simple_recursive_removal+0x12f/0x5c0 blk_mq_debugfs_unregister_hctxs+0x7c/0x100 blk_mq_update_nr_hw_queues+0x4a3/0x720 nullb_update_nr_hw_queues+0x71/0xf0 [null_blk] nullb_device_submit_queues_store+0x79/0xf0 [null_blk] configfs_write_iter+0x119/0x1e0 vfs_write+0x326/0x730 ksys_write+0x74/0x150
This is because del_gendisk() can concurrent with blk_mq_update_nr_hw_queues():
nullb_device_power_store nullb_apply_submit_queues null_del_dev del_gendisk nullb_update_nr_hw_queues if (!dev->nullb) // still set while gendisk is deleted return 0 blk_mq_update_nr_hw_queues dev->nullb = NULL
Fix this problem by resuing the global mutex to protect nullb_device_power_store() and nullb_update_nr_hw_queues() from configfs.
{
"affected": [],
"aliases": [
"CVE-2024-36478"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-21T11:15:10Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnull_blk: fix null-ptr-dereference while configuring \u0027power\u0027 and \u0027submit_queues\u0027\n\nWriting \u0027power\u0027 and \u0027submit_queues\u0027 concurrently will trigger kernel\npanic:\n\nTest script:\n\nmodprobe null_blk nr_devices=0\nmkdir -p /sys/kernel/config/nullb/nullb0\nwhile true; do echo 1 \u003e submit_queues; echo 4 \u003e submit_queues; done \u0026\nwhile true; do echo 1 \u003e power; echo 0 \u003e power; done\n\nTest result:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000148\nOops: 0000 [#1] PREEMPT SMP\nRIP: 0010:__lock_acquire+0x41d/0x28f0\nCall Trace:\n \u003cTASK\u003e\n lock_acquire+0x121/0x450\n down_write+0x5f/0x1d0\n simple_recursive_removal+0x12f/0x5c0\n blk_mq_debugfs_unregister_hctxs+0x7c/0x100\n blk_mq_update_nr_hw_queues+0x4a3/0x720\n nullb_update_nr_hw_queues+0x71/0xf0 [null_blk]\n nullb_device_submit_queues_store+0x79/0xf0 [null_blk]\n configfs_write_iter+0x119/0x1e0\n vfs_write+0x326/0x730\n ksys_write+0x74/0x150\n\nThis is because del_gendisk() can concurrent with\nblk_mq_update_nr_hw_queues():\n\nnullb_device_power_store\tnullb_apply_submit_queues\n null_del_dev\n del_gendisk\n\t\t\t\t nullb_update_nr_hw_queues\n\t\t\t\t if (!dev-\u003enullb)\n\t\t\t\t // still set while gendisk is deleted\n\t\t\t\t return 0\n\t\t\t\t blk_mq_update_nr_hw_queues\n dev-\u003enullb = NULL\n\nFix this problem by resuing the global mutex to protect\nnullb_device_power_store() and nullb_update_nr_hw_queues() from configfs.",
"id": "GHSA-66hj-w2gx-rg6c",
"modified": "2025-11-04T00:30:49Z",
"published": "2024-06-21T12:31:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36478"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1d4c8baef435c98e8d5aa7027dc5a9f70834ba16"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5d0495473ee4c1d041b5a917f10446a22c047f47"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a2db328b0839312c169eb42746ec46fc1ab53ed2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/aaadb755f2d684f715a6eb85cb7243aa0c67dfa9"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-66JR-C3X5-VXXR
Vulnerability from github – Published: 2025-06-10 21:31 – Updated: 2025-06-10 21:31Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2025-47111"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-10T19:15:33Z",
"severity": "MODERATE"
},
"details": "Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-66jr-c3x5-vxxr",
"modified": "2025-06-10T21:31:23Z",
"published": "2025-06-10T21:31:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47111"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb25-57.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-66PX-G893-98MJ
Vulnerability from github – Published: 2022-05-24 17:10 – Updated: 2022-05-24 17:10Pale Moon 28.8.x before 28.8.4 has a segmentation fault related to module scripting, as demonstrated by a Lacoste web site.
{
"affected": [],
"aliases": [
"CVE-2020-9545"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-03-02T01:15:00Z",
"severity": "MODERATE"
},
"details": "Pale Moon 28.8.x before 28.8.4 has a segmentation fault related to module scripting, as demonstrated by a Lacoste web site.",
"id": "GHSA-66px-g893-98mj",
"modified": "2022-05-24T17:10:03Z",
"published": "2022-05-24T17:10:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9545"
},
{
"type": "WEB",
"url": "https://forum.palemoon.org/viewtopic.php?f=37\u0026t=23864"
},
{
"type": "WEB",
"url": "http://www.palemoon.org/releasenotes.shtml"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-66RC-C89H-V5PC
Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference. During the processing of an DNS zone in the DNS management DCE/RPC server, the internal DNS server or the Samba DLZ plugin for BIND9, if the DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS property is set, the server will follow a NULL pointer and terminate. There is no further vulnerability associated with this issue, merely a denial of service.
{
"affected": [],
"aliases": [
"CVE-2018-16852"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-11-28T14:29:00Z",
"severity": "MODERATE"
},
"details": "Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference. During the processing of an DNS zone in the DNS management DCE/RPC server, the internal DNS server or the Samba DLZ plugin for BIND9, if the DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS property is set, the server will follow a NULL pointer and terminate. There is no further vulnerability associated with this issue, merely a denial of service.",
"id": "GHSA-66rc-c89h-v5pc",
"modified": "2022-05-13T01:34:05Z",
"published": "2022-05-13T01:34:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16852"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16852"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202003-52"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20181127-0001"
},
{
"type": "WEB",
"url": "https://www.samba.org/samba/security/CVE-2018-16852.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/106024"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-66W4-34QW-X386
Vulnerability from github – Published: 2022-05-14 00:58 – Updated: 2022-05-14 00:58ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.
{
"affected": [],
"aliases": [
"CVE-2018-19935"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-07T09:29:00Z",
"severity": "HIGH"
},
"details": "ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.",
"id": "GHSA-66w4-34qw-x386",
"modified": "2022-05-14T00:58:06Z",
"published": "2022-05-14T00:58:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19935"
},
{
"type": "WEB",
"url": "https://bugs.php.net/bug.php?id=77020"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00006.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20181221-0003"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4353"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/106143"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6723-3R89-PW82
Vulnerability from github – Published: 2025-05-20 18:30 – Updated: 2025-11-14 18:31In the Linux kernel, the following vulnerability has been resolved:
staging: bcm2835-camera: Initialise dev in v4l2_dev
Commit 42a2f6664e18 ("staging: vc04_services: Move global g_state to vchiq_state") changed mmal_init to pass dev->v4l2_dev.dev to vchiq_mmal_init, however nothing iniitialised dev->v4l2_dev, so we got a NULL pointer dereference.
Set dev->v4l2_dev.dev during bcm2835_mmal_probe. The device pointer could be passed into v4l2_device_register to set it, however that also has other effects that would need additional changes.
{
"affected": [],
"aliases": [
"CVE-2025-37971"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-20T17:15:47Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: bcm2835-camera: Initialise dev in v4l2_dev\n\nCommit 42a2f6664e18 (\"staging: vc04_services: Move global g_state to\nvchiq_state\") changed mmal_init to pass dev-\u003ev4l2_dev.dev to\nvchiq_mmal_init, however nothing iniitialised dev-\u003ev4l2_dev, so we got\na NULL pointer dereference.\n\nSet dev-\u003ev4l2_dev.dev during bcm2835_mmal_probe. The device pointer\ncould be passed into v4l2_device_register to set it, however that also\nhas other effects that would need additional changes.",
"id": "GHSA-6723-3r89-pw82",
"modified": "2025-11-14T18:31:19Z",
"published": "2025-05-20T18:30:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37971"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/06753f49336ab161ea0e249a0720125b81b7b31b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/98698ca0e58734bc5c1c24e5bbc7429f981cd186"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b70bdd4923e8b8edbacde2af83ca337bb7005261"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.