CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-6WMM-RQ3J-5C47
Vulnerability from github – Published: 2026-06-25 09:31 – Updated: 2026-07-07 18:30In the Linux kernel, the following vulnerability has been resolved:
drm/amdkfd: fix NULL dereference in get_queue_ids()
When usr_queue_id_array is NULL and num_queues is non-zero, get_queue_ids() returns NULL. The callers check only IS_ERR() on the return value; since IS_ERR(NULL) == false the check passes, and suspend_queues() calls q_array_invalidate() which immediately dereferences NULL while iterating num_queues times.
Userspace can trigger this via kfd_ioctl_set_debug_trap() by supplying num_queues > 0 with a zero queue_array_ptr, causing a kernel panic.
A NULL usr_queue_id_array with num_queues == 0 is a legitimate no-op (q_array_invalidate never executes, and resume_queues already guards all queue_ids dereferences behind a NULL check). Return ERR_PTR(-EINVAL) only when num_queues is non-zero and the pointer is absent; both callers already propagate IS_ERR() returns correctly to userspace.
(cherry picked from commit f165a82cdf503884bb1797771c61b2fcc72113d4)
{
"affected": [],
"aliases": [
"CVE-2026-53144"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-25T09:16:31Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: fix NULL dereference in get_queue_ids()\n\nWhen usr_queue_id_array is NULL and num_queues is non-zero,\nget_queue_ids() returns NULL. The callers check only IS_ERR() on the\nreturn value; since IS_ERR(NULL) == false the check passes, and\nsuspend_queues() calls q_array_invalidate() which immediately\ndereferences NULL while iterating num_queues times.\n\nUserspace can trigger this via kfd_ioctl_set_debug_trap() by supplying\nnum_queues \u003e 0 with a zero queue_array_ptr, causing a kernel panic.\n\nA NULL usr_queue_id_array with num_queues == 0 is a legitimate no-op\n(q_array_invalidate never executes, and resume_queues already guards\nall queue_ids dereferences behind a NULL check). Return ERR_PTR(-EINVAL)\nonly when num_queues is non-zero and the pointer is absent; both callers\nalready propagate IS_ERR() returns correctly to userspace.\n\n(cherry picked from commit f165a82cdf503884bb1797771c61b2fcc72113d4)",
"id": "GHSA-6wmm-rq3j-5c47",
"modified": "2026-07-07T18:30:28Z",
"published": "2026-06-25T09:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53144"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2bd550b547deabef98bd3b017ff743b7c34d3a6d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/62bd09e23a23da70f9aae02748eba3e6bd93095d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/72e259a32084c42816152c346096d2edd4213e23"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/daeceb0fe2a19651c58bbfa3d9d515ecb6ca8996"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e1965e8913cfbf17622ca12638e7a07f68ba0848"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6WQ6-XJ8V-GVFQ
Vulnerability from github – Published: 2024-06-24 15:31 – Updated: 2025-02-03 18:30In the Linux kernel, the following vulnerability has been resolved:
fpga: region: add owner module and take its refcount
The current implementation of the fpga region assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take the module's refcount. This approach is problematic since it can lead to a null pointer dereference while attempting to get the region during programming if the parent device does not have a driver.
To address this problem, add a module owner pointer to the fpga_region struct and use it to take the module's refcount. Modify the functions for registering a region to take an additional owner module parameter and rename them to avoid conflicts. Use the old function names for helper macros that automatically set the module that registers the region as the owner. This ensures compatibility with existing low-level control modules and reduces the chances of registering a region without setting the owner.
Also, update the documentation to keep it consistent with the new interface for registering an fpga region.
{
"affected": [],
"aliases": [
"CVE-2024-35247"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-24T14:15:12Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfpga: region: add owner module and take its refcount\n\nThe current implementation of the fpga region assumes that the low-level\nmodule registers a driver for the parent device and uses its owner pointer\nto take the module\u0027s refcount. This approach is problematic since it can\nlead to a null pointer dereference while attempting to get the region\nduring programming if the parent device does not have a driver.\n\nTo address this problem, add a module owner pointer to the fpga_region\nstruct and use it to take the module\u0027s refcount. Modify the functions for\nregistering a region to take an additional owner module parameter and\nrename them to avoid conflicts. Use the old function names for helper\nmacros that automatically set the module that registers the region as the\nowner. This ensures compatibility with existing low-level control modules\nand reduces the chances of registering a region without setting the owner.\n\nAlso, update the documentation to keep it consistent with the new interface\nfor registering an fpga region.",
"id": "GHSA-6wq6-xj8v-gvfq",
"modified": "2025-02-03T18:30:37Z",
"published": "2024-06-24T15:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35247"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2279c09c36165ccded4d506d11a7714e13b56019"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/26e6e25d742e29885cf44274fcf6b744366c4702"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4d7d12b643c00e7eea51b49a60a2ead182633ec8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/75a001914a8d2ccdcbe4b8cc7e94ac71d0e66093"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9b4eee8572dcf82b2ed17d9a328c7fb87df2f0e8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b7c0e1ecee403a43abc89eb3e75672b01ff2ece9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6WQW-FV93-6J54
Vulnerability from github – Published: 2025-12-09 18:30 – Updated: 2025-12-09 18:30Null pointer dereference in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2025-62466"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-09T18:15:58Z",
"severity": "HIGH"
},
"details": "Null pointer dereference in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-6wqw-fv93-6j54",
"modified": "2025-12-09T18:30:46Z",
"published": "2025-12-09T18:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62466"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62466"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6WX9-5WQ9-RR87
Vulnerability from github – Published: 2025-09-25 18:30 – Updated: 2025-09-26 21:30A NULL pointer dereference in TOTOLINK N600R firmware v4.3.0cu.7866_B2022506 allows attackers to cause a Denial of Service.
{
"affected": [],
"aliases": [
"CVE-2025-57623"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-25T18:15:43Z",
"severity": "MODERATE"
},
"details": "A NULL pointer dereference in TOTOLINK N600R firmware v4.3.0cu.7866_B2022506 allows attackers to cause a Denial of Service.",
"id": "GHSA-6wx9-5wq9-rr87",
"modified": "2025-09-26T21:30:28Z",
"published": "2025-09-25T18:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57623"
},
{
"type": "WEB",
"url": "https://gist.github.com/z472421519/d17061ea79a72d39fe69c000fa1a6280"
},
{
"type": "WEB",
"url": "https://github.com/z472421519/BinaryAudit/blob/main/PoC/NPD/TOTOLink/CONTENT_LENGTH.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-6X25-7HX6-JXF2
Vulnerability from github – Published: 2024-06-21 12:31 – Updated: 2024-09-09 15:30In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules
rx_create no longer allocates a modify_hdr instance that needs to be cleaned up. The mlx5_modify_header_dealloc call will lead to a NULL pointer dereference. A leak in the rules also previously occurred since there are now two rules populated related to status.
BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 109907067 P4D 109907067 PUD 116890067 PMD 0 Oops: 0000 [#1] SMP CPU: 1 PID: 484 Comm: ip Not tainted 6.9.0-rc2-rrameshbabu+ #254 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS Arch Linux 1.16.3-1-1 04/01/2014 RIP: 0010:mlx5_modify_header_dealloc+0xd/0x70 Call Trace: ? show_regs+0x60/0x70 ? __die+0x24/0x70 ? page_fault_oops+0x15f/0x430 ? free_to_partial_list.constprop.0+0x79/0x150 ? do_user_addr_fault+0x2c9/0x5c0 ? exc_page_fault+0x63/0x110 ? asm_exc_page_fault+0x27/0x30 ? mlx5_modify_header_dealloc+0xd/0x70 rx_create+0x374/0x590 rx_add_rule+0x3ad/0x500 ? rx_add_rule+0x3ad/0x500 ? mlx5_cmd_exec+0x2c/0x40 ? mlx5_create_ipsec_obj+0xd6/0x200 mlx5e_accel_ipsec_fs_add_rule+0x31/0xf0 mlx5e_xfrm_add_state+0x426/0xc00
{
"affected": [],
"aliases": [
"CVE-2024-36281"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-21T11:15:10Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules\n\nrx_create no longer allocates a modify_hdr instance that needs to be\ncleaned up. The mlx5_modify_header_dealloc call will lead to a NULL pointer\ndereference. A leak in the rules also previously occurred since there are\nnow two rules populated related to status.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 109907067 P4D 109907067 PUD 116890067 PMD 0\n Oops: 0000 [#1] SMP\n CPU: 1 PID: 484 Comm: ip Not tainted 6.9.0-rc2-rrameshbabu+ #254\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS Arch Linux 1.16.3-1-1 04/01/2014\n RIP: 0010:mlx5_modify_header_dealloc+0xd/0x70\n \u003csnip\u003e\n Call Trace:\n \u003cTASK\u003e\n ? show_regs+0x60/0x70\n ? __die+0x24/0x70\n ? page_fault_oops+0x15f/0x430\n ? free_to_partial_list.constprop.0+0x79/0x150\n ? do_user_addr_fault+0x2c9/0x5c0\n ? exc_page_fault+0x63/0x110\n ? asm_exc_page_fault+0x27/0x30\n ? mlx5_modify_header_dealloc+0xd/0x70\n rx_create+0x374/0x590\n rx_add_rule+0x3ad/0x500\n ? rx_add_rule+0x3ad/0x500\n ? mlx5_cmd_exec+0x2c/0x40\n ? mlx5_create_ipsec_obj+0xd6/0x200\n mlx5e_accel_ipsec_fs_add_rule+0x31/0xf0\n mlx5e_xfrm_add_state+0x426/0xc00\n \u003csnip\u003e",
"id": "GHSA-6x25-7hx6-jxf2",
"modified": "2024-09-09T15:30:37Z",
"published": "2024-06-21T12:31:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36281"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/16d66a4fa81da07bc4ed19f4e53b87263c2f8d38"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b0a15cde37a8388e57573686f650a17208ae1212"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cc9ac559f2e21894c21ac5b0c85fb24a5cab266c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6X27-FRWR-PW8H
Vulnerability from github – Published: 2026-06-13 00:34 – Updated: 2026-06-13 00:34Null pointer dereference vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus engine process.
This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.64.
{
"affected": [],
"aliases": [
"CVE-2025-7018"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-12T22:16:49Z",
"severity": "MODERATE"
},
"details": "Null pointer dereference vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus engine process.\n\nThis issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.64.",
"id": "GHSA-6x27-frwr-pw8h",
"modified": "2026-06-13T00:34:31Z",
"published": "2026-06-13T00:34:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7018"
},
{
"type": "WEB",
"url": "https://www.gendigital.com/us/en/contact-us/security-advisories"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6X2M-4V7J-22H4
Vulnerability from github – Published: 2022-09-22 00:00 – Updated: 2022-09-23 00:00XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393.
{
"affected": [],
"aliases": [
"CVE-2022-38928"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-21T13:15:00Z",
"severity": "HIGH"
},
"details": "XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393.",
"id": "GHSA-6x2m-4v7j-22h4",
"modified": "2022-09-23T00:00:41Z",
"published": "2022-09-22T00:00:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38928"
},
{
"type": "WEB",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42325\u0026sid=7b08ba9a518a99ce3c5ff40e53fc6421"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6X52-X3XM-XR89
Vulnerability from github – Published: 2025-03-12 00:31 – Updated: 2025-03-12 00:31In the Linux kernel, the following vulnerability has been resolved:
pinctrl: ralink: Check for null return of devm_kcalloc
Because of the possible failure of the allocation, data->domains might be NULL pointer and will cause the dereference of the NULL pointer later. Therefore, it might be better to check it and directly return -ENOMEM without releasing data manually if fails, because the comment of the devm_kmalloc() says "Memory allocated with this function is automatically freed on driver detach.".
{
"affected": [],
"aliases": [
"CVE-2022-49608"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:36Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: ralink: Check for null return of devm_kcalloc\n\nBecause of the possible failure of the allocation, data-\u003edomains might\nbe NULL pointer and will cause the dereference of the NULL pointer\nlater.\nTherefore, it might be better to check it and directly return -ENOMEM\nwithout releasing data manually if fails, because the comment of the\ndevm_kmalloc() says \"Memory allocated with this function is\nautomatically freed on driver detach.\".",
"id": "GHSA-6x52-x3xm-xr89",
"modified": "2025-03-12T00:31:46Z",
"published": "2025-03-12T00:31:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49608"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/13596e6c9e541e90e5fc2c52b23f08b951370da9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/44016a85419ca0d4f1e4d0127b330f8e4e2a57d0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5595d30c4dc27d939635c3188c68203b6ece1711"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5694b162f275fb9a9f89422701b2b963be11e496"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6194c021496addc11763d1ffa89ce5751889fe3c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c3b821e8e406d5650e587b7ac624ac24e9b780a8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6X7G-3W67-HJ7P
Vulnerability from github – Published: 2024-02-14 18:30 – Updated: 2024-12-12 21:30When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based Content Profile for an Allowed URL with "Apply value and content signatures and detect threat campaigns." Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
{
"affected": [],
"aliases": [
"CVE-2024-23308"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-14T17:15:13Z",
"severity": "HIGH"
},
"details": "\nWhen a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based Content Profile for an Allowed URL with \"Apply value and content signatures and detect threat campaigns.\"\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",
"id": "GHSA-6x7g-3w67-hj7p",
"modified": "2024-12-12T21:30:45Z",
"published": "2024-02-14T18:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23308"
},
{
"type": "WEB",
"url": "https://my.f5.com/manage/s/article/K000137416"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6X8F-VPGX-H5H9
Vulnerability from github – Published: 2024-05-17 15:31 – Updated: 2024-12-30 18:30In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: qca: fix NULL-deref on non-serdev setup
Qualcomm ROME controllers can be registered from the Bluetooth line discipline and in this case the HCI UART serdev pointer is NULL.
Add the missing sanity check to prevent a NULL-pointer dereference when setup() is called for a non-serdev controller.
{
"affected": [],
"aliases": [
"CVE-2024-35850"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-17T15:15:21Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: qca: fix NULL-deref on non-serdev setup\n\nQualcomm ROME controllers can be registered from the Bluetooth line\ndiscipline and in this case the HCI UART serdev pointer is NULL.\n\nAdd the missing sanity check to prevent a NULL-pointer dereference when\nsetup() is called for a non-serdev controller.",
"id": "GHSA-6x8f-vpgx-h5h9",
"modified": "2024-12-30T18:30:40Z",
"published": "2024-05-17T15:31:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35850"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/67459f1a707aae6d590454de07956c2752e21ea4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7ddb9de6af0f1c71147785b12fd7c8ec3f06cc86"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bec4d4c6fa5c6526409f582e4f31144e20c86c21"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.