Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-75H9-F495-R8MW

Vulnerability from github – Published: 2022-05-17 00:33 – Updated: 2025-04-20 03:46
VLAI
Details

LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of an incorrect calloc call.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-15019"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-05T01:29:00Z",
    "severity": "HIGH"
  },
  "details": "LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of an incorrect calloc call.",
  "id": "GHSA-75h9-f495-r8mw",
  "modified": "2025-04-20T03:46:20Z",
  "published": "2022-05-17T00:33:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15019"
    },
    {
      "type": "WEB",
      "url": "https://sourceforge.net/p/lame/bugs/477"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-75M2-92FC-X3MJ

Vulnerability from github – Published: 2022-05-04 00:00 – Updated: 2022-05-14 00:03
VLAI
Details

A vulnerability in the TCP proxy functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper handling of TCP flows. An attacker could exploit this vulnerability by sending a crafted stream of TCP traffic through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-20746"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-03T04:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the TCP proxy functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper handling of TCP flows. An attacker could exploit this vulnerability by sending a crafted stream of TCP traffic through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.",
  "id": "GHSA-75m2-92fc-x3mj",
  "modified": "2022-05-14T00:03:40Z",
  "published": "2022-05-04T00:00:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20746"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-tcp-dos-kM9SHhOu"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-75XR-XX5Q-8H3V

Vulnerability from github – Published: 2024-09-27 15:30 – Updated: 2025-11-04 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: added NULL check at start of dc_validate_stream

[Why] prevent invalid memory access

[How] check if dc and stream are NULL

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-46802"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-27T13:15:13Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: added NULL check at start of dc_validate_stream\n\n[Why]\nprevent invalid memory access\n\n[How]\ncheck if dc and stream are NULL",
  "id": "GHSA-75xr-xx5q-8h3v",
  "modified": "2025-11-04T00:31:29Z",
  "published": "2024-09-27T15:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46802"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/154a50bf4221a6a6ccf88d565b8184da7c40a2dd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/26c56049cc4f1705b498df013949427692a4b0d5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/356fcce9cdbfe338a275e9e1836adfdd7f5c52a9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6bf920193ba1853bad780bba565a789246d9003c"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-75XV-86RC-36X2

Vulnerability from github – Published: 2022-05-13 01:17 – Updated: 2025-04-20 03:45
VLAI
Details

ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-14624"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-09-21T05:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c.",
  "id": "GHSA-75xv-86rc-36x2",
  "modified": "2025-04-20T03:45:36Z",
  "published": "2022-05-13T01:17:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14624"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/issues/722"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3681-1"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/100940"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-764P-23V8-XG3P

Vulnerability from github – Published: 2022-05-24 16:44 – Updated: 2024-04-04 00:02
VLAI
Details

hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-5008"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-04-19T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver.",
  "id": "GHSA-764p-23v8-xg3p",
  "modified": "2024-04-04T00:02:17Z",
  "published": "2022-05-24T16:44:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5008"
    },
    {
      "type": "WEB",
      "url": "https://fakhrizulkifli.github.io/posts/2019/01/03/CVE-2019-5008"
    },
    {
      "type": "WEB",
      "url": "https://git.qemu.org/?p=qemu.git%3Ba=history%3Bf=hw/sparc64/sun4u.c%3Bhb=HEAD"
    },
    {
      "type": "WEB",
      "url": "https://git.qemu.org/?p=qemu.git;a=history;f=hw/sparc64/sun4u.c;hb=HEAD"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOE3PVFPMWMXV3DGP2R3XIHAF2ZQU3FS"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVDHJB2QKXNDU7OFXIHIL5O5VN5QCSZL"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3978-1"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/108024"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7654-46V5-GJ2H

Vulnerability from github – Published: 2022-05-14 01:00 – Updated: 2022-05-14 01:00
VLAI
Details

LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-20363"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-22T17:29:00Z",
    "severity": "MODERATE"
  },
  "details": "LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.",
  "id": "GHSA-7654-46v5-gj2h",
  "modified": "2022-05-14T01:00:58Z",
  "published": "2022-05-14T01:00:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20363"
    },
    {
      "type": "WEB",
      "url": "https://github.com/LibRaw/LibRaw/issues/193"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3989-1"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/106299"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-766M-W6RV-79Q4

Vulnerability from github – Published: 2023-03-01 21:30 – Updated: 2023-03-13 15:30
VLAI
Details

In the Linux kernel before 5.16.3, drivers/bluetooth/hci_qca.c misinterprets the devm_gpiod_get_index_optional return value (expects it to be NULL in the error case, whereas it is actually an error pointer).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-23002"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-01T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel before 5.16.3, drivers/bluetooth/hci_qca.c misinterprets the devm_gpiod_get_index_optional return value (expects it to be NULL in the error case, whereas it is actually an error pointer).",
  "id": "GHSA-766m-w6rv-79q4",
  "modified": "2023-03-13T15:30:18Z",
  "published": "2023-03-01T21:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23002"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/6845667146a28c09b5dfc401c1ad112374087944"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7674-7G97-MWGJ

Vulnerability from github – Published: 2022-05-24 16:54 – Updated: 2023-03-31 18:30
VLAI
Details

A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to cause the web server process to crash, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient validation of user-supplied input on the web interface. An attacker could exploit this vulnerability by submitting a crafted HTTP request to certain endpoints of the affected software. A successful exploit could allow an attacker to cause the web server to crash. Physical access to the device may be required for a restart.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-1900"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-21T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to cause the web server process to crash, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient validation of user-supplied input on the web interface. An attacker could exploit this vulnerability by submitting a crafted HTTP request to certain endpoints of the affected software. A successful exploit could allow an attacker to cause the web server to crash. Physical access to the device may be required for a restart.",
  "id": "GHSA-7674-7g97-mwgj",
  "modified": "2023-03-31T18:30:22Z",
  "published": "2022-05-24T16:54:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1900"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-dos"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-76F4-M3P8-6HM8

Vulnerability from github – Published: 2025-05-20 18:30 – Updated: 2025-11-10 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays

Commit a5951389e58d ("arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists") added some additional CPUs to the Spectre-BHB workaround, including some new arrays for designs that require new 'k' values for the workaround to be effective.

Unfortunately, the new arrays omitted the sentinel entry and so is_midr_in_range_list() will walk off the end when it doesn't find a match. With UBSAN enabled, this leads to a crash during boot when is_midr_in_range_list() is inlined (which was more common prior to c8c2647e69be ("arm64: Make  _midr_in_range_list() an exported function")):

| Internal error: aarch64 BRK: 00000000f2000001 [#1] PREEMPT SMP | pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) | pc : spectre_bhb_loop_affected+0x28/0x30 | lr : is_spectre_bhb_affected+0x170/0x190 | [...] | Call trace: | spectre_bhb_loop_affected+0x28/0x30 | update_cpu_capabilities+0xc0/0x184 | init_cpu_features+0x188/0x1a4 | cpuinfo_store_boot_cpu+0x4c/0x60 | smp_prepare_boot_cpu+0x38/0x54 | start_kernel+0x8c/0x478 | __primary_switched+0xc8/0xd4 | Code: 6b09011f 54000061 52801080 d65f03c0 (d4200020) | ---[ end trace 0000000000000000 ]--- | Kernel panic - not syncing: aarch64 BRK: Fatal exception

Add the missing sentinel entries.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-37929"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-20T16:15:29Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays\n\nCommit a5951389e58d (\"arm64: errata: Add newer ARM cores to the\nspectre_bhb_loop_affected() lists\") added some additional CPUs to the\nSpectre-BHB workaround, including some new arrays for designs that\nrequire new \u0027k\u0027 values for the workaround to be effective.\n\nUnfortunately, the new arrays omitted the sentinel entry and so\nis_midr_in_range_list() will walk off the end when it doesn\u0027t find a\nmatch. With UBSAN enabled, this leads to a crash during boot when\nis_midr_in_range_list() is inlined (which was more common prior to\nc8c2647e69be (\"arm64: Make \u00a0_midr_in_range_list() an exported\nfunction\")):\n\n |  Internal error: aarch64 BRK: 00000000f2000001 [#1] PREEMPT SMP\n |  pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n |  pc : spectre_bhb_loop_affected+0x28/0x30\n |  lr : is_spectre_bhb_affected+0x170/0x190\n | [...]\n |  Call trace:\n |   spectre_bhb_loop_affected+0x28/0x30\n |   update_cpu_capabilities+0xc0/0x184\n |   init_cpu_features+0x188/0x1a4\n |   cpuinfo_store_boot_cpu+0x4c/0x60\n |   smp_prepare_boot_cpu+0x38/0x54\n |   start_kernel+0x8c/0x478\n |   __primary_switched+0xc8/0xd4\n |  Code: 6b09011f 54000061 52801080 d65f03c0 (d4200020)\n |  ---[ end trace 0000000000000000 ]---\n |  Kernel panic - not syncing: aarch64 BRK: Fatal exception\n\nAdd the missing sentinel entries.",
  "id": "GHSA-76f4-m3p8-6hm8",
  "modified": "2025-11-10T21:30:30Z",
  "published": "2025-05-20T18:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37929"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/090c8714efe1c3c470301cc2f794c1ee2a57746c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/333579202f09e260e8116321df4c55f80a19b160"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3821cae9bd5a99a42d3d0be1b58e41f072cd4c4c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/446289b8b36b2ee98dabf6388acbddcc33ed41be"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6266b3509b2c6ebf2f9daf2239ff8eb60c5f5bd3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e68da90ac00d8b681561aeb8f5d6c47af3a04861"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fee4d171451c1ad9e8aaf65fc0ab7d143a33bd72"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-76F8-P2HG-CF8G

Vulnerability from github – Published: 2022-04-16 00:00 – Updated: 2022-04-23 00:03
VLAI
Details

NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-28049"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-15T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c.",
  "id": "GHSA-76f8-p2hg-cf8g",
  "modified": "2022-04-23T00:03:21Z",
  "published": "2022-04-16T00:00:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28049"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nginx/njs/issues/473"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nginx/njs/commit/f65981b0b8fcf02d69a40bc934803c25c9f607ab"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220519-0008"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.