CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-76W7-8X62-J4QM
Vulnerability from github – Published: 2026-03-25 12:30 – Updated: 2026-04-23 21:31In the Linux kernel, the following vulnerability has been resolved:
cpufreq: intel_pstate: Fix crash during turbo disable
When the system is booted with kernel command line argument "nosmt" or "maxcpus" to limit the number of CPUs, disabling turbo via:
echo 1 > /sys/devices/system/cpu/intel_pstate/no_turbo
results in a crash:
PF: supervisor read access in kernel mode PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: Oops: 0000 [#1] SMP PTI ... RIP: 0010:store_no_turbo+0x100/0x1f0 ...
This occurs because for_each_possible_cpu() returns CPUs even if they are not online. For those CPUs, all_cpu_data[] will be NULL. Since commit 973207ae3d7c ("cpufreq: intel_pstate: Rearrange max frequency updates handling code"), all_cpu_data[] is dereferenced even for CPUs which are not online, causing the NULL pointer dereference.
To fix that, pass CPU number to intel_pstate_update_max_freq() and use all_cpu_data[] for those CPUs for which there is a valid cpufreq policy.
{
"affected": [],
"aliases": [
"CVE-2026-23332"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-25T11:16:30Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: intel_pstate: Fix crash during turbo disable\n\nWhen the system is booted with kernel command line argument \"nosmt\" or\n\"maxcpus\" to limit the number of CPUs, disabling turbo via:\n\n echo 1 \u003e /sys/devices/system/cpu/intel_pstate/no_turbo\n\nresults in a crash:\n\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] SMP PTI\n ...\n RIP: 0010:store_no_turbo+0x100/0x1f0\n ...\n\nThis occurs because for_each_possible_cpu() returns CPUs even if they\nare not online. For those CPUs, all_cpu_data[] will be NULL. Since\ncommit 973207ae3d7c (\"cpufreq: intel_pstate: Rearrange max frequency\nupdates handling code\"), all_cpu_data[] is dereferenced even for CPUs\nwhich are not online, causing the NULL pointer dereference.\n\nTo fix that, pass CPU number to intel_pstate_update_max_freq() and use\nall_cpu_data[] for those CPUs for which there is a valid cpufreq policy.",
"id": "GHSA-76w7-8x62-j4qm",
"modified": "2026-04-23T21:31:17Z",
"published": "2026-03-25T12:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23332"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6b050482ec40569429d963ac52afa878691b04c9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a1850e2aef4d15405e7ff53fd51c4b3124d46182"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d20d48916ce8531b157c2edeba76d69af2974270"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-76W9-9RXF-7928
Vulnerability from github – Published: 2022-05-17 02:58 – Updated: 2025-04-20 03:32The get_vlc2 function in get_bits.h in Libav before 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted mp3 file, possibly related to startcode sequences during m4v detection.
{
"affected": [],
"aliases": [
"CVE-2016-8675"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-02-15T21:59:00Z",
"severity": "MODERATE"
},
"details": "The get_vlc2 function in get_bits.h in Libav before 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted mp3 file, possibly related to startcode sequences during m4v detection.",
"id": "GHSA-76w9-9rxf-7928",
"modified": "2025-04-20T03:32:57Z",
"published": "2022-05-17T02:58:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8675"
},
{
"type": "WEB",
"url": "https://github.com/libav/libav/commit/e5b019725f53b79159931d3a7317107cbbfd0860"
},
{
"type": "WEB",
"url": "https://blogs.gentoo.org/ago/2016/09/07/libav-null-pointer-dereference-in-get_vlc2_get_bits_h"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/10/16/13"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/93468"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-772M-JQ8V-P5Q6
Vulnerability from github – Published: 2022-06-03 00:00 – Updated: 2022-06-09 00:00An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function swf_GetBits() located in rfxswf.c. It allows an attacker to cause Denial of Service.
{
"affected": [],
"aliases": [
"CVE-2021-42198"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-02T14:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function swf_GetBits() located in rfxswf.c. It allows an attacker to cause Denial of Service.",
"id": "GHSA-772m-jq8v-p5q6",
"modified": "2022-06-09T00:00:17Z",
"published": "2022-06-03T00:00:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42198"
},
{
"type": "WEB",
"url": "https://github.com/matthiaskramm/swftools/issues/168"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7732-HQR2-CR7R
Vulnerability from github – Published: 2023-04-16 00:30 – Updated: 2024-04-04 03:29libdwarf before 20201201 allows a dwarf_print_lines.c NULL pointer dereference and application crash via a DWARF5 line-table header that has an invalid FORM for a pathname.
{
"affected": [],
"aliases": [
"CVE-2020-28163"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-16T00:15:00Z",
"severity": "MODERATE"
},
"details": "libdwarf before 20201201 allows a dwarf_print_lines.c NULL pointer dereference and application crash via a DWARF5 line-table header that has an invalid FORM for a pathname.",
"id": "GHSA-7732-hqr2-cr7r",
"modified": "2024-04-04T03:29:17Z",
"published": "2023-04-16T00:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28163"
},
{
"type": "WEB",
"url": "https://github.com/davea42/libdwarf-code/commit/faf99408e3f9f706fc3809dd400e831f989778d3"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026000"
},
{
"type": "WEB",
"url": "https://www.prevanders.net/dwarfbug.html#DW202010-003"
},
{
"type": "WEB",
"url": "http://web.archive.org/web/20190601140703/https://sourceforge.net/projects/libdwarf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7734-VJRV-HJXQ
Vulnerability from github – Published: 2022-05-24 17:00 – Updated: 2022-05-24 17:00TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity.
{
"affected": [],
"aliases": [
"CVE-2019-15680"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-29T19:15:00Z",
"severity": "MODERATE"
},
"details": "TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity.",
"id": "GHSA-7734-vjrv-hjxq",
"modified": "2022-05-24T17:00:02Z",
"published": "2022-05-24T17:00:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15680"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html"
},
{
"type": "WEB",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4407-1"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2018/12/10/5"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-7756-HH2M-CCGC
Vulnerability from github – Published: 2022-01-14 00:02 – Updated: 2023-05-27 06:30The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the mpgviddmx_process function in reframe_mpgvid.c, which allows attackers to cause a denial of service. This vulnerability is possibly due to an incomplete fix for CVE-2021-40566.
{
"affected": [],
"aliases": [
"CVE-2021-40575"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-13T19:15:00Z",
"severity": "MODERATE"
},
"details": "The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the mpgviddmx_process function in reframe_mpgvid.c, which allows attackers to cause a denial of service. This vulnerability is possibly due to an incomplete fix for CVE-2021-40566.",
"id": "GHSA-7756-hh2m-ccgc",
"modified": "2023-05-27T06:30:38Z",
"published": "2022-01-14T00:02:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40575"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/issues/1905"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/commit/5f2c2a16d30229b6241f02fa28e3d6b810d64858"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5411"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-775V-7JQM-2469
Vulnerability from github – Published: 2022-05-17 03:02 – Updated: 2025-04-20 03:32The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different vulnerability than CVE-2016-8694 and CVE-2016-8696.
{
"affected": [],
"aliases": [
"CVE-2016-8695"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-01-31T22:59:00Z",
"severity": "MODERATE"
},
"details": "The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different vulnerability than CVE-2016-8694 and CVE-2016-8696.",
"id": "GHSA-775v-7jqm-2469",
"modified": "2025-04-20T03:32:04Z",
"published": "2022-05-17T03:02:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8695"
},
{
"type": "WEB",
"url": "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c"
},
{
"type": "WEB",
"url": "http://potrace.sourceforge.net/ChangeLog"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/08/18/11"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/10/16/12"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/93778"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-776G-QXH8-7652
Vulnerability from github – Published: 2022-05-17 01:18 – Updated: 2025-04-20 03:43wchar.c in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image.
{
"affected": [],
"aliases": [
"CVE-2017-12922"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-28T19:29:00Z",
"severity": "MODERATE"
},
"details": "wchar.c in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image.",
"id": "GHSA-776g-qxh8-7652",
"modified": "2025-04-20T03:43:57Z",
"published": "2022-05-17T01:18:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12922"
},
{
"type": "WEB",
"url": "https://blogs.gentoo.org/ago/2017/08/09/libfpx-null-pointer-dereference-in-wchar-c"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2017/08/17/11"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7797-CC95-P257
Vulnerability from github – Published: 2024-10-21 18:30 – Updated: 2025-11-03 21:31In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn30_init_hw
This commit addresses a potential null pointer dereference issue in the
dcn30_init_hw function. The issue could occur when dc->clk_mgr or
dc->clk_mgr->funcs is null.
The fix adds a check to ensure dc->clk_mgr and dc->clk_mgr->funcs is
not null before accessing its functions. This prevents a potential null
pointer dereference.
Reported by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:789 dcn30_init_hw() error: we previously assumed 'dc->clk_mgr' could be null (see line 628)
{
"affected": [],
"aliases": [
"CVE-2024-49917"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T18:15:13Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL check for clk_mgr and clk_mgr-\u003efuncs in dcn30_init_hw\n\nThis commit addresses a potential null pointer dereference issue in the\n`dcn30_init_hw` function. The issue could occur when `dc-\u003eclk_mgr` or\n`dc-\u003eclk_mgr-\u003efuncs` is null.\n\nThe fix adds a check to ensure `dc-\u003eclk_mgr` and `dc-\u003eclk_mgr-\u003efuncs` is\nnot null before accessing its functions. This prevents a potential null\npointer dereference.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:789 dcn30_init_hw() error: we previously assumed \u0027dc-\u003eclk_mgr\u0027 could be null (see line 628)",
"id": "GHSA-7797-cc95-p257",
"modified": "2025-11-03T21:31:22Z",
"published": "2024-10-21T18:30:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49917"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/205e3b96cc9aa9211fd2c849a16245cf236b2d36"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/23cb6139543580dc36743586ca86fbb3f7ab2c9d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5443c83eb8fd2f88c71ced38848fbf744d6206a2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/56c326577971adc3a230f29dfd3aa3abdd505f5d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cba7fec864172dadd953daefdd26e01742b71a6a"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-77GG-4HMH-HWXC
Vulnerability from github – Published: 2026-03-25 12:30 – Updated: 2026-07-14 15:31In the Linux kernel, the following vulnerability has been resolved:
net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop
When a standalone IPv6 nexthop object is created with a loopback device (e.g., "ip -6 nexthop add id 100 dev lo"), fib6_nh_init() misclassifies it as a reject route. This is because nexthop objects have no destination prefix (fc_dst=::), causing fib6_is_reject() to match any loopback nexthop. The reject path skips fib_nh_common_init(), leaving nhc_pcpu_rth_output unallocated. If an IPv4 route later references this nexthop, __mkroute_output() dereferences NULL nhc_pcpu_rth_output and panics.
Simplify the check in fib6_nh_init() to only match explicit reject routes (RTF_REJECT) instead of using fib6_is_reject(). The loopback promotion heuristic in fib6_is_reject() is handled separately by ip6_route_info_create_nh(). After this change, the three cases behave as follows:
-
Explicit reject route ("ip -6 route add unreachable 2001:db8::/64"): RTF_REJECT is set, enters reject path, skips fib_nh_common_init(). No behavior change.
-
Implicit loopback reject route ("ip -6 route add 2001:db8::/32 dev lo"): RTF_REJECT is not set, takes normal path, fib_nh_common_init() is called. ip6_route_info_create_nh() still promotes it to reject afterward. nhc_pcpu_rth_output is allocated but unused, which is harmless.
-
Standalone nexthop object ("ip -6 nexthop add id 100 dev lo"): RTF_REJECT is not set, takes normal path, fib_nh_common_init() is called. nhc_pcpu_rth_output is properly allocated, fixing the crash when IPv4 routes reference this nexthop.
{
"affected": [],
"aliases": [
"CVE-2026-23300"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-25T11:16:25Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop\n\nWhen a standalone IPv6 nexthop object is created with a loopback device\n(e.g., \"ip -6 nexthop add id 100 dev lo\"), fib6_nh_init() misclassifies\nit as a reject route. This is because nexthop objects have no destination\nprefix (fc_dst=::), causing fib6_is_reject() to match any loopback\nnexthop. The reject path skips fib_nh_common_init(), leaving\nnhc_pcpu_rth_output unallocated. If an IPv4 route later references this\nnexthop, __mkroute_output() dereferences NULL nhc_pcpu_rth_output and\npanics.\n\nSimplify the check in fib6_nh_init() to only match explicit reject\nroutes (RTF_REJECT) instead of using fib6_is_reject(). The loopback\npromotion heuristic in fib6_is_reject() is handled separately by\nip6_route_info_create_nh(). After this change, the three cases behave\nas follows:\n\n1. Explicit reject route (\"ip -6 route add unreachable 2001:db8::/64\"):\n RTF_REJECT is set, enters reject path, skips fib_nh_common_init().\n No behavior change.\n\n2. Implicit loopback reject route (\"ip -6 route add 2001:db8::/32 dev lo\"):\n RTF_REJECT is not set, takes normal path, fib_nh_common_init() is\n called. ip6_route_info_create_nh() still promotes it to reject\n afterward. nhc_pcpu_rth_output is allocated but unused, which is\n harmless.\n\n3. Standalone nexthop object (\"ip -6 nexthop add id 100 dev lo\"):\n RTF_REJECT is not set, takes normal path, fib_nh_common_init() is\n called. nhc_pcpu_rth_output is properly allocated, fixing the crash\n when IPv4 routes reference this nexthop.",
"id": "GHSA-77gg-4hmh-hwxc",
"modified": "2026-07-14T15:31:40Z",
"published": "2026-03-25T12:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23300"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/21ec92774d1536f71bdc90b0e3d052eff99cf093"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/607e68c1b7c5a30c795571be1906d716e989a644"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8650db85b4259d2885d2a80fbc2317ce24194133"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b299121e7453d23faddf464087dff513a495b4fc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b3b5a037d520afe3d5276e653bc0ff516bbda34c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b5062fc2150614c9ea8a611c2e0cb6e047ebfa3a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c11d7c56c2076ee9cd72004f1976fe0734df2ae9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f7c9f8e3607440fe39300efbaf46cf7b5eecb23f"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.