CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-7M32-W789-G7X4
Vulnerability from github – Published: 2024-02-13 09:30 – Updated: 2024-02-13 09:30A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
{
"affected": [],
"aliases": [
"CVE-2024-23799"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-13T09:15:48Z",
"severity": "LOW"
},
"details": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions \u003c V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.",
"id": "GHSA-7m32-w789-g7x4",
"modified": "2024-02-13T09:30:33Z",
"published": "2024-02-13T09:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23799"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-7M75-J44M-F9X9
Vulnerability from github – Published: 2022-05-26 00:01 – Updated: 2022-06-04 00:00radareorg radare2 version 5.5.2 is vulnerable to NULL Pointer Dereference via libr/bin/p/bin_symbols.c binary symbol parser.
{
"affected": [],
"aliases": [
"CVE-2021-44974"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-25T12:15:00Z",
"severity": "MODERATE"
},
"details": "radareorg radare2 version 5.5.2 is vulnerable to NULL Pointer Dereference via libr/bin/p/bin_symbols.c binary symbol parser.",
"id": "GHSA-7m75-j44m-f9x9",
"modified": "2022-06-04T00:00:49Z",
"published": "2022-05-26T00:01:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44974"
},
{
"type": "WEB",
"url": "https://github.com/radareorg/radare2/issues/19478"
},
{
"type": "WEB",
"url": "https://census-labs.com/news/2022/05/24/multiple-vulnerabilities-in-radare2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/05/25/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7M8F-JJ48-X349
Vulnerability from github – Published: 2024-05-21 18:31 – Updated: 2024-11-06 18:31In the Linux kernel, the following vulnerability has been resolved:
fs: Pass AT_GETATTR_NOSEC flag to getattr interface function
When vfs_getattr_nosec() calls a filesystem's getattr interface function then the 'nosec' should propagate into this function so that vfs_getattr_nosec() can again be called from the filesystem's gettattr rather than vfs_getattr(). The latter would add unnecessary security checks that the initial vfs_getattr_nosec() call wanted to avoid. Therefore, introduce the getattr flag GETATTR_NOSEC and allow to pass with the new getattr_flags parameter to the getattr interface function. In overlayfs and ecryptfs use this flag to determine which one of the two functions to call.
In a recent code change introduced to IMA vfs_getattr_nosec() ended up calling vfs_getattr() in overlayfs, which in turn called security_inode_getattr() on an exiting process that did not have current->fs set anymore, which then caused a kernel NULL pointer dereference. With this change the call to security_inode_getattr() can be avoided, thus avoiding the NULL pointer dereference.
{
"affected": [],
"aliases": [
"CVE-2023-52779"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-21T16:15:16Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: Pass AT_GETATTR_NOSEC flag to getattr interface function\n\nWhen vfs_getattr_nosec() calls a filesystem\u0027s getattr interface function\nthen the \u0027nosec\u0027 should propagate into this function so that\nvfs_getattr_nosec() can again be called from the filesystem\u0027s gettattr\nrather than vfs_getattr(). The latter would add unnecessary security\nchecks that the initial vfs_getattr_nosec() call wanted to avoid.\nTherefore, introduce the getattr flag GETATTR_NOSEC and allow to pass\nwith the new getattr_flags parameter to the getattr interface function.\nIn overlayfs and ecryptfs use this flag to determine which one of the\ntwo functions to call.\n\nIn a recent code change introduced to IMA vfs_getattr_nosec() ended up\ncalling vfs_getattr() in overlayfs, which in turn called\nsecurity_inode_getattr() on an exiting process that did not have\ncurrent-\u003efs set anymore, which then caused a kernel NULL pointer\ndereference. With this change the call to security_inode_getattr() can\nbe avoided, thus avoiding the NULL pointer dereference.",
"id": "GHSA-7m8f-jj48-x349",
"modified": "2024-11-06T18:31:04Z",
"published": "2024-05-21T18:31:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52779"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3fb0fa08641903304b9d81d52a379ff031dc41d4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8a924db2d7b5eb69ba08b1a0af46e9f1359a9bdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7MC4-76WJ-7XMH
Vulnerability from github – Published: 2024-12-11 00:31 – Updated: 2024-12-11 00:31Substance3D - Modeler versions 1.14.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2024-53006"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-10T22:15:24Z",
"severity": "MODERATE"
},
"details": "Substance3D - Modeler versions 1.14.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-7mc4-76wj-7xmh",
"modified": "2024-12-11T00:31:27Z",
"published": "2024-12-11T00:31:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53006"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/substance3d-modeler/apsb24-102.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7MCC-HW35-PQWF
Vulnerability from github – Published: 2023-06-19 12:30 – Updated: 2025-11-03 21:30A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.
{
"affected": [],
"aliases": [
"CVE-2023-3316"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-19T12:15:09Z",
"severity": "MODERATE"
},
"details": "A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.",
"id": "GHSA-7mcc-hw35-pqwf",
"modified": "2025-11-03T21:30:49Z",
"published": "2023-06-19T12:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3316"
},
{
"type": "WEB",
"url": "https://gitlab.com/libtiff/libtiff/-/issues/515"
},
{
"type": "WEB",
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/468"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00019.html"
},
{
"type": "WEB",
"url": "https://research.jfrog.com/vulnerabilities/libtiff-nullderef-dos-xray-522144"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7MGM-QM5V-F8XW
Vulnerability from github – Published: 2024-08-14 15:31 – Updated: 2024-08-14 15:31InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a DoS condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2024-39395"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-14T15:15:24Z",
"severity": "MODERATE"
},
"details": "InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a DoS condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-7mgm-qm5v-f8xw",
"modified": "2024-08-14T15:31:18Z",
"published": "2024-08-14T15:31:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39395"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/indesign/apsb24-56.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7MH5-2FW8-7X58
Vulnerability from github – Published: 2024-05-17 12:31 – Updated: 2025-09-18 18:30In the Linux kernel, the following vulnerability has been resolved:
lib/Kconfig.debug: TEST_IOV_ITER depends on MMU
Trying to run the iov_iter unit test on a nommu system such as the qemu kc705-nommu emulation results in a crash.
KTAP version 1
# Subtest: iov_iter
# module: kunit_iov_iter
1..9
BUG: failure at mm/nommu.c:318/vmap()! Kernel panic - not syncing: BUG!
The test calls vmap() directly, but vmap() is not supported on nommu systems, causing the crash. TEST_IOV_ITER therefore needs to depend on MMU.
{
"affected": [],
"aliases": [
"CVE-2024-27406"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-17T12:15:10Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/Kconfig.debug: TEST_IOV_ITER depends on MMU\n\nTrying to run the iov_iter unit test on a nommu system such as the qemu\nkc705-nommu emulation results in a crash.\n\n KTAP version 1\n # Subtest: iov_iter\n # module: kunit_iov_iter\n 1..9\nBUG: failure at mm/nommu.c:318/vmap()!\nKernel panic - not syncing: BUG!\n\nThe test calls vmap() directly, but vmap() is not supported on nommu\nsystems, causing the crash. TEST_IOV_ITER therefore needs to depend on\nMMU.",
"id": "GHSA-7mh5-2fw8-7x58",
"modified": "2025-09-18T18:30:22Z",
"published": "2024-05-17T12:31:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27406"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1eb1e984379e2da04361763f66eec90dd75cf63e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9e6e541b97762d5b1143070067f7c68f39a408f8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e6316749d603fe9c4c91f6ec3694e06e4de632a3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7MJ4-V67J-JX8V
Vulnerability from github – Published: 2022-05-17 01:18 – Updated: 2022-05-17 01:18There is a NULL Pointer Dereference in the function ll_insert() of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service attack.
{
"affected": [],
"aliases": [
"CVE-2017-10792"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-02T03:29:00Z",
"severity": "MODERATE"
},
"details": "There is a NULL Pointer Dereference in the function ll_insert() of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service attack.",
"id": "GHSA-7mj4-v67j-jx8v",
"modified": "2022-05-17T01:18:36Z",
"published": "2022-05-17T01:18:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10792"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1467005"
},
{
"type": "WEB",
"url": "http://lists.gnu.org/archive/html/pspp-announce/2017-08/msg00000.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/99385"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7MRF-FV7Q-M57F
Vulnerability from github – Published: 2025-05-20 18:30 – Updated: 2025-11-12 21:31In the Linux kernel, the following vulnerability has been resolved:
net: use sock_gen_put() when sk_state is TCP_TIME_WAIT
It is possible for a pointer of type struct inet_timewait_sock to be returned from the functions __inet_lookup_established() and __inet6_lookup_established(). This can cause a crash when the returned pointer is of type struct inet_timewait_sock and sock_put() is called on it. The following is a crash call stack that shows sk->sk_wmem_alloc being accessed in sk_free() during the call to sock_put() on a struct inet_timewait_sock pointer. To avoid this issue, use sock_gen_put() instead of sock_put() when sk->sk_state is TCP_TIME_WAIT.
mrdump.ko ipanic() + 120 vmlinux notifier_call_chain(nr_to_call=-1, nr_calls=0) + 132 vmlinux atomic_notifier_call_chain(val=0) + 56 vmlinux panic() + 344 vmlinux add_taint() + 164 vmlinux end_report() + 136 vmlinux kasan_report(size=0) + 236 vmlinux report_tag_fault() + 16 vmlinux do_tag_recovery() + 16 vmlinux __do_kernel_fault() + 88 vmlinux do_bad_area() + 28 vmlinux do_tag_check_fault() + 60 vmlinux do_mem_abort() + 80 vmlinux el1_abort() + 56 vmlinux el1h_64_sync_handler() + 124 vmlinux > 0xFFFFFFC080011294() vmlinux __lse_atomic_fetch_add_release(v=0xF2FFFF82A896087C) vmlinux __lse_atomic_fetch_sub_release(v=0xF2FFFF82A896087C) vmlinux arch_atomic_fetch_sub_release(i=1, v=0xF2FFFF82A896087C) + 8 vmlinux raw_atomic_fetch_sub_release(i=1, v=0xF2FFFF82A896087C) + 8 vmlinux atomic_fetch_sub_release(i=1, v=0xF2FFFF82A896087C) + 8 vmlinux __refcount_sub_and_test(i=1, r=0xF2FFFF82A896087C, oldp=0) + 8 vmlinux __refcount_dec_and_test(r=0xF2FFFF82A896087C, oldp=0) + 8 vmlinux refcount_dec_and_test(r=0xF2FFFF82A896087C) + 8 vmlinux sk_free(sk=0xF2FFFF82A8960700) + 28 vmlinux sock_put() + 48 vmlinux tcp6_check_fraglist_gro() + 236 vmlinux tcp6_gro_receive() + 624 vmlinux ipv6_gro_receive() + 912 vmlinux dev_gro_receive() + 1116 vmlinux napi_gro_receive() + 196 ccmni.ko ccmni_rx_callback() + 208 ccmni.ko ccmni_queue_recv_skb() + 388 ccci_dpmaif.ko dpmaif_rxq_push_thread() + 1088 vmlinux kthread() + 268 vmlinux 0xFFFFFFC08001F30C()
{
"affected": [],
"aliases": [
"CVE-2025-37894"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-20T16:15:25Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: use sock_gen_put() when sk_state is TCP_TIME_WAIT\n\nIt is possible for a pointer of type struct inet_timewait_sock to be\nreturned from the functions __inet_lookup_established() and\n__inet6_lookup_established(). This can cause a crash when the\nreturned pointer is of type struct inet_timewait_sock and\nsock_put() is called on it. The following is a crash call stack that\nshows sk-\u003esk_wmem_alloc being accessed in sk_free() during the call to\nsock_put() on a struct inet_timewait_sock pointer. To avoid this issue,\nuse sock_gen_put() instead of sock_put() when sk-\u003esk_state\nis TCP_TIME_WAIT.\n\nmrdump.ko ipanic() + 120\nvmlinux notifier_call_chain(nr_to_call=-1, nr_calls=0) + 132\nvmlinux atomic_notifier_call_chain(val=0) + 56\nvmlinux panic() + 344\nvmlinux add_taint() + 164\nvmlinux end_report() + 136\nvmlinux kasan_report(size=0) + 236\nvmlinux report_tag_fault() + 16\nvmlinux do_tag_recovery() + 16\nvmlinux __do_kernel_fault() + 88\nvmlinux do_bad_area() + 28\nvmlinux do_tag_check_fault() + 60\nvmlinux do_mem_abort() + 80\nvmlinux el1_abort() + 56\nvmlinux el1h_64_sync_handler() + 124\nvmlinux \u003e 0xFFFFFFC080011294()\nvmlinux __lse_atomic_fetch_add_release(v=0xF2FFFF82A896087C)\nvmlinux __lse_atomic_fetch_sub_release(v=0xF2FFFF82A896087C)\nvmlinux arch_atomic_fetch_sub_release(i=1, v=0xF2FFFF82A896087C)\n+ 8\nvmlinux raw_atomic_fetch_sub_release(i=1, v=0xF2FFFF82A896087C)\n+ 8\nvmlinux atomic_fetch_sub_release(i=1, v=0xF2FFFF82A896087C) + 8\nvmlinux __refcount_sub_and_test(i=1, r=0xF2FFFF82A896087C,\noldp=0) + 8\nvmlinux __refcount_dec_and_test(r=0xF2FFFF82A896087C, oldp=0) + 8\nvmlinux refcount_dec_and_test(r=0xF2FFFF82A896087C) + 8\nvmlinux sk_free(sk=0xF2FFFF82A8960700) + 28\nvmlinux sock_put() + 48\nvmlinux tcp6_check_fraglist_gro() + 236\nvmlinux tcp6_gro_receive() + 624\nvmlinux ipv6_gro_receive() + 912\nvmlinux dev_gro_receive() + 1116\nvmlinux napi_gro_receive() + 196\nccmni.ko ccmni_rx_callback() + 208\nccmni.ko ccmni_queue_recv_skb() + 388\nccci_dpmaif.ko dpmaif_rxq_push_thread() + 1088\nvmlinux kthread() + 268\nvmlinux 0xFFFFFFC08001F30C()",
"id": "GHSA-7mrf-fv7q-m57f",
"modified": "2025-11-12T21:31:04Z",
"published": "2025-05-20T18:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37894"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/786650e644c5b1c063921799ca203c0b8670d79a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c0dba059b118b5206e755042b15b49368a388898"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f920436a44295ca791ebb6dae3f4190142eec703"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7MV3-85Q3-4CG5
Vulnerability from github – Published: 2022-05-14 01:47 – Updated: 2022-05-14 01:47kvm_pv_send_ipi in arch/x86/kvm/lapic.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where the apic map is uninitialized.
{
"affected": [],
"aliases": [
"CVE-2018-19406"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-11-21T00:29:00Z",
"severity": "MODERATE"
},
"details": "kvm_pv_send_ipi in arch/x86/kvm/lapic.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where the apic map is uninitialized.",
"id": "GHSA-7mv3-85q3-4cg5",
"modified": "2022-05-14T01:47:09Z",
"published": "2022-05-14T01:47:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19406"
},
{
"type": "WEB",
"url": "https://lkml.org/lkml/2018/11/20/411"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105988"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.