CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-7PXG-RRCR-GQM5
Vulnerability from github – Published: 2025-07-03 09:30 – Updated: 2025-12-17 18:31In the Linux kernel, the following vulnerability has been resolved:
gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO
gve_alloc_pending_packet() can return NULL, but gve_tx_add_skb_dqo() did not check for this case before dereferencing the returned pointer.
Add a missing NULL check to prevent a potential NULL pointer dereference when allocation fails.
This improves robustness in low-memory scenarios.
{
"affected": [],
"aliases": [
"CVE-2025-38122"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-03T09:15:26Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: add missing NULL check for gve_alloc_pending_packet() in TX DQO\n\ngve_alloc_pending_packet() can return NULL, but gve_tx_add_skb_dqo()\ndid not check for this case before dereferencing the returned pointer.\n\nAdd a missing NULL check to prevent a potential NULL pointer\ndereference when allocation fails.\n\nThis improves robustness in low-memory scenarios.",
"id": "GHSA-7pxg-rrcr-gqm5",
"modified": "2025-12-17T18:31:32Z",
"published": "2025-07-03T09:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38122"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/12c331b29c7397ac3b03584e12902990693bc248"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2e5ead9e4e91fbe7799bd38afd8904543be1cb51"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7f6265fce3bd424ded666481b37f106d7915fb6b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a0319c9b1648a67511e947a596ca86888451c0a7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ae98a1787fdcb0096d122bc80d93c3c7d812c04b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c741a7ef68023ac800054e2131c3e22e647fd7e3"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7Q33-HQVG-RM4F
Vulnerability from github – Published: 2025-03-04 06:30 – Updated: 2025-03-04 06:30in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through NULL pointer dereference.
{
"affected": [],
"aliases": [
"CVE-2025-21097"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-04T04:15:13Z",
"severity": "LOW"
},
"details": "in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through NULL pointer dereference.",
"id": "GHSA-7q33-hqvg-rm4f",
"modified": "2025-03-04T06:30:33Z",
"published": "2025-03-04T06:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21097"
},
{
"type": "WEB",
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-7Q5J-M65F-W95R
Vulnerability from github – Published: 2025-07-04 15:31 – Updated: 2026-05-12 15:30In the Linux kernel, the following vulnerability has been resolved:
nfsd: Initialize ssc before laundromat_work to prevent NULL dereference
In nfs4_state_start_net(), laundromat_work may access nfsd_ssc through nfs4_laundromat -> nfsd4_ssc_expire_umount. If nfsd_ssc isn't initialized, this can cause NULL pointer dereference.
Normally the delayed start of laundromat_work allows sufficient time for nfsd_ssc initialization to complete. However, when the kernel waits too long for userspace responses (e.g. in nfs4_state_start_net -> nfsd4_end_grace -> nfsd4_record_grace_done -> nfsd4_cld_grace_done -> cld_pipe_upcall -> __cld_pipe_upcall -> wait_for_completion path), the delayed work may start before nfsd_ssc initialization finishes.
Fix this by moving nfsd_ssc initialization before starting laundromat_work.
{
"affected": [],
"aliases": [
"CVE-2025-38231"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-04T14:15:32Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: Initialize ssc before laundromat_work to prevent NULL dereference\n\nIn nfs4_state_start_net(), laundromat_work may access nfsd_ssc through\nnfs4_laundromat -\u003e nfsd4_ssc_expire_umount. If nfsd_ssc isn\u0027t initialized,\nthis can cause NULL pointer dereference.\n\nNormally the delayed start of laundromat_work allows sufficient time for\nnfsd_ssc initialization to complete. However, when the kernel waits too\nlong for userspace responses (e.g. in nfs4_state_start_net -\u003e\nnfsd4_end_grace -\u003e nfsd4_record_grace_done -\u003e nfsd4_cld_grace_done -\u003e\ncld_pipe_upcall -\u003e __cld_pipe_upcall -\u003e wait_for_completion path), the\ndelayed work may start before nfsd_ssc initialization finishes.\n\nFix this by moving nfsd_ssc initialization before starting laundromat_work.",
"id": "GHSA-7q5j-m65f-w95r",
"modified": "2026-05-12T15:30:54Z",
"published": "2025-07-04T15:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38231"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0fccf5f01ed28725cc313a66ca1247eef911d55e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5060e1a5fef184bd11d298e3f0ee920d96a23236"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/83ac1ba8ca102ab5c0ed4351f8ac6e74ac4d5d64"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a97668ec6d73dab237cd1c15efe012a10090a4ed"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b31da62889e6d610114d81dc7a6edbcaa503fcf8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d622c2ee6c08147ab8c9b9e37d93b6e95d3258e0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/deaeb74ae9318252829c59a84a7d2316fc335660"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7Q5M-QV9W-C8XX
Vulnerability from github – Published: 2026-06-25 09:31 – Updated: 2026-07-02 21:32In the Linux kernel, the following vulnerability has been resolved:
netfilter: revalidate bridge ports
ebt_redirect_tg() dereferences br_port_get_rcu() return without a NULL check, causing a kernel panic when the bridge port has been removed between the original hook invocation and an NFQUEUE reinject.
A mere NULL check isn't sufficient, however. As sashiko review points out userspace can not only remove the port from the bridge, it could also place the device in a different virtual device, e.g. macvlan.
If this happens, we must drop the packet, there is no way for us to reinject it into the bridge path.
Switch to _upper API, we don't need the bridge port structure. Also, this fix keeps another bug intact:
Both nfnetlink_log and nfnetlink_queue use CONFIG_BRIDGE_NETFILTER too aggressive, which prevents certain logging features when queueing in bridge family: NETFILTER_FAMILY_BRIDGE can be enabled while the old CONFIG_BRIDGE_NETFILTER cruft is off.
Fixes tag is a common ancestor, this was always broken.
{
"affected": [],
"aliases": [
"CVE-2026-53220"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-25T09:16:39Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: revalidate bridge ports\n\nebt_redirect_tg() dereferences br_port_get_rcu() return without a\nNULL check, causing a kernel panic when the bridge port has been\nremoved between the original hook invocation and an NFQUEUE\nreinject.\n\nA mere NULL check isn\u0027t sufficient, however. As sashiko review\npoints out userspace can not only remove the port from the bridge,\nit could also place the device in a different virtual device, e.g.\nmacvlan.\n\nIf this happens, we must drop the packet, there is no way for us to\nreinject it into the bridge path.\n\nSwitch to _upper API, we don\u0027t need the bridge port structure.\nAlso, this fix keeps another bug intact:\n\nBoth nfnetlink_log and nfnetlink_queue use CONFIG_BRIDGE_NETFILTER\ntoo aggressive, which prevents certain logging features when queueing\nin bridge family: NETFILTER_FAMILY_BRIDGE can be enabled while the old\nCONFIG_BRIDGE_NETFILTER cruft is off.\n\nFixes tag is a common ancestor, this was always broken.",
"id": "GHSA-7q5m-qv9w-c8xx",
"modified": "2026-07-02T21:32:05Z",
"published": "2026-06-25T09:31:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53220"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/43330a1e8aace6b5a8de9aba127e9e394ab49b0f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4beffcd726e2a731cea4dc18e1fbc55c8d76f1a0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ccb9fd4b87538ccf19ccff78ee26700526d94867"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d4b1301fd3c9e5e105fd3767c68bc4ba558bb228"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7Q5P-4JPP-R47W
Vulnerability from github – Published: 2022-05-17 02:51 – Updated: 2022-05-17 02:51The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.
{
"affected": [],
"aliases": [
"CVE-2017-7380"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-04-03T05:59:00Z",
"severity": "MODERATE"
},
"details": "The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.",
"id": "GHSA-7q5p-4jpp-r47w",
"modified": "2022-05-17T02:51:00Z",
"published": "2022-05-17T02:51:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7380"
},
{
"type": "WEB",
"url": "https://blogs.gentoo.org/ago/2017/03/31/podofo-four-null-pointer-dereference"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97296"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7Q5Q-96VF-8RG6
Vulnerability from github – Published: 2024-09-04 21:30 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
rtla/osnoise: Prevent NULL dereference in error handling
If the "tool->data" allocation fails then there is no need to call osnoise_free_top() and, in fact, doing so will lead to a NULL dereference.
{
"affected": [],
"aliases": [
"CVE-2024-45002"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-04T20:15:08Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtla/osnoise: Prevent NULL dereference in error handling\n\nIf the \"tool-\u003edata\" allocation fails then there is no need to call\nosnoise_free_top() and, in fact, doing so will lead to a NULL dereference.",
"id": "GHSA-7q5q-96vf-8rg6",
"modified": "2025-11-04T00:31:23Z",
"published": "2024-09-04T21:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45002"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/753f1745146e03abd17eec8eee95faffc96d743d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/90574d2a675947858b47008df8d07f75ea50d0d0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/abdb9ddaaab476e62805e36cce7b4ef8413ffd01"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fc575212c6b75d538e1a0a74f4c7e2ac73bc46ac"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7Q7J-VRXC-WV26
Vulnerability from github – Published: 2022-11-28 12:30 – Updated: 2022-12-01 21:30A null pointer dereference vulnerability exists in the handle_ioctl_8314C functionality of Callback technologies CBFS Filter 20.0.8317. A specially-crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2022-43589"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-28T11:15:00Z",
"severity": "MODERATE"
},
"details": "A null pointer dereference vulnerability exists in the handle_ioctl_8314C functionality of Callback technologies CBFS Filter 20.0.8317. A specially-crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability.",
"id": "GHSA-7q7j-vrxc-wv26",
"modified": "2022-12-01T21:30:20Z",
"published": "2022-11-28T12:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43589"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1648"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7Q97-2MWR-62P8
Vulnerability from github – Published: 2025-05-20 18:30 – Updated: 2025-11-17 18:30In the Linux kernel, the following vulnerability has been resolved:
ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr()
As mentioned in the commit baeb705fd6a7 ("ice: always check VF VSI pointer values"), we need to perform a null pointer check on the return value of ice_get_vf_vsi() before using it.
{
"affected": [],
"aliases": [
"CVE-2025-37912"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-20T16:15:27Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr()\n\nAs mentioned in the commit baeb705fd6a7 (\"ice: always check VF VSI\npointer values\"), we need to perform a null pointer check on the return\nvalue of ice_get_vf_vsi() before using it.",
"id": "GHSA-7q97-2mwr-62p8",
"modified": "2025-11-17T18:30:23Z",
"published": "2025-05-20T18:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37912"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0561f2e374c3732b90e50f0a244791a4308ec67e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/073791e9cfe6e4a11a6d85816ba87b1aa207493e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/425c5f266b2edeee0ce16fedd8466410cdcfcfe3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a32dcc3b8293600ddc4024731b4d027d4de061a4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/eae60cfe25d022d7f0321dba4cc23ad8e87ade48"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f68237982dc012230550f4ecf7ce286a9c37ddc9"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7QCC-G2M9-8533
Vulnerability from github – Published: 2021-08-25 20:53 – Updated: 2021-08-19 17:22An issue was discovered in the fltk crate before 0.15.3 for Rust. There is a NULL pointer dereference during attempted use of a non-raster image for a window icon.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "fltk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.15.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-28307"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T17:22:29Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "An issue was discovered in the fltk crate before 0.15.3 for Rust. There is a NULL pointer dereference during attempted use of a non-raster image for a window icon.",
"id": "GHSA-7qcc-g2m9-8533",
"modified": "2021-08-19T17:22:29Z",
"published": "2021-08-25T20:53:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28307"
},
{
"type": "WEB",
"url": "https://github.com/MoAlyousef/fltk-rs/issues/519"
},
{
"type": "PACKAGE",
"url": "https://github.com/MoAlyousef/fltk-rs"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0038.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Null pointer deference in fltk"
}
GHSA-7QCM-45JM-FJ5G
Vulnerability from github – Published: 2025-01-19 12:31 – Updated: 2025-11-03 21:32In the Linux kernel, the following vulnerability has been resolved:
sctp: sysctl: udp_port: avoid using current->nsproxy
As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons:
-
Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns.
-
current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2).
The 'net' structure can be obtained from the table->data using container_of().
Note that table->data could also be used directly, but that would increase the size of this fix, while 'sctp.ctl_sock' still needs to be retrieved from 'net' structure.
{
"affected": [],
"aliases": [
"CVE-2025-21637"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-19T11:15:09Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: udp_port: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure.",
"id": "GHSA-7qcm-45jm-fj5g",
"modified": "2025-11-03T21:32:13Z",
"published": "2025-01-19T12:31:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21637"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0a0966312ac3eedd7f5f2a766ed4702df39a9a65"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/55627918febdf9d71107a1e68d1528dc591c9a15"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5b77d73f3be5102720fb685b9e6900e3500e1096"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c10377bbc1972d858eaf0ab366a311b39f8ef1b6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e919197fb8616331f5dc81e4c3cc3d12769cb725"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.