CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-WPG9-Q9RC-8CX9
Vulnerability from github – Published: 2022-04-16 00:00 – Updated: 2022-04-23 00:03An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause calls to ZRead to crash due to a NULL pointer dereference.
{
"affected": [],
"aliases": [
"CVE-2021-44501"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-15T18:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause calls to ZRead to crash due to a NULL pointer dereference.",
"id": "GHSA-wpg9-q9rc-8cx9",
"modified": "2022-04-23T00:03:14Z",
"published": "2022-04-16T00:00:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44501"
},
{
"type": "WEB",
"url": "https://gitlab.com/YottaDB/DB/YDB/-/issues/828"
},
{
"type": "WEB",
"url": "https://sourceforge.net/projects/fis-gtm/files"
},
{
"type": "WEB",
"url": "http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WPHX-9M7P-VHWC
Vulnerability from github – Published: 2022-05-01 17:41 – Updated: 2022-05-01 17:41The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.
{
"affected": [],
"aliases": [
"CVE-2007-0039"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2007-05-08T23:19:00Z",
"severity": "HIGH"
},
"details": "The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.",
"id": "GHSA-wphx-9m7p-vhwc",
"modified": "2022-05-01T17:41:23Z",
"published": "2022-05-01T17:41:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0039"
},
{
"type": "WEB",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-026"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33888"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1593"
},
{
"type": "WEB",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063232.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/25183"
},
{
"type": "WEB",
"url": "http://www.determina.com/security.research/vulnerabilities/exchange-ical-modprops.html"
},
{
"type": "WEB",
"url": "http://www.osvdb.org/34390"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/468047/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/23808"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1018015"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-128A.html"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2007/1711"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-WPMX-4JMR-JX6R
Vulnerability from github – Published: 2023-08-29 06:30 – Updated: 2023-11-15 06:30An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.
{
"affected": [],
"aliases": [
"CVE-2023-41358"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-29T04:15:16Z",
"severity": "HIGH"
},
"details": "An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.",
"id": "GHSA-wpmx-4jmr-jx6r",
"modified": "2023-11-15T06:30:28Z",
"published": "2023-08-29T06:30:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41358"
},
{
"type": "WEB",
"url": "https://github.com/FRRouting/frr/pull/14260"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JLG64IF3FU7V76K4TKCCXVNEE6P2VUDO"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LMJNX44SMJM25JZO7XWHDQCOB4SNJPIE"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXR6PIVY4SWO7HDT4EY733H4X32SCPM4"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5495"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WPR2-JMM7-J55J
Vulnerability from github – Published: 2022-05-13 01:03 – Updated: 2022-05-13 01:03dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a debugging information entry using DWARF5 and without a DW_AT_name.
{
"affected": [],
"aliases": [
"CVE-2016-5041"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-04-10T16:59:00Z",
"severity": "HIGH"
},
"details": "dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a debugging information entry using DWARF5 and without a DW_AT_name.",
"id": "GHSA-wpr2-jmm7-j55j",
"modified": "2022-05-13T01:03:25Z",
"published": "2022-05-13T01:03:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5041"
},
{
"type": "WEB",
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WPR8-M35F-2W5C
Vulnerability from github – Published: 2026-06-10 00:31 – Updated: 2026-06-10 00:31An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polygon with a strict-winding CRS.
Strict-winding polygons are intentionally unsupported for indexing, but the guard that rejects them does not inspect members of a GeometryCollection, allowing the unsafe path to be reached which ends with an ensuing null-pointer dereference.
{
"affected": [],
"aliases": [
"CVE-2026-9752"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-09T23:17:04Z",
"severity": "HIGH"
},
"details": "An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polygon with a strict-winding CRS.\n\nStrict-winding polygons are intentionally unsupported for indexing, but the guard that rejects them does not inspect members of a GeometryCollection, allowing the unsafe path to be reached which ends with an ensuing null-pointer dereference.",
"id": "GHSA-wpr8-m35f-2w5c",
"modified": "2026-06-10T00:31:50Z",
"published": "2026-06-10T00:31:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9752"
},
{
"type": "WEB",
"url": "https://jira.mongodb.org/browse/SERVER-123440"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-WPRV-4WQ2-C8JP
Vulnerability from github – Published: 2026-05-28 12:30 – Updated: 2026-06-10 21:31In the Linux kernel, the following vulnerability has been resolved:
media: rockchip: rkcif: Add missing MUST_CONNECT flag to pads
The pads missed checks for connected devices which may a null dereference when the stream is enabled.
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020 pc : rkcif_interface_enable_streams+0x48/0xf0 lr : rkcif_interface_enable_streams+0x44/0xf0 Call trace: rkcif_interface_enable_streams+0x48/0xf0 v4l2_subdev_enable_streams+0x26c/0x3f0 rkcif_stream_start_streaming+0x140/0x278 vb2_start_streaming+0x74/0x188 vb2_core_streamon+0xe0/0x1d8 vb2_ioctl_streamon+0x60/0xa8 v4l_streamon+0x2c/0x40 __video_do_ioctl+0x34c/0x400 video_usercopy+0x2d0/0x800 video_ioctl2+0x20/0x60 v4l2_ioctl+0x48/0x78
{
"affected": [],
"aliases": [
"CVE-2026-46222"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-28T10:16:37Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rockchip: rkcif: Add missing MUST_CONNECT flag to pads\n\nThe pads missed checks for connected devices which may a null dereference\nwhen the stream is enabled.\n\nUnable to handle kernel NULL pointer dereference at virtual address\n0000000000000020\npc : rkcif_interface_enable_streams+0x48/0xf0\nlr : rkcif_interface_enable_streams+0x44/0xf0\nCall trace:\n rkcif_interface_enable_streams+0x48/0xf0\n v4l2_subdev_enable_streams+0x26c/0x3f0\n rkcif_stream_start_streaming+0x140/0x278\n vb2_start_streaming+0x74/0x188\n vb2_core_streamon+0xe0/0x1d8\n vb2_ioctl_streamon+0x60/0xa8\n v4l_streamon+0x2c/0x40\n __video_do_ioctl+0x34c/0x400\n video_usercopy+0x2d0/0x800\n video_ioctl2+0x20/0x60\n v4l2_ioctl+0x48/0x78",
"id": "GHSA-wprv-4wq2-c8jp",
"modified": "2026-06-10T21:31:25Z",
"published": "2026-05-28T12:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46222"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/318142640590342bfec7aa06d0bdcd0ddbf953d0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8e3c751259dc2d1325838eff26f41032523c7b57"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WQ3X-CWMW-CM9J
Vulnerability from github – Published: 2022-05-17 01:22 – Updated: 2025-04-20 03:43The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small.
{
"affected": [],
"aliases": [
"CVE-2017-13710"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-27T16:29:00Z",
"severity": "HIGH"
},
"details": "The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small.",
"id": "GHSA-wq3x-cwmw-cm9j",
"modified": "2025-04-20T03:43:51Z",
"published": "2022-05-17T01:22:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13710"
},
{
"type": "WEB",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=0c54f69295208331faab9bc5e995111a35672f9b"
},
{
"type": "WEB",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0c54f69295208331faab9bc5e995111a35672f9b"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/100499"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WQ43-RQVV-V7RP
Vulnerability from github – Published: 2022-05-14 03:25 – Updated: 2022-05-14 03:25In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, in a DIAG ioctl handler, an untrusted pointer dereference can occur.
{
"affected": [],
"aliases": [
"CVE-2015-9149"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-04-18T14:29:00Z",
"severity": "CRITICAL"
},
"details": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, in a DIAG ioctl handler, an untrusted pointer dereference can occur.",
"id": "GHSA-wq43-rqvv-v7rp",
"modified": "2022-05-14T03:25:49Z",
"published": "2022-05-14T03:25:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9149"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103671"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WQ92-R227-XXXP
Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-16 03:30In the Linux kernel, the following vulnerability has been resolved:
staging: greybus: lights: avoid NULL deref
gb_lights_light_config() stores channel_count before allocating the channels array. If kcalloc() fails, gb_lights_release() iterates the non-zero count and dereferences light->channels, which is NULL.
Allocate channels first and only then publish channels_count so the cleanup path can't walk a NULL pointer.
{
"affected": [],
"aliases": [
"CVE-2026-45978"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-27T14:17:14Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: greybus: lights: avoid NULL deref\n\ngb_lights_light_config() stores channel_count before allocating the\nchannels array. If kcalloc() fails, gb_lights_release() iterates the\nnon-zero count and dereferences light-\u003echannels, which is NULL.\n\nAllocate channels first and only then publish channels_count so the\ncleanup path can\u0027t walk a NULL pointer.",
"id": "GHSA-wq92-r227-xxxp",
"modified": "2026-06-16T03:30:33Z",
"published": "2026-05-27T15:33:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45978"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/01b91cb3e748032fd96bbe0043812b426a52f091"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/06162d85f830582da6e9e5fcf9c9504d6da9ae0b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3cbe694d235d96f628ec7dc6ae4d8bdddb768699"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/65f2c608096d766540953d9b170d216aa3b5eb95"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a118724d7641b832fa14323e2733e28ae4834552"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ba5022162da63059bae36c4fd84d7031f582c71f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/da46264a7016034a5bbbad034c012ef218b7d0af"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/efcffd9a6ad8d190651498d5eda53bfc7cf683a7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WQCW-WH9G-67RG
Vulnerability from github – Published: 2025-03-03 03:31 – Updated: 2025-03-03 15:31In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00791311 / MOLY01067019; Issue ID: MSV-2721.
{
"affected": [],
"aliases": [
"CVE-2025-20647"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-03T03:15:09Z",
"severity": "HIGH"
},
"details": "In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00791311 / MOLY01067019; Issue ID: MSV-2721.",
"id": "GHSA-wqcw-wh9g-67rg",
"modified": "2025-03-03T15:31:25Z",
"published": "2025-03-03T03:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20647"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/March-2025"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.