Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6305 vulnerabilities reference this CWE, most recent first.

GHSA-XHVX-9W5H-Q8Q6

Vulnerability from github – Published: 2025-08-12 18:31 – Updated: 2025-08-12 18:31
VLAI
Details

Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to deny service over a network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-53716"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-12T18:15:40Z",
    "severity": "MODERATE"
  },
  "details": "Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to deny service over a network.",
  "id": "GHSA-xhvx-9w5h-q8q6",
  "modified": "2025-08-12T18:31:32Z",
  "published": "2025-08-12T18:31:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53716"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53716"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XHWR-F5XV-7GQC

Vulnerability from github – Published: 2023-03-17 09:30 – Updated: 2023-03-23 18:30
VLAI
Details

A vulnerability was found in Filseclab Twister Antivirus 8. It has been rated as critical. This issue affects some unknown processing in the library fildds.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223289 was assigned to this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-1444"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-404",
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-17T07:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in Filseclab Twister Antivirus 8. It has been rated as critical. This issue affects some unknown processing in the library fildds.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223289 was assigned to this vulnerability.",
  "id": "GHSA-xhwr-f5xv-7gqc",
  "modified": "2023-03-23T18:30:20Z",
  "published": "2023-03-17T09:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1444"
    },
    {
      "type": "WEB",
      "url": "https://drive.google.com/file/d/1KrkezTwgmt5CnhzlyyWVNLIAeiMvuDEr/view"
    },
    {
      "type": "WEB",
      "url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1444"
    },
    {
      "type": "WEB",
      "url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/unassigned11"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.223289"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.223289"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XHXP-853R-966X

Vulnerability from github – Published: 2025-09-16 15:32 – Updated: 2025-12-02 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: iwl4965: Add missing check for create_singlethread_workqueue()

Add the check for the return value of the create_singlethread_workqueue() in order to avoid NULL pointer dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53302"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-16T08:15:39Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwl4965: Add missing check for create_singlethread_workqueue()\n\nAdd the check for the return value of the create_singlethread_workqueue()\nin order to avoid NULL pointer dereference.",
  "id": "GHSA-xhxp-853r-966x",
  "modified": "2025-12-02T21:31:27Z",
  "published": "2025-09-16T15:32:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53302"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/26e6775f75517ad6844fe5b79bc5f3fa8c22ee61"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2f85c768bea2057e3299d19514da9e932c4f92d2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3185d6cfc59277a77bf311dce701b7e25193f66a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/874a85051cc8df8c5b928d8ff172b342cdc5424b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/878a7c8357764e08bc778bcb26127fc12a4b36b7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c002d2741400771171b68dde9af937a4dfa0d1b3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f15ef0ebcf56be1d4a3c9a7a80a1f1f82ab0eaad"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XJ47-998Q-QJGW

Vulnerability from github – Published: 2023-04-11 12:30 – Updated: 2023-04-14 18:30
VLAI
Details

In vdsp service, there is a missing permission check. This could lead to local denial of service in vdsp service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-47465"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-11T12:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In vdsp service, there is a missing permission check. This could lead to local denial of service in vdsp service.",
  "id": "GHSA-xj47-998q-qjgw",
  "modified": "2023-04-14T18:30:19Z",
  "published": "2023-04-11T12:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47465"
    },
    {
      "type": "WEB",
      "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1645429273135218690"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XJ5J-G4WP-WCF5

Vulnerability from github – Published: 2021-12-21 00:00 – Updated: 2021-12-21 00:00
VLAI
Details

Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-43748"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-20T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-xj5j-g4wp-wcf5",
  "modified": "2021-12-21T00:00:25Z",
  "published": "2021-12-21T00:00:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43748"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/premiere_rush/apsb21-101.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-XJ6G-C6GV-VMJP

Vulnerability from github – Published: 2024-07-29 18:30 – Updated: 2024-08-26 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

netfs: Fix netfs_page_mkwrite() to check folio->mapping is valid

Fix netfs_page_mkwrite() to check that folio->mapping is valid once it has taken the folio lock (as filemap_page_mkwrite() does). Without this, generic/247 occasionally oopses with something like the following:

BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page

RIP: 0010:trace_event_raw_event_netfs_folio+0x61/0xc0
...
Call Trace:
 <TASK>
 ? __die_body+0x1a/0x60
 ? page_fault_oops+0x6e/0xa0
 ? exc_page_fault+0xc2/0xe0
 ? asm_exc_page_fault+0x22/0x30
 ? trace_event_raw_event_netfs_folio+0x61/0xc0
 trace_netfs_folio+0x39/0x40
 netfs_page_mkwrite+0x14c/0x1d0
 do_page_mkwrite+0x50/0x90
 do_pte_missing+0x184/0x200
 __handle_mm_fault+0x42d/0x500
 handle_mm_fault+0x121/0x1f0
 do_user_addr_fault+0x23e/0x3c0
 exc_page_fault+0xc2/0xe0
 asm_exc_page_fault+0x22/0x30

This is due to the invalidate_inode_pages2_range() issued at the end of the DIO write interfering with the mmap'd writes.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-41083"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-29T16:15:03Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix netfs_page_mkwrite() to check folio-\u003emapping is valid\n\nFix netfs_page_mkwrite() to check that folio-\u003emapping is valid once it has\ntaken the folio lock (as filemap_page_mkwrite() does).  Without this,\ngeneric/247 occasionally oopses with something like the following:\n\n    BUG: kernel NULL pointer dereference, address: 0000000000000000\n    #PF: supervisor read access in kernel mode\n    #PF: error_code(0x0000) - not-present page\n\n    RIP: 0010:trace_event_raw_event_netfs_folio+0x61/0xc0\n    ...\n    Call Trace:\n     \u003cTASK\u003e\n     ? __die_body+0x1a/0x60\n     ? page_fault_oops+0x6e/0xa0\n     ? exc_page_fault+0xc2/0xe0\n     ? asm_exc_page_fault+0x22/0x30\n     ? trace_event_raw_event_netfs_folio+0x61/0xc0\n     trace_netfs_folio+0x39/0x40\n     netfs_page_mkwrite+0x14c/0x1d0\n     do_page_mkwrite+0x50/0x90\n     do_pte_missing+0x184/0x200\n     __handle_mm_fault+0x42d/0x500\n     handle_mm_fault+0x121/0x1f0\n     do_user_addr_fault+0x23e/0x3c0\n     exc_page_fault+0xc2/0xe0\n     asm_exc_page_fault+0x22/0x30\n\nThis is due to the invalidate_inode_pages2_range() issued at the end of the\nDIO write interfering with the mmap\u0027d writes.",
  "id": "GHSA-xj6g-c6gv-vmjp",
  "modified": "2024-08-26T15:31:14Z",
  "published": "2024-07-29T18:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41083"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3473eb87afd402e415a8ca885b284ea0420dde25"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a81c98bfa40c11f8ea79b5a9b3f5fda73bfbb4d2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XJ6J-6M68-MR7H

Vulnerability from github – Published: 2023-03-15 15:30 – Updated: 2023-03-20 21:30
VLAI
Details

Libde265 v1.0.11 was discovered to contain a segmentation violation via the function decoder_context::process_slice_segment_header at decctx.cc.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-27102"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-15T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Libde265 v1.0.11 was discovered to contain a segmentation violation via the function decoder_context::process_slice_segment_header at decctx.cc.",
  "id": "GHSA-xj6j-6m68-mr7h",
  "modified": "2023-03-20T21:30:17Z",
  "published": "2023-03-15T15:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27102"
    },
    {
      "type": "WEB",
      "url": "https://github.com/strukturag/libde265/issues/393"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00032.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XJ78-H3GX-CM6V

Vulnerability from github – Published: 2022-08-25 00:00 – Updated: 2022-08-29 20:06
VLAI
Details

A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-4209"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-24T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A NULL pointer dereference flaw was found in GnuTLS. As Nettle\u0027s hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.",
  "id": "GHSA-xj78-h3gx-cm6v",
  "modified": "2022-08-29T20:06:54Z",
  "published": "2022-08-25T00:00:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4209"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2021-4209"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044156"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gnutls/gnutls/-/issues/1306"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gnutls/gnutls/-/merge_requests/1503"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220915-0005"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XJ99-FRCV-MW43

Vulnerability from github – Published: 2025-07-07 03:30 – Updated: 2025-07-07 03:30
VLAI
Details

Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-53181"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-122",
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-07T03:15:29Z",
    "severity": "MODERATE"
  },
  "details": "Null pointer dereference vulnerability in the PDF preview module\nImpact: Successful exploitation of this vulnerability may affect function stability.",
  "id": "GHSA-xj99-frcv-mw43",
  "modified": "2025-07-07T03:30:23Z",
  "published": "2025-07-07T03:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53181"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2025/7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XJFV-R963-5467

Vulnerability from github – Published: 2025-09-04 12:30 – Updated: 2025-09-04 15:30
VLAI
Details

In TBD of TBD, there is a possible DoS due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-36894"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-04T10:42:29Z",
    "severity": "HIGH"
  },
  "details": "In TBD of TBD, there is a possible DoS due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.",
  "id": "GHSA-xjfv-r963-5467",
  "modified": "2025-09-04T15:30:28Z",
  "published": "2025-09-04T12:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36894"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2025-09-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.