Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6298 vulnerabilities reference this CWE, most recent first.

GHSA-5W4X-M7WQ-HCG9

Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2024-04-04 00:45
VLAI
Details

asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-7550"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-05-23T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote).",
  "id": "GHSA-5w4x-m7wq-hcg9",
  "modified": "2024-04-04T00:45:23Z",
  "published": "2022-05-24T16:46:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7550"
    },
    {
      "type": "WEB",
      "url": "http://downloads.asterisk.org/pub/security/AST-2016-006.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5W55-Q3RH-9CGC

Vulnerability from github – Published: 2024-09-13 06:30 – Updated: 2026-03-25 12:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

usb: typec: ucsi: Move unregister out of atomic section

Commit '9329933699b3 ("soc: qcom: pmic_glink: Make client-lock non-sleeping")' moved the pmic_glink client list under a spinlock, as it is accessed by the rpmsg/glink callback, which in turn is invoked from IRQ context.

This means that ucsi_unregister() is now called from atomic context, which isn't feasible as it's expecting a sleepable context. An effort is under way to get GLINK to invoke its callbacks in a sleepable context, but until then lets schedule the unregistration.

A side effect of this is that ucsi_unregister() can now happen after the remote processor, and thereby the communication link with it, is gone. pmic_glink_send() is amended with a check to avoid the resulting NULL pointer dereference. This does however result in the user being informed about this error by the following entry in the kernel log:

ucsi_glink.pmic_glink_ucsi pmic_glink.ucsi.0: failed to send UCSI write request: -5

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-46691"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-13T06:15:13Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Move unregister out of atomic section\n\nCommit \u00279329933699b3 (\"soc: qcom: pmic_glink: Make client-lock\nnon-sleeping\")\u0027 moved the pmic_glink client list under a spinlock, as it\nis accessed by the rpmsg/glink callback, which in turn is invoked from\nIRQ context.\n\nThis means that ucsi_unregister() is now called from atomic context,\nwhich isn\u0027t feasible as it\u0027s expecting a sleepable context. An effort is\nunder way to get GLINK to invoke its callbacks in a sleepable context,\nbut until then lets schedule the unregistration.\n\nA side effect of this is that ucsi_unregister() can now happen\nafter the remote processor, and thereby the communication link with it, is\ngone. pmic_glink_send() is amended with a check to avoid the resulting NULL\npointer dereference.\nThis does however result in the user being informed about this error by\nthe following entry in the kernel log:\n\n  ucsi_glink.pmic_glink_ucsi pmic_glink.ucsi.0: failed to send UCSI write request: -5",
  "id": "GHSA-5w55-q3rh-9cgc",
  "modified": "2026-03-25T12:30:17Z",
  "published": "2024-09-13T06:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46691"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/095b0001aefddcd9361097c971b7debc84e72714"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/11bb2ffb679399f99041540cf662409905179e3a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1e3769aa0946c2b6e509c06d7a0aa9b955eaef9e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5W68-R965-R3M3

Vulnerability from github – Published: 2023-03-29 21:30 – Updated: 2023-04-05 15:30
VLAI
Details

NASM v2.16 was discovered to contain a null pointer deference in the NASM component

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-44368"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-29T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "NASM v2.16 was discovered to contain a null pointer deference in the NASM component",
  "id": "GHSA-5w68-r965-r3m3",
  "modified": "2023-04-05T15:30:24Z",
  "published": "2023-03-29T21:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44368"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392820"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5W8H-HPXM-MP5F

Vulnerability from github – Published: 2022-05-14 02:19 – Updated: 2022-05-14 02:19
VLAI
Details

Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate (subcomponent: Manager). Supported versions that are affected are 12.1.2.1.0, 12.2.0.2.0 and 12.3.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle GoldenGate. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-2914"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-17T01:31:00Z",
    "severity": "HIGH"
  },
  "details": "Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate (subcomponent: Manager). Supported versions that are affected are 12.1.2.1.0, 12.2.0.2.0 and 12.3.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle GoldenGate. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
  "id": "GHSA-5w8h-hpxm-mp5f",
  "modified": "2022-05-14T02:19:19Z",
  "published": "2022-05-14T02:19:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-2914"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/security/research/tra-2018-31"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105651"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5W96-CQCP-75R4

Vulnerability from github – Published: 2024-05-03 18:30 – Updated: 2026-06-01 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR

In some case, the GDDV returns a package with a buffer which has zero length. It causes that kmemdup() returns ZERO_SIZE_PTR (0x10).

Then the data_vault_read() got NULL point dereference problem when accessing the 0x10 value in data_vault.

[ 71.024560] BUG: kernel NULL pointer dereference, address: 0000000000000010

This patch uses ZERO_OR_NULL_PTR() for checking ZERO_SIZE_PTR or NULL value in data_vault.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-48703"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-03T16:15:08Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR\n\nIn some case, the GDDV returns a package with a buffer which has\nzero length. It causes that kmemdup() returns ZERO_SIZE_PTR (0x10).\n\nThen the data_vault_read() got NULL point dereference problem when\naccessing the 0x10 value in data_vault.\n\n[   71.024560] BUG: kernel NULL pointer dereference, address:\n0000000000000010\n\nThis patch uses ZERO_OR_NULL_PTR() for checking ZERO_SIZE_PTR or\nNULL value in data_vault.",
  "id": "GHSA-5w96-cqcp-75r4",
  "modified": "2026-06-01T18:31:18Z",
  "published": "2024-05-03T18:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48703"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/39d5137085a6c37ace4680ee4d24020a4a03e7dc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/722588f17fd3d3a127e50718ec2caf22bd7e9daa"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7931e28098a4c1a2a6802510b0cbe57546d2049d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dae42083b045a4ddf71c57cf350cb2412b5915c2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5W9W-6M87-G4PF

Vulnerability from github – Published: 2026-06-17 18:35 – Updated: 2026-06-17 18:35
VLAI
Details

A maliciously crafted RFA file, when converted to FormIt via “Convert RFA to FormIt” in Autodesk Revit, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-1288"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-17T17:16:42Z",
    "severity": "MODERATE"
  },
  "details": "A maliciously crafted RFA file, when converted to FormIt via \u201cConvert RFA to FormIt\u201d in Autodesk Revit, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition.",
  "id": "GHSA-5w9w-6m87-g4pf",
  "modified": "2026-06-17T18:35:57Z",
  "published": "2026-06-17T18:35:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1288"
    },
    {
      "type": "WEB",
      "url": "https://www.autodesk.com/products/autodesk-access/overview"
    },
    {
      "type": "WEB",
      "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0007"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5WGV-V8W4-HVPR

Vulnerability from github – Published: 2024-10-21 18:30 – Updated: 2024-10-25 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs

There are some cases, such as the one uncovered by Commit 46d4efcccc68 ("drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails") where

msm_gpu_cleanup() : platform_set_drvdata(gpu->pdev, NULL);

is called on gpu->pdev == NULL, as the GPU device has not been fully initialized yet.

Turns out that there's more than just the aforementioned path that causes this to happen (e.g. the case when there's speedbin data in the catalog, but opp-supported-hw is missing in DT).

Assigning msm_gpu->pdev earlier seems like the least painful solution to this, therefore do so.

Patchwork: https://patchwork.freedesktop.org/patch/602742/

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49901"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T18:15:12Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/adreno: Assign msm_gpu-\u003epdev earlier to avoid nullptrs\n\nThere are some cases, such as the one uncovered by Commit 46d4efcccc68\n(\"drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails\")\nwhere\n\nmsm_gpu_cleanup() : platform_set_drvdata(gpu-\u003epdev, NULL);\n\nis called on gpu-\u003epdev == NULL, as the GPU device has not been fully\ninitialized yet.\n\nTurns out that there\u0027s more than just the aforementioned path that\ncauses this to happen (e.g. the case when there\u0027s speedbin data in the\ncatalog, but opp-supported-hw is missing in DT).\n\nAssigning msm_gpu-\u003epdev earlier seems like the least painful solution\nto this, therefore do so.\n\nPatchwork: https://patchwork.freedesktop.org/patch/602742/",
  "id": "GHSA-5wgv-v8w4-hvpr",
  "modified": "2024-10-25T15:31:26Z",
  "published": "2024-10-21T18:30:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49901"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/16007768551d5bfe53426645401435ca8d2ef54f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9288a9676c529ad9c856096db68fad812499bc4a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9773737375b20070ea935203fd66cb9fa17c5acb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e8ac2060597a5768e4699bb61d604b4c09927b85"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5WMQ-RGWC-2FGC

Vulnerability from github – Published: 2022-05-24 16:44 – Updated: 2024-04-04 00:11
VLAI
Details

A crash can occur when processing a crafted S/MIME message or an XPI package containing a crafted signature. This can be used as a denial-of-service (DOS) attack because Thunderbird reopens the last seen message on restart, triggering the crash again. This vulnerability affects Thunderbird < 60.5.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-18513"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-04-26T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "A crash can occur when processing a crafted S/MIME message or an XPI package containing a crafted signature. This can be used as a denial-of-service (DOS) attack because Thunderbird reopens the last seen message on restart, triggering the crash again. This vulnerability affects Thunderbird \u003c 60.5.",
  "id": "GHSA-5wmq-rgwc-2fgc",
  "modified": "2024-04-04T00:11:08Z",
  "published": "2022-05-24T16:44:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18513"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1533300"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2019-03"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5WQC-3HGV-X49W

Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2022-05-24 17:47
VLAI
Details

NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a malicious MP4 file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-28300"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-14T14:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "NULL Pointer Dereference in the \"isomedia/track.c\" module\u0027s \"MergeTrack()\" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a malicious MP4 file.",
  "id": "GHSA-5wqc-3hgv-x49w",
  "modified": "2022-05-24T17:47:37Z",
  "published": "2022-05-24T17:47:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28300"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/issues/1702"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-5WVV-JG2M-5J9P

Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2022-05-24 17:47
VLAI
Details

The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-31258"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-19T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.",
  "id": "GHSA-5wvv-jg2m-5j9p",
  "modified": "2022-05-24T17:47:51Z",
  "published": "2022-05-24T17:47:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31258"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/issues/1706"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/commit/ebfa346eff05049718f7b80041093b4c5581c24e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.