CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6298 vulnerabilities reference this CWE, most recent first.
GHSA-5W4X-M7WQ-HCG9
Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2024-04-04 00:45asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote).
{
"affected": [],
"aliases": [
"CVE-2016-7550"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-05-23T19:29:00Z",
"severity": "HIGH"
},
"details": "asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote).",
"id": "GHSA-5w4x-m7wq-hcg9",
"modified": "2024-04-04T00:45:23Z",
"published": "2022-05-24T16:46:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7550"
},
{
"type": "WEB",
"url": "http://downloads.asterisk.org/pub/security/AST-2016-006.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5W55-Q3RH-9CGC
Vulnerability from github – Published: 2024-09-13 06:30 – Updated: 2026-03-25 12:30In the Linux kernel, the following vulnerability has been resolved:
usb: typec: ucsi: Move unregister out of atomic section
Commit '9329933699b3 ("soc: qcom: pmic_glink: Make client-lock non-sleeping")' moved the pmic_glink client list under a spinlock, as it is accessed by the rpmsg/glink callback, which in turn is invoked from IRQ context.
This means that ucsi_unregister() is now called from atomic context, which isn't feasible as it's expecting a sleepable context. An effort is under way to get GLINK to invoke its callbacks in a sleepable context, but until then lets schedule the unregistration.
A side effect of this is that ucsi_unregister() can now happen after the remote processor, and thereby the communication link with it, is gone. pmic_glink_send() is amended with a check to avoid the resulting NULL pointer dereference. This does however result in the user being informed about this error by the following entry in the kernel log:
ucsi_glink.pmic_glink_ucsi pmic_glink.ucsi.0: failed to send UCSI write request: -5
{
"affected": [],
"aliases": [
"CVE-2024-46691"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-13T06:15:13Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Move unregister out of atomic section\n\nCommit \u00279329933699b3 (\"soc: qcom: pmic_glink: Make client-lock\nnon-sleeping\")\u0027 moved the pmic_glink client list under a spinlock, as it\nis accessed by the rpmsg/glink callback, which in turn is invoked from\nIRQ context.\n\nThis means that ucsi_unregister() is now called from atomic context,\nwhich isn\u0027t feasible as it\u0027s expecting a sleepable context. An effort is\nunder way to get GLINK to invoke its callbacks in a sleepable context,\nbut until then lets schedule the unregistration.\n\nA side effect of this is that ucsi_unregister() can now happen\nafter the remote processor, and thereby the communication link with it, is\ngone. pmic_glink_send() is amended with a check to avoid the resulting NULL\npointer dereference.\nThis does however result in the user being informed about this error by\nthe following entry in the kernel log:\n\n ucsi_glink.pmic_glink_ucsi pmic_glink.ucsi.0: failed to send UCSI write request: -5",
"id": "GHSA-5w55-q3rh-9cgc",
"modified": "2026-03-25T12:30:17Z",
"published": "2024-09-13T06:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46691"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/095b0001aefddcd9361097c971b7debc84e72714"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/11bb2ffb679399f99041540cf662409905179e3a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1e3769aa0946c2b6e509c06d7a0aa9b955eaef9e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5W68-R965-R3M3
Vulnerability from github – Published: 2023-03-29 21:30 – Updated: 2023-04-05 15:30NASM v2.16 was discovered to contain a null pointer deference in the NASM component
{
"affected": [],
"aliases": [
"CVE-2022-44368"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-29T20:15:00Z",
"severity": "MODERATE"
},
"details": "NASM v2.16 was discovered to contain a null pointer deference in the NASM component",
"id": "GHSA-5w68-r965-r3m3",
"modified": "2023-04-05T15:30:24Z",
"published": "2023-03-29T21:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44368"
},
{
"type": "WEB",
"url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392820"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5W8H-HPXM-MP5F
Vulnerability from github – Published: 2022-05-14 02:19 – Updated: 2022-05-14 02:19Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate (subcomponent: Manager). Supported versions that are affected are 12.1.2.1.0, 12.2.0.2.0 and 12.3.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle GoldenGate. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
{
"affected": [],
"aliases": [
"CVE-2018-2914"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-10-17T01:31:00Z",
"severity": "HIGH"
},
"details": "Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate (subcomponent: Manager). Supported versions that are affected are 12.1.2.1.0, 12.2.0.2.0 and 12.3.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle GoldenGate. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"id": "GHSA-5w8h-hpxm-mp5f",
"modified": "2022-05-14T02:19:19Z",
"published": "2022-05-14T02:19:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-2914"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/research/tra-2018-31"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105651"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5W96-CQCP-75R4
Vulnerability from github – Published: 2024-05-03 18:30 – Updated: 2026-06-01 18:31In the Linux kernel, the following vulnerability has been resolved:
thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR
In some case, the GDDV returns a package with a buffer which has zero length. It causes that kmemdup() returns ZERO_SIZE_PTR (0x10).
Then the data_vault_read() got NULL point dereference problem when accessing the 0x10 value in data_vault.
[ 71.024560] BUG: kernel NULL pointer dereference, address: 0000000000000010
This patch uses ZERO_OR_NULL_PTR() for checking ZERO_SIZE_PTR or NULL value in data_vault.
{
"affected": [],
"aliases": [
"CVE-2022-48703"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-03T16:15:08Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR\n\nIn some case, the GDDV returns a package with a buffer which has\nzero length. It causes that kmemdup() returns ZERO_SIZE_PTR (0x10).\n\nThen the data_vault_read() got NULL point dereference problem when\naccessing the 0x10 value in data_vault.\n\n[ 71.024560] BUG: kernel NULL pointer dereference, address:\n0000000000000010\n\nThis patch uses ZERO_OR_NULL_PTR() for checking ZERO_SIZE_PTR or\nNULL value in data_vault.",
"id": "GHSA-5w96-cqcp-75r4",
"modified": "2026-06-01T18:31:18Z",
"published": "2024-05-03T18:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48703"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/39d5137085a6c37ace4680ee4d24020a4a03e7dc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/722588f17fd3d3a127e50718ec2caf22bd7e9daa"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7931e28098a4c1a2a6802510b0cbe57546d2049d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dae42083b045a4ddf71c57cf350cb2412b5915c2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5W9W-6M87-G4PF
Vulnerability from github – Published: 2026-06-17 18:35 – Updated: 2026-06-17 18:35A maliciously crafted RFA file, when converted to FormIt via “Convert RFA to FormIt” in Autodesk Revit, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition.
{
"affected": [],
"aliases": [
"CVE-2026-1288"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-17T17:16:42Z",
"severity": "MODERATE"
},
"details": "A maliciously crafted RFA file, when converted to FormIt via \u201cConvert RFA to FormIt\u201d in Autodesk Revit, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition.",
"id": "GHSA-5w9w-6m87-g4pf",
"modified": "2026-06-17T18:35:57Z",
"published": "2026-06-17T18:35:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1288"
},
{
"type": "WEB",
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"type": "WEB",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0007"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5WGV-V8W4-HVPR
Vulnerability from github – Published: 2024-10-21 18:30 – Updated: 2024-10-25 15:31In the Linux kernel, the following vulnerability has been resolved:
drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs
There are some cases, such as the one uncovered by Commit 46d4efcccc68 ("drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails") where
msm_gpu_cleanup() : platform_set_drvdata(gpu->pdev, NULL);
is called on gpu->pdev == NULL, as the GPU device has not been fully initialized yet.
Turns out that there's more than just the aforementioned path that causes this to happen (e.g. the case when there's speedbin data in the catalog, but opp-supported-hw is missing in DT).
Assigning msm_gpu->pdev earlier seems like the least painful solution to this, therefore do so.
Patchwork: https://patchwork.freedesktop.org/patch/602742/
{
"affected": [],
"aliases": [
"CVE-2024-49901"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T18:15:12Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/adreno: Assign msm_gpu-\u003epdev earlier to avoid nullptrs\n\nThere are some cases, such as the one uncovered by Commit 46d4efcccc68\n(\"drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails\")\nwhere\n\nmsm_gpu_cleanup() : platform_set_drvdata(gpu-\u003epdev, NULL);\n\nis called on gpu-\u003epdev == NULL, as the GPU device has not been fully\ninitialized yet.\n\nTurns out that there\u0027s more than just the aforementioned path that\ncauses this to happen (e.g. the case when there\u0027s speedbin data in the\ncatalog, but opp-supported-hw is missing in DT).\n\nAssigning msm_gpu-\u003epdev earlier seems like the least painful solution\nto this, therefore do so.\n\nPatchwork: https://patchwork.freedesktop.org/patch/602742/",
"id": "GHSA-5wgv-v8w4-hvpr",
"modified": "2024-10-25T15:31:26Z",
"published": "2024-10-21T18:30:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49901"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/16007768551d5bfe53426645401435ca8d2ef54f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9288a9676c529ad9c856096db68fad812499bc4a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9773737375b20070ea935203fd66cb9fa17c5acb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e8ac2060597a5768e4699bb61d604b4c09927b85"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5WMQ-RGWC-2FGC
Vulnerability from github – Published: 2022-05-24 16:44 – Updated: 2024-04-04 00:11A crash can occur when processing a crafted S/MIME message or an XPI package containing a crafted signature. This can be used as a denial-of-service (DOS) attack because Thunderbird reopens the last seen message on restart, triggering the crash again. This vulnerability affects Thunderbird < 60.5.
{
"affected": [],
"aliases": [
"CVE-2018-18513"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-04-26T17:29:00Z",
"severity": "HIGH"
},
"details": "A crash can occur when processing a crafted S/MIME message or an XPI package containing a crafted signature. This can be used as a denial-of-service (DOS) attack because Thunderbird reopens the last seen message on restart, triggering the crash again. This vulnerability affects Thunderbird \u003c 60.5.",
"id": "GHSA-5wmq-rgwc-2fgc",
"modified": "2024-04-04T00:11:08Z",
"published": "2022-05-24T16:44:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18513"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1533300"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2019-03"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5WQC-3HGV-X49W
Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2022-05-24 17:47NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a malicious MP4 file.
{
"affected": [],
"aliases": [
"CVE-2021-28300"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-14T14:15:00Z",
"severity": "CRITICAL"
},
"details": "NULL Pointer Dereference in the \"isomedia/track.c\" module\u0027s \"MergeTrack()\" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a malicious MP4 file.",
"id": "GHSA-5wqc-3hgv-x49w",
"modified": "2022-05-24T17:47:37Z",
"published": "2022-05-24T17:47:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28300"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/issues/1702"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-5WVV-JG2M-5J9P
Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2022-05-24 17:47The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
{
"affected": [],
"aliases": [
"CVE-2021-31258"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-19T19:15:00Z",
"severity": "MODERATE"
},
"details": "The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.",
"id": "GHSA-5wvv-jg2m-5j9p",
"modified": "2022-05-24T17:47:51Z",
"published": "2022-05-24T17:47:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31258"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/issues/1706"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/commit/ebfa346eff05049718f7b80041093b4c5581c24e"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.