Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-476 (空指针解引用) — Vulnerability Class 1138

1138 vulnerabilities classified as CWE-476 (空指针解引用). AI Chinese analysis included.

CWE-476 represents a critical memory management weakness where software attempts to access memory through a pointer that holds a NULL value instead of a valid address. This error typically occurs when a function fails to allocate memory or validate input, yet the code proceeds to dereference the resulting null reference without checking its status. Attackers exploit this vulnerability by triggering the null condition, often causing the application to crash and resulting in a denial of service. In more complex scenarios, if the NULL pointer is manipulated to point to executable code, it may lead to arbitrary code execution or privilege escalation. To prevent this, developers must rigorously validate all pointers before use, ensuring they are not NULL. Implementing defensive programming practices, such as using assertions during development and comprehensive error handling in production, helps mitigate the risk of dereferencing invalid memory addresses.

MITRE CWE Description
The product dereferences a pointer that it expects to be valid but is NULL.
Common Consequences (2)
AvailabilityDoS: Crash, Exit, or Restart
NULL pointer dereferences usually result in the failure of the process unless exception handling (on some platforms) is available and implemented. Even when exception handling is being used, it can still be very difficult to return the software to a safe state of operation.
Integrity, ConfidentialityExecute Unauthorized Code or Commands, Read Memory, Modify Memory
In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution.
Mitigations (5)
ImplementationFor any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
RequirementsSelect a programming language that is not susceptible to these issues.
ImplementationCheck the results of all functions that return a value and verify that the value is non-null before acting upon it.
Effectiveness: Moderate
Architecture and DesignIdentify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
ImplementationExplicitly initialize all variables and other data stores, either during declaration or just before the first usage.
Examples (2)
This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.
void host_lookup(char *user_supplied_addr){ struct hostent *hp; in_addr_t *addr; char hostname[64]; in_addr_t inet_addr(const char *cp); /*routine that ensures user_supplied_addr is in the right format for conversion */ validate_addr_form(user_supplied_addr); addr = inet_addr(user_supplied_addr); hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET); strcpy(hostname, hp->h_name); }
Bad · C
In the following code, the programmer assumes that the system always has a property named "cmd" defined. If an attacker can control the program's environment so that "cmd" is not defined, the program throws a NULL pointer exception when it attempts to call the trim() method.
String cmd = System.getProperty("cmd"); cmd = cmd.trim();
Bad · Java
CVE IDTitleCVSSSeverityPublished
CVE-2026-8252 Open5GS SMF smf_nsmf_handle_create_data_in_hsmf null pointer dereference — Open5GS 4.3 Medium2026-05-10
CVE-2026-7259 Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init() — PHP 7.5AIHighAI2026-05-10
CVE-2026-7262 NULL pointer dereference in SOAP apache:Map decoder with missing <value> — PHP 7.5AIHighAI2026-05-10
CVE-2026-42183 Argo Workflows: SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go) — argo-workflows 6.5AIMediumAI2026-05-09
CVE-2026-6666 PgBouncer crash in kill_pool_logins_server_error — PgBouncer 5.9 Medium2026-05-09
CVE-2026-41684 Incus: Nil Dereferences on Restore via Malformed YAML — incus 6.5 Medium2026-05-07
CVE-2026-41647 Incus: Nil-Pointer Dereference via S3 Bucket Import — incus 6.5 Medium2026-05-07
CVE-2026-42285 GoBGP: Panic in AdjRib.Update via malformed BGP Update message (Nil Pointer Dereference) — gobgp 7.5 High2026-05-07
CVE-2026-41642 GoBGP: Remote Denial of Service (Panic) via Malformed Well-known Path Attribute — gobgp 7.5 High2026-05-07
CVE-2026-8063 Post-auth null pointer dereference when aggregating against a view with empty search pipeline — MongoDB Server 6.5 Medium2026-05-07
CVE-2026-44602 Tor 代码问题漏洞 — Tor 3.7 Low2026-05-07
CVE-2026-40197 Incus nil-pointer dereference in custom volume import allows denial of service — incus 6.5AIMediumAI2026-05-06
CVE-2026-40195 Incus nil-pointer dereference in storage bucket import allows denial of service — incus 6.5AIMediumAI2026-05-06
CVE-2026-29169 Apache HTTP Server: mod_dav_lock indirect lock crash — Apache HTTP Server 7.5 -2026-05-04
CVE-2026-33007 Apache HTTP Server: mod_authn_socache crash — Apache HTTP Server 7.5 -2026-05-04
CVE-2026-43864 mutt 代码问题漏洞 — mutt 2.5 Low2026-05-04
CVE-2026-7701 Telegram Desktop Bot API url_auth_box.cpp RequestButton null pointer dereference — Desktop 4.3 Medium2026-05-03
CVE-2026-6525 NULL Pointer Dereference in Wireshark — Wireshark 5.5 Medium2026-05-02
CVE-2026-42800 Deference after null check in ims_client sip — Lapwing_Linux 7.4 High2026-04-30
CVE-2026-6526 NULL Pointer Dereference in Wireshark — Wireshark 5.5 Medium2026-04-30
CVE-2026-7376 NULL Pointer Dereference in Wireshark — Wireshark 5.5 Medium2026-04-30
CVE-2026-40355 MIT Kerberos 代码问题漏洞 — Kerberos 5 5.9 Medium2026-04-28
CVE-2026-6845 Binutils: binutils: denial of service via crafted elf file — Red Hat Enterprise Linux 10 5.0 Medium2026-04-22
CVE-2026-28224 Firebird Null Pointer Dereference via CryptCallback causes DOS — firebird 8.2 High2026-04-17
CVE-2026-28212 Firebird has potential server crash via null pointer dereference when processing op_slice packet — firebird 7.5 High2026-04-17
CVE-2026-32216 Windows Redirected Drive Buffering System Denial of Service Vulnerability — Windows 11 version 26H1 5.5 Medium2026-04-14
CVE-2026-32071 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability — Windows 10 Version 1607 7.5 High2026-04-14
CVE-2026-32894 Chamilo LMS has an IDOR in Gradebook Allows Cross-Course Deletion of Any Student's Grade Result — chamilo-lms 7.1 High2026-04-10
CVE-2026-1584 Gnutls: gnutls: remote denial of service via crafted clienthello with invalid psk binder — Red Hat Hardened Images 7.5 High2026-04-09
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo — OpenSSL 7.5AIHighAI2026-04-07

Vulnerabilities classified as CWE-476 (空指针解引用) represent 1138 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.