Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-476 (空指针解引用) — Vulnerability Class 1138

1138 vulnerabilities classified as CWE-476 (空指针解引用). AI Chinese analysis included.

CWE-476 represents a critical memory management weakness where software attempts to access memory through a pointer that holds a NULL value instead of a valid address. This error typically occurs when a function fails to allocate memory or validate input, yet the code proceeds to dereference the resulting null reference without checking its status. Attackers exploit this vulnerability by triggering the null condition, often causing the application to crash and resulting in a denial of service. In more complex scenarios, if the NULL pointer is manipulated to point to executable code, it may lead to arbitrary code execution or privilege escalation. To prevent this, developers must rigorously validate all pointers before use, ensuring they are not NULL. Implementing defensive programming practices, such as using assertions during development and comprehensive error handling in production, helps mitigate the risk of dereferencing invalid memory addresses.

MITRE CWE Description
The product dereferences a pointer that it expects to be valid but is NULL.
Common Consequences (2)
AvailabilityDoS: Crash, Exit, or Restart
NULL pointer dereferences usually result in the failure of the process unless exception handling (on some platforms) is available and implemented. Even when exception handling is being used, it can still be very difficult to return the software to a safe state of operation.
Integrity, ConfidentialityExecute Unauthorized Code or Commands, Read Memory, Modify Memory
In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution.
Mitigations (5)
ImplementationFor any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
RequirementsSelect a programming language that is not susceptible to these issues.
ImplementationCheck the results of all functions that return a value and verify that the value is non-null before acting upon it.
Effectiveness: Moderate
Architecture and DesignIdentify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
ImplementationExplicitly initialize all variables and other data stores, either during declaration or just before the first usage.
Examples (2)
This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.
void host_lookup(char *user_supplied_addr){ struct hostent *hp; in_addr_t *addr; char hostname[64]; in_addr_t inet_addr(const char *cp); /*routine that ensures user_supplied_addr is in the right format for conversion */ validate_addr_form(user_supplied_addr); addr = inet_addr(user_supplied_addr); hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET); strcpy(hostname, hp->h_name); }
Bad · C
In the following code, the programmer assumes that the system always has a property named "cmd" defined. If an attacker can control the program's environment so that "cmd" is not defined, the program throws a NULL pointer exception when it attempts to call the trim() method.
String cmd = System.getProperty("cmd"); cmd = cmd.trim();
Bad · Java
CVE IDTitleCVSSSeverityPublished
CVE-2025-8534 libtiff tiff2ps tiff2ps.c PS_Lvl2page null pointer dereference — libtiff 2.5 Low2025-08-04
CVE-2025-41691 CODESYS Control DoS via Unauthenticated NULL Pointer Dereference — Control RTE (SL) 7.5 High2025-08-04
CVE-2024-13978 LibTIFF fax2ps tiff2pdf.c t2p_read_tiff_init null pointer dereference — LibTIFF 2.5 Low2025-08-01
CVE-2025-53011 MaterialX is Vulnerable to NULL Pointer Dereference due to Unchecked implGraphOutput — MaterialX 5.5 -2025-08-01
CVE-2025-53010 MaterialX's unchecked nodeGraph->getOutput return is vulnerable to NULL Pointer Dereference — MaterialX 5.5 -2025-08-01
CVE-2025-49832 Asterisk is Vulnerable to Remote DoS and possible RCE Attacks During Memory Allocation — asterisk 6.5 Medium2025-08-01
CVE-2025-6398 ASUS AI Suite 3 安全漏洞 — AI Suite 6.5 -2025-08-01
CVE-2025-48073 OpenEXR ScanLineProcess::run_fill NULL Pointer Write In "reduceMemory" Mode — openexr 7.5AIHighAI2025-07-31
CVE-2025-8224 GNU Binutils BFD Library elf.c bfd_elf_get_str_section null pointer dereference — Binutils 3.3 Low2025-07-27
CVE-2025-8175 D-Link DI-8400 jhttpd usb_paswd.asp null pointer dereference — DI-8400 6.5 Medium2025-07-26
CVE-2025-8183 NULL Pointer Dereference in µD3TN — µD3TN 7.5 High2025-07-25
CVE-2025-8114 Libssh: null pointer dereference in libssh kex session id calculation 4.7 Medium2025-07-24
CVE-2025-36520 Bloomberg Comdb2 代码问题漏洞 — Comdb2 7.5 High2025-07-22
CVE-2025-48498 Bloomberg Comdb2 代码问题漏洞 — Comdb2 7.5 High2025-07-22
CVE-2025-35966 Bloomberg Comdb2 代码问题漏洞 — Comdb2 7.5 High2025-07-22
CVE-2025-7797 GPAC dash_client.c gf_dash_download_init_segment null pointer dereference — GPAC 5.3 Medium2025-07-18
CVE-2025-53817 GHSL-2025-059 - 7-Zip - Null pointer array write attempt in NArchive::NCom::CHandler::GetStream — 7-Zip 6.2AIMediumAI2025-07-17
CVE-2025-6491 NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix — PHP 5.9 Medium2025-07-13
CVE-2025-7462 Artifex GhostPDL New Output File Open Error gdevpdf.c pdf_ferror null pointer dereference — GhostPDL 4.3 Medium2025-07-12
CVE-2025-52984 Junos OS and Junos OS Evolved: When a static route points to a reject next-hop and a gNMI query for this route is processed, RPD crashes — Junos OS 5.9 Medium2025-07-11
CVE-2025-6395 Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite() 6.5 Medium2025-07-10
CVE-2025-7209 9fans plan9port x509.c value_decode null pointer dereference — plan9port 3.3 Low2025-07-09
CVE-2025-47119 Adobe Framemaker | NULL Pointer Dereference (CWE-476) — Adobe Framemaker 5.5 Medium2025-07-08
CVE-2025-49524 Illustrator | NULL Pointer Dereference (CWE-476) — Illustrator 5.5 Medium2025-07-08
CVE-2025-43583 Substance3D - Viewer | NULL Pointer Dereference (CWE-476) — Substance3D - Viewer 5.5 Medium2025-07-08
CVE-2025-49678 NTFS Elevation of Privilege Vulnerability — Windows 10 Version 1507 7.0 High2025-07-08
CVE-2025-49694 Microsoft Brokering File System Elevation of Privilege Vulnerability — Windows 11 Version 24H2 7.8 High2025-07-08
CVE-2025-49686 Windows TCP/IP Driver Elevation of Privilege Vulnerability — Windows 10 Version 1507 7.8 High2025-07-08
CVE-2025-47109 After Effects | NULL Pointer Dereference (CWE-476) — After Effects 5.5 Medium2025-07-08
CVE-2025-21433 NULL Pointer Dereference in SPS-HLOS — Snapdragon 6.2 Medium2025-07-08

Vulnerabilities classified as CWE-476 (空指针解引用) represent 1138 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.