Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-476 (空指针解引用) — Vulnerability Class 1138

1138 vulnerabilities classified as CWE-476 (空指针解引用). AI Chinese analysis included.

CWE-476 represents a critical memory management weakness where software attempts to access memory through a pointer that holds a NULL value instead of a valid address. This error typically occurs when a function fails to allocate memory or validate input, yet the code proceeds to dereference the resulting null reference without checking its status. Attackers exploit this vulnerability by triggering the null condition, often causing the application to crash and resulting in a denial of service. In more complex scenarios, if the NULL pointer is manipulated to point to executable code, it may lead to arbitrary code execution or privilege escalation. To prevent this, developers must rigorously validate all pointers before use, ensuring they are not NULL. Implementing defensive programming practices, such as using assertions during development and comprehensive error handling in production, helps mitigate the risk of dereferencing invalid memory addresses.

MITRE CWE Description
The product dereferences a pointer that it expects to be valid but is NULL.
Common Consequences (2)
AvailabilityDoS: Crash, Exit, or Restart
NULL pointer dereferences usually result in the failure of the process unless exception handling (on some platforms) is available and implemented. Even when exception handling is being used, it can still be very difficult to return the software to a safe state of operation.
Integrity, ConfidentialityExecute Unauthorized Code or Commands, Read Memory, Modify Memory
In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution.
Mitigations (5)
ImplementationFor any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
RequirementsSelect a programming language that is not susceptible to these issues.
ImplementationCheck the results of all functions that return a value and verify that the value is non-null before acting upon it.
Effectiveness: Moderate
Architecture and DesignIdentify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
ImplementationExplicitly initialize all variables and other data stores, either during declaration or just before the first usage.
Examples (2)
This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.
void host_lookup(char *user_supplied_addr){ struct hostent *hp; in_addr_t *addr; char hostname[64]; in_addr_t inet_addr(const char *cp); /*routine that ensures user_supplied_addr is in the right format for conversion */ validate_addr_form(user_supplied_addr); addr = inet_addr(user_supplied_addr); hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET); strcpy(hostname, hp->h_name); }
Bad · C
In the following code, the programmer assumes that the system always has a property named "cmd" defined. If an attacker can control the program's environment so that "cmd" is not defined, the program throws a NULL pointer exception when it attempts to call the trim() method.
String cmd = System.getProperty("cmd"); cmd = cmd.trim();
Bad · Java
CVE IDTitleCVSSSeverityPublished
CVE-2024-41836 InDesign Desktop | NULL Pointer Dereference (CWE-476) — InDesign Desktop 5.5 Medium2024-07-23
CVE-2024-41130 llama.cpp null pointer dereference in gguf_init_from_file — llama.cpp 5.4 Medium2024-07-22
CVE-2024-38536 Suricata http/range: NULL-ptr deref when http.memcap is reached — suricata 7.5 High2024-07-11
CVE-2024-38072 Windows Remote Desktop Licensing Service Denial of Service Vulnerability — Windows Server 2019 7.5 High2024-07-09
CVE-2024-37996 Siemens JT Open Toolkit 代码问题漏洞 — JT Open 3.3 Low2024-07-09
CVE-2024-3332 bt: host/smp: DoS caused by null pointer dereference — Zephyr 6.5 Medium2024-07-03
CVE-2024-38477 Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request — Apache HTTP Server 7.5 -2024-07-01
CVE-2024-36387 Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2 — Apache HTTP Server 7.5AIHighAI2024-07-01
CVE-2024-36982 Denial of Service through null pointer reference in “cluster/config” REST endpoint — Splunk Enterprise 7.5 High2024-07-01
CVE-2024-6063 GPAC MP4Box dmx_m2ts.c m2tsdmx_on_event null pointer dereference — GPAC 3.3 Low2024-06-17
CVE-2024-6062 GPAC MP4Box load_text.c swf_svg_add_iso_sample null pointer dereference — GPAC 3.3 Low2024-06-17
CVE-2024-37890 Denial of service when handling a request with many HTTP headers in ws — ws 7.5 High2024-06-17
CVE-2024-0086 CVE — vGPU software and Cloud Gaming 5.5 Medium2024-06-13
CVE-2024-30285 Adobe Audition 2024 MP4 File Parsing Null Pointer Dereference — Audition 5.5 Medium2024-06-13
CVE-2024-35200 NGINX HTTP/3 QUIC vulnerability — NGINX Open Source 5.3 Medium2024-05-29
CVE-2024-30295 When Animate parses FLA files, there is a UAF vulnerability caused by referencing uninitialized memory at Animate.exe+0x1149dcf — Animate 7.8 High2024-05-16
CVE-2024-30030 Win32k Elevation of Privilege Vulnerability — Windows Server 2008 Service Pack 2 7.8 High2024-05-14
CVE-2024-1914 OmniCore robot 代码问题漏洞 — RobotWare 6 6.5 Medium2024-05-14
CVE-2024-32637 Siemens 多款产品 代码问题漏洞 — JT2Go 3.3 Low2024-05-14
CVE-2024-25560 TMM Vulnerability — BIG-IP 7.5 High2024-05-08
CVE-2024-31078 Bluetooth Service has a use after free vulnerability — OpenHarmony 3.3 Low2024-05-07
CVE-2024-33600 nscd: Null pointer crashes after notfound response — glibc 7.5 -2024-05-06
CVE-2023-32171 Unified Automation UaGateway OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability — UaGateway 6.5 -2024-05-03
CVE-2023-27336 Softing edgeConnector Siemens OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability — edgeConnector Siemens 7.5 -2024-05-03
CVE-2024-32661 FreeRDP rdp_write_logon_info_v1 NULL access — FreeRDP 7.5 High2024-04-23
CVE-2024-1241 Watchdog Antivirus v1.6.415 - Denial of Service — Watchdog Antivirus 5.5 Medium2024-04-23
CVE-2023-49275 Wazuh vulnerable to NULL Pointer Dereference in wazuh-analysisd — wazuh 6.5 Medium2024-04-19
CVE-2024-24856 NULL pointer deference in acpi_db_convert_to_package of Linux acpi module — Anolis OS 5.3 Medium2024-04-17
CVE-2022-24810 net-snmp: A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference. — net-snmp 6.5 Medium2024-04-16
CVE-2022-24809 net-snmp: A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference — net-snmp 6.5 Medium2024-04-16

Vulnerabilities classified as CWE-476 (空指针解引用) represent 1138 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.