Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-476 (空指针解引用) — Vulnerability Class 1138

1138 vulnerabilities classified as CWE-476 (空指针解引用). AI Chinese analysis included.

CWE-476 represents a critical memory management weakness where software attempts to access memory through a pointer that holds a NULL value instead of a valid address. This error typically occurs when a function fails to allocate memory or validate input, yet the code proceeds to dereference the resulting null reference without checking its status. Attackers exploit this vulnerability by triggering the null condition, often causing the application to crash and resulting in a denial of service. In more complex scenarios, if the NULL pointer is manipulated to point to executable code, it may lead to arbitrary code execution or privilege escalation. To prevent this, developers must rigorously validate all pointers before use, ensuring they are not NULL. Implementing defensive programming practices, such as using assertions during development and comprehensive error handling in production, helps mitigate the risk of dereferencing invalid memory addresses.

MITRE CWE Description
The product dereferences a pointer that it expects to be valid but is NULL.
Common Consequences (2)
AvailabilityDoS: Crash, Exit, or Restart
NULL pointer dereferences usually result in the failure of the process unless exception handling (on some platforms) is available and implemented. Even when exception handling is being used, it can still be very difficult to return the software to a safe state of operation.
Integrity, ConfidentialityExecute Unauthorized Code or Commands, Read Memory, Modify Memory
In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution.
Mitigations (5)
ImplementationFor any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
RequirementsSelect a programming language that is not susceptible to these issues.
ImplementationCheck the results of all functions that return a value and verify that the value is non-null before acting upon it.
Effectiveness: Moderate
Architecture and DesignIdentify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
ImplementationExplicitly initialize all variables and other data stores, either during declaration or just before the first usage.
Examples (2)
This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.
void host_lookup(char *user_supplied_addr){ struct hostent *hp; in_addr_t *addr; char hostname[64]; in_addr_t inet_addr(const char *cp); /*routine that ensures user_supplied_addr is in the right format for conversion */ validate_addr_form(user_supplied_addr); addr = inet_addr(user_supplied_addr); hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET); strcpy(hostname, hp->h_name); }
Bad · C
In the following code, the programmer assumes that the system always has a property named "cmd" defined. If an attacker can control the program's environment so that "cmd" is not defined, the program throws a NULL pointer exception when it attempts to call the trim() method.
String cmd = System.getProperty("cmd"); cmd = cmd.trim();
Bad · Java
CVE IDTitleCVSSSeverityPublished
CVE-2022-24808 net-snmp: A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference — net-snmp 6.5 Medium2024-04-16
CVE-2023-51391 Micrium OS Network uC-HTTP server header parsing invalid pointer dereference vulnerability 7.5 High2024-04-16
CVE-2024-30403 Junos OS Evolved: When MAC learning happens, and an interface gets flapped, the PFE crashes — Junos OS Evolved 6.5 Medium2024-04-12
CVE-2024-20794 Adobe Animate 2024 WAV File Parsing Null Pointer Dereference — Animate 5.5 Medium2024-04-11
CVE-2024-26219 HTTP.sys Denial of Service Vulnerability — Windows 10 Version 1809 7.5 High2024-04-09
CVE-2024-26183 Windows Kerberos Denial of Service Vulnerability — Windows 10 Version 1809 6.5 Medium2024-04-09
CVE-2024-26277 Siemens Parasolid 代码问题漏洞 — JT2Go 3.3 Low2024-04-09
CVE-2024-0072 NVIDIA CUDA toolkit 安全漏洞 — NVIDIA CUDA Toolkit 3.3 Low2024-04-05
CVE-2024-31420 Cnv: dos through repeatedly calling vm-dump-metrics until virt handler crashes 6.5 Medium2024-04-03
CVE-2024-0079 CVE — vGPU driver, Cloud Gaming driver 6.5 Medium2024-03-27
CVE-2024-0075 CVE — GPU Display driver, vGPU driver, Cloud Gaming driver 6.1 Medium2024-03-27
CVE-2024-0078 CVE — GPU Display driver, vGPU driver, Cloud Gaming driver 6.5 Medium2024-03-27
CVE-2024-20312 Cisco IOS 和 IOS XE Software 安全漏洞 — IOS 7.4 High2024-03-27
CVE-2024-2496 Libvirt: null pointer dereference in udevconnectlistallinterfaces() 5.0 Medium2024-03-18
CVE-2024-2204 Zemana AntiLogger v2.74.204.664 - Denial of Service (DoS) — AntiLogger 5.5 Medium2024-03-15
CVE-2024-20266 Cisco IOS XR Software 安全漏洞 — Cisco IOS XR Software 5.3 Medium2024-03-13
CVE-2024-1443 MSI Afterburner v4.6.5.16370 - Denial of Service — MSI Afterburner 4.4 Medium2024-03-07
CVE-2023-43541 NULL Pointer Dereference in Windows Graphics — Snapdragon 8.4 High2024-03-04
CVE-2023-51394 Potential DoS for EFR32xxx parts in high traffic environments due to null buffer dereference / crash — Ember ZNet SDK 5.3 Medium2024-02-23
CVE-2023-29180 Fortinet FortiOS 安全漏洞 — FortiOS 7.3 High2024-02-22
CVE-2023-29179 Fortinet FortiOS 代码问题漏洞 — FortiProxy 6.4 Medium2024-02-22
CVE-2024-26130 cryptography NULL pointer deference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override — cryptography 7.5 High2024-02-21
CVE-2023-6247 OpenVPN 安全漏洞 — OpenVPN 3 Core Library 7.5 -2024-02-20
CVE-2023-6397 Zyxel ATP 代码问题漏洞 — ATP series firmware 6.5 Medium2024-02-20
CVE-2023-52371 Huawei EMUI 安全漏洞 — HarmonyOS 7.5AIHighAI2024-02-18
CVE-2024-21763 BIG-IP AFM vulnerability — BIG-IP 7.5 High2024-02-14
CVE-2024-24989 NGINX HTTP/3 QUIC vulnerability — NGINX Plus 7.5 High2024-02-14
CVE-2024-23308 BIG-IP Advanced WAF and ASM vulnerability — BIG-IP 7.5 High2024-02-14
CVE-2024-24775 BIG-IP TMM vulnerability — BIG-IP 7.5 High2024-02-14
CVE-2024-21356 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability — Windows 10 Version 1809 6.5 Medium2024-02-13

Vulnerabilities classified as CWE-476 (空指针解引用) represent 1138 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.