Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-476 (空指针解引用) — Vulnerability Class 1138

1138 vulnerabilities classified as CWE-476 (空指针解引用). AI Chinese analysis included.

CWE-476 represents a critical memory management weakness where software attempts to access memory through a pointer that holds a NULL value instead of a valid address. This error typically occurs when a function fails to allocate memory or validate input, yet the code proceeds to dereference the resulting null reference without checking its status. Attackers exploit this vulnerability by triggering the null condition, often causing the application to crash and resulting in a denial of service. In more complex scenarios, if the NULL pointer is manipulated to point to executable code, it may lead to arbitrary code execution or privilege escalation. To prevent this, developers must rigorously validate all pointers before use, ensuring they are not NULL. Implementing defensive programming practices, such as using assertions during development and comprehensive error handling in production, helps mitigate the risk of dereferencing invalid memory addresses.

MITRE CWE Description
The product dereferences a pointer that it expects to be valid but is NULL.
Common Consequences (2)
AvailabilityDoS: Crash, Exit, or Restart
NULL pointer dereferences usually result in the failure of the process unless exception handling (on some platforms) is available and implemented. Even when exception handling is being used, it can still be very difficult to return the software to a safe state of operation.
Integrity, ConfidentialityExecute Unauthorized Code or Commands, Read Memory, Modify Memory
In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution.
Mitigations (5)
ImplementationFor any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
RequirementsSelect a programming language that is not susceptible to these issues.
ImplementationCheck the results of all functions that return a value and verify that the value is non-null before acting upon it.
Effectiveness: Moderate
Architecture and DesignIdentify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
ImplementationExplicitly initialize all variables and other data stores, either during declaration or just before the first usage.
Examples (2)
This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.
void host_lookup(char *user_supplied_addr){ struct hostent *hp; in_addr_t *addr; char hostname[64]; in_addr_t inet_addr(const char *cp); /*routine that ensures user_supplied_addr is in the right format for conversion */ validate_addr_form(user_supplied_addr); addr = inet_addr(user_supplied_addr); hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET); strcpy(hostname, hp->h_name); }
Bad · C
In the following code, the programmer assumes that the system always has a property named "cmd" defined. If an attacker can control the program's environment so that "cmd" is not defined, the program throws a NULL pointer exception when it attempts to call the trim() method.
String cmd = System.getProperty("cmd"); cmd = cmd.trim();
Bad · Java
CVE IDTitleCVSSSeverityPublished
CVE-2021-1116 NVIDIA Windows GPU Display Driver 代码问题漏洞 — NVIDIA GPU Display Driver 5.5 Medium2021-10-27
CVE-2021-1115 NVIDIA Windows GPU Display Driver 代码问题漏洞 — NVIDIA GPU Display Driver 6.5 Medium2021-10-27
CVE-2021-34586 CODESYS V2 web server: crafted requests could trigger a null pointer dereference (DoS) — CODESYS V2 7.5 High2021-10-26
CVE-2021-40732 XMP Toolkit SDK Null Pointer Dereference — XMP Toolkit 6.1 Medium2021-10-13
CVE-2021-3322 Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr — zephyr 6.5 Medium2021-10-12
CVE-2021-3671 Samba 代码问题漏洞 — Samba 6.5 -2021-10-12
CVE-2021-25491 Samsung SMR 代码问题漏洞 — Samsung Mobile Devices 2.3 Low2021-10-06
CVE-2021-3319 DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses — zephyr 6.5 Medium2021-10-05
CVE-2021-41524 null pointer dereference in h2 fuzzing — Apache HTTP Server 7.5 -2021-10-05
CVE-2021-39860 Adobe Acrobat Reader DC Search Plugin Null Pointer Dereference — Acrobat Reader 5.5 Medium2021-09-29
CVE-2021-39854 Adobe Acrobat Reader DC Null Pointer Dereference Could Lead To Application Denial-of-Service — Acrobat Reader 5.5 -2021-09-29
CVE-2021-39849 Adobe Acrobat Reader DC Null Pointer Dereference Could Lead To Application Denial-of-Service — Acrobat Reader 5.5 Medium2021-09-29
CVE-2021-39850 Adobe Acrobat Reader DC Null Pointer Dereference Could Lead To Application Denial-of-Service — Acrobat Reader 5.5 Medium2021-09-29
CVE-2021-39852 Adobe Acrobat Reader DC Null Pointer Dereference Could Lead To Application Denial-of-Service — Acrobat Reader 5.5 Medium2021-09-29
CVE-2021-39851 Adobe Acrobat Reader DC Null Pointer Dereference Could Lead To Application Denial-of-Service — Acrobat Reader 5.5 Medium2021-09-29
CVE-2021-39853 Adobe Acrobat Reader DC Null Pointer Dereference Could Lead To Application Denial-of-Service — Acrobat Reader 5.5 -2021-09-29
CVE-2021-32987 AVEVA SuiteLink Server Null Pointer Dereference — AVEVA System Platform 2020 7.5 High2021-09-23
CVE-2021-32979 AVEVA SuiteLink Server Null Pointer Dereference — AVEVA System Platform 2020 7.5 High2021-09-23
CVE-2021-32971 AVEVA SuiteLink Server Null Pointer Dereference — AVEVA System Platform 2020 7.5 High2021-09-23
CVE-2021-32963 AVEVA SuiteLink Server Null Pointer Dereference — AVEVA System Platform 2020 7.5 High2021-09-23
CVE-2021-34798 NULL pointer dereference in httpd core — Apache HTTP Server 7.5 -2021-09-16
CVE-2021-25462 Samsung NPU driver 代码问题漏洞 — Samsung Mobile Devices 3.3 Low2021-09-09
CVE-2021-25458 Samsung Mobile Device 代码问题漏洞 — Samsung Mobile Devices 3.3 Low2021-09-09
CVE-2021-34737 Cisco IOS XR Software DHCP Version 4 Server Denial of Service Vulnerability — Cisco IOS XR Software 5.8 Medium2021-09-09
CVE-2021-22792 Schneider Electric Modicon M580 CPU 代码问题漏洞 — Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions) 6.5 -2021-09-02
CVE-2021-28601 Adobe After Effects NULL Pointer Dereference vulnerability — After Effects 3.3 Low2021-08-24
CVE-2021-35984 Adobe Acrobat Pro DC PDFLibTool Null Pointer Dereference Bug — Acrobat Reader 5.5 Medium2021-08-20
CVE-2021-35985 Adobe Acrobat Pro DC PDFLibTool Null Pointer Dereference Bug — Acrobat Reader 5.5 Medium2021-08-20
CVE-2021-37681 Null pointer exception in TensorFlow Lite — tensorflow 7.8 High2021-08-12
CVE-2021-37689 Null pointer dereference in TensorFlow Lite MLIR optimizations — tensorflow 7.8 High2021-08-12

Vulnerabilities classified as CWE-476 (空指针解引用) represent 1138 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.