Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-476 (空指针解引用) — Vulnerability Class 1134

1134 vulnerabilities classified as CWE-476 (空指针解引用). AI Chinese analysis included.

CWE-476 represents a critical memory management weakness where software attempts to access memory through a pointer that holds a NULL value instead of a valid address. This error typically occurs when a function fails to allocate memory or validate input, yet the code proceeds to dereference the resulting null reference without checking its status. Attackers exploit this vulnerability by triggering the null condition, often causing the application to crash and resulting in a denial of service. In more complex scenarios, if the NULL pointer is manipulated to point to executable code, it may lead to arbitrary code execution or privilege escalation. To prevent this, developers must rigorously validate all pointers before use, ensuring they are not NULL. Implementing defensive programming practices, such as using assertions during development and comprehensive error handling in production, helps mitigate the risk of dereferencing invalid memory addresses.

MITRE CWE Description
The product dereferences a pointer that it expects to be valid but is NULL.
Common Consequences (2)
AvailabilityDoS: Crash, Exit, or Restart
NULL pointer dereferences usually result in the failure of the process unless exception handling (on some platforms) is available and implemented. Even when exception handling is being used, it can still be very difficult to return the software to a safe state of operation.
Integrity, ConfidentialityExecute Unauthorized Code or Commands, Read Memory, Modify Memory
In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution.
Mitigations (5)
ImplementationFor any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
RequirementsSelect a programming language that is not susceptible to these issues.
ImplementationCheck the results of all functions that return a value and verify that the value is non-null before acting upon it.
Effectiveness: Moderate
Architecture and DesignIdentify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
ImplementationExplicitly initialize all variables and other data stores, either during declaration or just before the first usage.
Examples (2)
This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.
void host_lookup(char *user_supplied_addr){ struct hostent *hp; in_addr_t *addr; char hostname[64]; in_addr_t inet_addr(const char *cp); /*routine that ensures user_supplied_addr is in the right format for conversion */ validate_addr_form(user_supplied_addr); addr = inet_addr(user_supplied_addr); hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET); strcpy(hostname, hp->h_name); }
Bad · C
In the following code, the programmer assumes that the system always has a property named "cmd" defined. If an attacker can control the program's environment so that "cmd" is not defined, the program throws a NULL pointer exception when it attempts to call the trim() method.
String cmd = System.getProperty("cmd"); cmd = cmd.trim();
Bad · Java
CVE IDTitleCVSSSeverityPublished
CVE-2026-1991 libuvc UVC Descriptor device.c uvc_scan_streaming null pointer dereference — libuvc 3.3 Low2026-02-06
CVE-2026-1990 oatpp Type.hpp ObjectWrapper null pointer dereference — oatpp 3.3 Low2026-02-06
CVE-2026-1976 Free5GC SMF SessionDeletionResponse null pointer dereference — Free5GC 5.3 Medium2026-02-06
CVE-2026-1975 Free5GC pfcp_reports.go identityTriggerType null pointer dereference — Free5GC 5.3 Medium2026-02-06
CVE-2026-1973 Free5GC SMF establishPfcpSession null pointer dereference — Free5GC 5.3 Medium2026-02-06
CVE-2025-68699 NanoMQ $share/ Subscription Validation and Forwarding Parsing Inconsistency: NULL Pointer Increment Causes Crash — nanomq 6.5 Medium2026-02-04
CVE-2026-1739 Free5GC pcf smpolicy.go HandleCreateSmPolicyRequest null pointer dereference — pcf 5.3 Medium2026-02-02
CVE-2026-1682 Free5GC SMF PFCP UDP Endpoint handler.go HandlePfcpAssociationReleaseRequest null pointer dereference — SMF 5.3 Medium2026-01-30
CVE-2026-23565 Denial-of-Service in Content Distribution Service — DEX 6.5 Medium2026-01-29
CVE-2025-33237 NVIDIA HD Audio Driver 代码问题漏洞 — GeForce 5.5 Medium2026-01-28
CVE-2026-24883 GNUPG 代码问题漏洞 — GnuPG 3.7 Low2026-01-27
CVE-2026-0918 Null Pointer Dereference in Tapo SmartCam HTTP Service on TP-Link Tapo C220 & C520WS — Tapo C220 v1 7.5AIHighAI2026-01-27
CVE-2025-69421 NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function — OpenSSL 6.5AIMediumAI2026-01-27
CVE-2025-15468 NULL dereference in SSL_CIPHER_find() function on unknown cipher ID — OpenSSL 7.5AIHighAI2026-01-27
CVE-2026-24813 A null pointer dereference in abcz316/SKRoot-linuxKernelRoot — SKRoot-linuxKernelRoot 6.2AIMediumAI2026-01-27
CVE-2026-24805 Mishandles certain out-of-memory conditions in visualfc/liteide via liteidex/src/3rdparty/libvterm/src module — liteide 5.5AIMediumAI2026-01-27
CVE-2026-1417 GPAC filedump.c dump_isom_rtp null pointer dereference — GPAC 3.3 Low2026-01-26
CVE-2026-1416 GPAC filedump.c DumpMovieInfo null pointer dereference — GPAC 3.3 Low2026-01-26
CVE-2026-1415 GPAC media_export.c gf_media_export_webvtt_metadata null pointer dereference — GPAC 3.3 Low2026-01-26
CVE-2026-24515 libexpat 代码问题漏洞 — libexpat 2.9 Low2026-01-23
CVE-2026-0710 Sipp/sipp: sipp: denial of service and potential arbitrary code execution vulnerability 8.4 High2026-01-23
CVE-2026-23831 Rekor COSE v0.0.1 Canonicalize crashes when passed empty Message — rekor 5.3 Medium2026-01-22
CVE-2026-23952 ImageMagick has a NULL pointer dereference in MSL parser via <comment> tag before image load — ImageMagick 6.5 Medium2026-01-22
CVE-2025-68141 EVerest vulnerable to null pointer dereference during DC_ChargeLoopRes document deserialization — everest-core 7.4 High2026-01-21
CVE-2025-15535 nicbarker clay clay.h Clay__MeasureTextCached null pointer dereference — clay 3.3 Low2026-01-18
CVE-2025-60007 Junos OS: A specifically crafted 'show chassis' command causes chassisd to crash — Junos OS 5.5 Medium2026-01-15
CVE-2026-21301 Substance3D - Modeler | NULL Pointer Dereference (CWE-476) — Substance3D - Modeler 5.5 Medium2026-01-13
CVE-2026-21300 Substance3D - Modeler | NULL Pointer Dereference (CWE-476) — Substance3D - Modeler 5.5 Medium2026-01-13
CVE-2026-21288 Illustrator | NULL Pointer Dereference (CWE-476) — Illustrator 5.5 Medium2026-01-13
CVE-2026-20875 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability — Windows 10 Version 1607 7.5 High2026-01-13

Vulnerabilities classified as CWE-476 (空指针解引用) represent 1134 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.