CWE-395
AllowedUse of NullPointerException Catch to Detect NULL Pointer Dereference
Abstraction: Base · Status: Draft
Catching NullPointerException should not be used as an alternative to programmatic checks to prevent dereferencing a null pointer.
30 vulnerabilities reference this CWE, most recent first.
CVE-2022-2832 (GCVE-0-2022-2832)
Vulnerability from cvelistv5 – Published: 2022-08-16 19:26 – Updated: 2024-08-03 00:52| URL | Tags |
|---|---|
| https://developer.blender.org/T99706 | x_refsource_MISC |
| https://developer.blender.org/D15463 | x_refsource_MISC |
| https://developer.blender.org/rB00dc7477022acdd96… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.blender.org/T99706"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.blender.org/D15463"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Blender",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Blender 3.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-395",
"description": "CWE-395",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-01T21:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.blender.org/T99706"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.blender.org/D15463"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-2832",
"datePublished": "2022-08-16T19:26:05.000Z",
"dateReserved": "2022-08-16T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:52:59.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-23MM-FP65-W636
Vulnerability from github – Published: 2023-05-10 15:30 – Updated: 2024-04-04 03:58Null pointer dereference in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access.
{
"affected": [],
"aliases": [
"CVE-2022-29508"
],
"database_specific": {
"cwe_ids": [
"CWE-395",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-10T14:15:11Z",
"severity": "HIGH"
},
"details": "Null pointer dereference in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access.",
"id": "GHSA-23mm-fp65-w636",
"modified": "2024-04-04T03:58:51Z",
"published": "2023-05-10T15:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29508"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00692.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-26X5-365C-M568
Vulnerability from github – Published: 2024-02-29 21:30 – Updated: 2024-08-01 15:31D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
{
"affected": [],
"aliases": [
"CVE-2024-27658"
],
"database_specific": {
"cwe_ids": [
"CWE-395"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-29T20:15:41Z",
"severity": "MODERATE"
},
"details": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.",
"id": "GHSA-26x5-365c-m568",
"modified": "2024-08-01T15:31:29Z",
"published": "2024-02-29T21:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27658"
},
{
"type": "WEB",
"url": "https://calm-healer-839.notion.site/D-LINK-DIR-823G-NPD-0x44900C-8f23082721854117bdea70b6113433fd?pvs=4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4G2W-RJR9-JCCG
Vulnerability from github – Published: 2024-02-29 21:30 – Updated: 2024-08-01 15:31D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_42AF30(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
{
"affected": [],
"aliases": [
"CVE-2024-27659"
],
"database_specific": {
"cwe_ids": [
"CWE-395"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-29T20:15:41Z",
"severity": "MODERATE"
},
"details": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_42AF30(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.",
"id": "GHSA-4g2w-rjr9-jccg",
"modified": "2024-08-01T15:31:29Z",
"published": "2024-02-29T21:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27659"
},
{
"type": "WEB",
"url": "https://calm-healer-839.notion.site/D-LINK-DIR-823G-NPD-0x42B4C4-dfeae31d711f414796e1d9eb9cea7d31?pvs=4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4XFH-5WGJ-8XJ9
Vulnerability from github – Published: 2024-11-13 21:30 – Updated: 2024-11-13 21:30NULL pointer dereference in some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable denial of service via local access.
{
"affected": [],
"aliases": [
"CVE-2024-28030"
],
"database_specific": {
"cwe_ids": [
"CWE-395"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-13T21:15:13Z",
"severity": "LOW"
},
"details": "NULL pointer dereference in some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable denial of service via local access.",
"id": "GHSA-4xfh-5wgj-8xj9",
"modified": "2024-11-13T21:30:36Z",
"published": "2024-11-13T21:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28030"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01131.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-5RCG-JQ54-2R8G
Vulnerability from github – Published: 2023-11-14 21:31 – Updated: 2023-11-14 21:31NULL pointer dereference in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows Drviers before version 31.0.101.4255 may allow authenticated user to potentially enable denial of service via local access.
{
"affected": [],
"aliases": [
"CVE-2023-25071"
],
"database_specific": {
"cwe_ids": [
"CWE-395",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-14T19:15:18Z",
"severity": "MODERATE"
},
"details": "NULL pointer dereference in some Intel(R) Arc(TM) \u0026 Iris(R) Xe Graphics - WHQL - Windows Drviers before version 31.0.101.4255 may allow authenticated user to potentially enable denial of service via local access.",
"id": "GHSA-5rcg-jq54-2r8g",
"modified": "2023-11-14T21:31:01Z",
"published": "2023-11-14T21:31:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25071"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-62R6-M6FG-P4WJ
Vulnerability from github – Published: 2023-11-14 21:31 – Updated: 2024-05-16 21:31NULL pointer dereference in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable denial of service via local access.
{
"affected": [],
"aliases": [
"CVE-2022-42879"
],
"database_specific": {
"cwe_ids": [
"CWE-395",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-14T19:15:13Z",
"severity": "MODERATE"
},
"details": "NULL pointer dereference in some Intel(R) Arc(TM) \u0026 Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable denial of service via local access.",
"id": "GHSA-62r6-m6fg-p4wj",
"modified": "2024-05-16T21:31:55Z",
"published": "2023-11-14T21:31:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42879"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.html"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01020.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6Q56-MRMC-CPH4
Vulnerability from github – Published: 2026-01-13 00:30 – Updated: 2026-06-30 03:35Ollama 0.11.5-rc0 through current version 0.13.5 contain a null pointer dereference vulnerability in the multi-modal model image processing functionality. When processing base64-encoded image data via the /api/chat endpoint, the application fails to validate that the decoded data represents valid media before passing it to the mtmd_helper_bitmap_init_from_buf function. This function can return NULL for malformed input, but the code does not check this return value before dereferencing the pointer in subsequent operations. A remote attacker can exploit this by sending specially crafted base64 image data that decodes to invalid media, causing a segmentation fault and crashing the runner process. This results in a denial of service condition where the model becomes unavailable to all users until the service is restarted.
{
"affected": [],
"aliases": [
"CVE-2025-15514"
],
"database_specific": {
"cwe_ids": [
"CWE-395"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-12T23:15:51Z",
"severity": "HIGH"
},
"details": "Ollama 0.11.5-rc0 through current version 0.13.5 contain a null pointer dereference vulnerability in the multi-modal model image processing functionality. When processing base64-encoded image data via the /api/chat endpoint, the application fails to validate that the decoded data represents valid media before passing it to the mtmd_helper_bitmap_init_from_buf function. This function can return NULL for malformed input, but the code does not check this return value before dereferencing the pointer in subsequent operations. A remote attacker can exploit this by sending specially crafted base64 image data that decodes to invalid media, causing a segmentation fault and crashing the runner process. This results in a denial of service condition where the model becomes unavailable to all users until the service is restarted.",
"id": "GHSA-6q56-mrmc-cph4",
"modified": "2026-06-30T03:35:24Z",
"published": "2026-01-13T00:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15514"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-15514"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428828"
},
{
"type": "WEB",
"url": "https://https://github.com/ollama/ollama"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/172df98b-07cd-41ea-a628-366f8cd525c0"
},
{
"type": "WEB",
"url": "https://ollama.com"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15514.json"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/ollama-multi-modal-image-processing-null-pointer-dereference"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-77JP-G8VW-F6XM
Vulnerability from github – Published: 2024-02-29 21:30 – Updated: 2024-08-01 15:31D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
{
"affected": [],
"aliases": [
"CVE-2024-27661"
],
"database_specific": {
"cwe_ids": [
"CWE-395"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-29T20:15:41Z",
"severity": "MODERATE"
},
"details": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.",
"id": "GHSA-77jp-g8vw-f6xm",
"modified": "2024-08-01T15:31:29Z",
"published": "2024-02-29T21:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27661"
},
{
"type": "WEB",
"url": "https://calm-healer-839.notion.site/D-LINK-DIR-823G-NPD-0x42444C-34458f12482346b291f334eea12e6fd0?pvs=4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C7C7-8FRM-JCMP
Vulnerability from github – Published: 2024-09-16 18:31 – Updated: 2025-11-04 00:31NULL pointer dereference in the UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
{
"affected": [],
"aliases": [
"CVE-2023-23904"
],
"database_specific": {
"cwe_ids": [
"CWE-395"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-16T17:15:58Z",
"severity": "MODERATE"
},
"details": "NULL pointer dereference in the UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.",
"id": "GHSA-c7c7-8frm-jcmp",
"modified": "2025-11-04T00:31:25Z",
"published": "2024-09-16T18:31:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23904"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20241011-0009"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01071.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation
Do not extensively rely on catching exceptions (especially for validating user input) to handle errors. Handling exceptions can decrease the performance of an application.
No CAPEC attack patterns related to this CWE.