Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-XM67-P2Q8-VHGG

Vulnerability from github – Published: 2022-05-24 16:50 – Updated: 2024-04-04 01:18
VLAI
Details

In Bento4 1.5.1-627, AP4_DataBuffer::SetDataSize does not handle reallocation failures, leading to a memory copy into a NULL pointer. This is different from CVE-2018-20186.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-13959"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-18T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In Bento4 1.5.1-627, AP4_DataBuffer::SetDataSize does not handle reallocation failures, leading to a memory copy into a NULL pointer. This is different from CVE-2018-20186.",
  "id": "GHSA-xm67-p2q8-vhgg",
  "modified": "2024-04-04T01:18:43Z",
  "published": "2022-05-24T16:50:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13959"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axiomatic-systems/Bento4/issues/394"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XM7V-QXRM-68JG

Vulnerability from github – Published: 2025-03-12 00:31 – Updated: 2025-03-12 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: phy: at803x: fix NULL pointer dereference on AR9331 PHY

Latest kernel will explode on the PHY interrupt config, since it depends now on allocated priv. So, run probe to allocate priv to fix it.

ar9331_switch ethernet.1:10 lan0 (uninitialized): PHY [!ahb!ethernet@1a000000!mdio!switch@10:00] driver [Qualcomm Atheros AR9331 built-in PHY] (irq=13) CPU 0 Unable to handle kernel paging request at virtual address 0000000a, epc == 8050e8a8, ra == 80504b34 ... Call Trace: [<8050e8a8>] at803x_config_intr+0x5c/0xd0 [<80504b34>] phy_request_interrupt+0xa8/0xd0 [<8050289c>] phylink_bringup_phy+0x2d8/0x3ac [<80502b68>] phylink_fwnode_phy_connect+0x118/0x130 [<8074d8ec>] dsa_slave_create+0x270/0x420 [<80743b04>] dsa_port_setup+0x12c/0x148 [<8074580c>] dsa_register_switch+0xaf0/0xcc0 [<80511344>] ar9331_sw_probe+0x370/0x388 [<8050cb78>] mdio_probe+0x44/0x70 [<804df300>] really_probe+0x200/0x424 [<804df7b4>] __driver_probe_device+0x290/0x298 [<804df810>] driver_probe_device+0x54/0xe4 [<804dfd50>] __device_attach_driver+0xe4/0x130 [<804dcb00>] bus_for_each_drv+0xb4/0xd8 [<804dfac4>] __device_attach+0x104/0x1a4 [<804ddd24>] bus_probe_device+0x48/0xc4 [<804deb44>] deferred_probe_work_func+0xf0/0x10c [<800a0ffc>] process_one_work+0x314/0x4d4 [<800a17fc>] worker_thread+0x2a4/0x354 [<800a9a54>] kthread+0x134/0x13c [<8006306c>] ret_from_kernel_thread+0x14/0x1c

Same Issue would affect some other PHYs (QCA8081, QCA9561), so fix it too.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49692"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:43Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: at803x: fix NULL pointer dereference on AR9331 PHY\n\nLatest kernel will explode on the PHY interrupt config, since it depends\nnow on allocated priv. So, run probe to allocate priv to fix it.\n\n ar9331_switch ethernet.1:10 lan0 (uninitialized): PHY [!ahb!ethernet@1a000000!mdio!switch@10:00] driver [Qualcomm Atheros AR9331 built-in PHY] (irq=13)\n CPU 0 Unable to handle kernel paging request at virtual address 0000000a, epc == 8050e8a8, ra == 80504b34\n         ...\n Call Trace:\n [\u003c8050e8a8\u003e] at803x_config_intr+0x5c/0xd0\n [\u003c80504b34\u003e] phy_request_interrupt+0xa8/0xd0\n [\u003c8050289c\u003e] phylink_bringup_phy+0x2d8/0x3ac\n [\u003c80502b68\u003e] phylink_fwnode_phy_connect+0x118/0x130\n [\u003c8074d8ec\u003e] dsa_slave_create+0x270/0x420\n [\u003c80743b04\u003e] dsa_port_setup+0x12c/0x148\n [\u003c8074580c\u003e] dsa_register_switch+0xaf0/0xcc0\n [\u003c80511344\u003e] ar9331_sw_probe+0x370/0x388\n [\u003c8050cb78\u003e] mdio_probe+0x44/0x70\n [\u003c804df300\u003e] really_probe+0x200/0x424\n [\u003c804df7b4\u003e] __driver_probe_device+0x290/0x298\n [\u003c804df810\u003e] driver_probe_device+0x54/0xe4\n [\u003c804dfd50\u003e] __device_attach_driver+0xe4/0x130\n [\u003c804dcb00\u003e] bus_for_each_drv+0xb4/0xd8\n [\u003c804dfac4\u003e] __device_attach+0x104/0x1a4\n [\u003c804ddd24\u003e] bus_probe_device+0x48/0xc4\n [\u003c804deb44\u003e] deferred_probe_work_func+0xf0/0x10c\n [\u003c800a0ffc\u003e] process_one_work+0x314/0x4d4\n [\u003c800a17fc\u003e] worker_thread+0x2a4/0x354\n [\u003c800a9a54\u003e] kthread+0x134/0x13c\n [\u003c8006306c\u003e] ret_from_kernel_thread+0x14/0x1c\n\nSame Issue would affect some other PHYs (QCA8081, QCA9561), so fix it\ntoo.",
  "id": "GHSA-xm7v-qxrm-68jg",
  "modified": "2025-03-12T00:31:49Z",
  "published": "2025-03-12T00:31:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49692"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/66fa352215e8455ba2e5f33793535795bd3e36ca"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9926de7315be3d606cc011a305ad9adb9e8e14c9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XM94-M277-F852

Vulnerability from github – Published: 2026-04-21 15:32 – Updated: 2026-04-22 00:31
VLAI
Details

Invalid pointer in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-6778"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-21T13:16:23Z",
    "severity": "MODERATE"
  },
  "details": "Invalid pointer in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150.",
  "id": "GHSA-xm94-m277-f852",
  "modified": "2026-04-22T00:31:39Z",
  "published": "2026-04-21T15:32:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6778"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2022746"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2026-30"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2026-33"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XMH6-3RX4-QRFP

Vulnerability from github – Published: 2026-05-06 12:30 – Updated: 2026-05-13 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: brcmfmac: Fix potential kernel oops when probe fails

When probe of the sdio brcmfmac device fails for some reasons (i.e. missing firmware), the sdiodev->bus is set to error instead of NULL, thus the cleanup later in brcmf_sdio_remove() tries to free resources via invalid bus pointer. This happens because sdiodev->bus is set 2 times: first in brcmf_sdio_probe() and second time in brcmf_sdiod_probe(). Fix this by chaning the brcmf_sdio_probe() function to return the error code and set sdio->bus only there.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-43144"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-06T12:16:31Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: Fix potential kernel oops when probe fails\n\nWhen probe of the sdio brcmfmac device fails for some reasons (i.e.\nmissing firmware), the sdiodev-\u003ebus is set to error instead of NULL, thus\nthe cleanup later in brcmf_sdio_remove() tries to free resources via\ninvalid bus pointer. This happens because sdiodev-\u003ebus is set 2 times:\nfirst in brcmf_sdio_probe() and second time in brcmf_sdiod_probe(). Fix\nthis by chaning the brcmf_sdio_probe() function to return the error code\nand set sdio-\u003ebus only there.",
  "id": "GHSA-xmh6-3rx4-qrfp",
  "modified": "2026-05-13T21:31:58Z",
  "published": "2026-05-06T12:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43144"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/243307a0d1b0d01538e202c00454c28b21d4432e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/379aac7ee8240848aa35f605b06addb4617c863e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/64ccb0aac41c5055780c2a58bbe2c1b362ceccde"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XMJQ-8XH6-Q7GF

Vulnerability from github – Published: 2025-10-03 21:30 – Updated: 2025-10-08 21:30
VLAI
Details

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.

We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-48728"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-03T19:15:44Z",
    "severity": "MODERATE"
  },
  "details": "A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.6.3195 build 20250715 and later\nQuTS hero h5.2.6.3195 build 20250715 and later",
  "id": "GHSA-xmjq-8xh6-q7gf",
  "modified": "2025-10-08T21:30:24Z",
  "published": "2025-10-03T21:30:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48728"
    },
    {
      "type": "WEB",
      "url": "https://www.qnap.com/en/security-advisory/qsa-25-36"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-XMM5-6QH4-9F74

Vulnerability from github – Published: 2022-05-14 02:57 – Updated: 2022-05-14 02:57
VLAI
Details

VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ESXi650-201806401-BG, 6.0 before ESXi600-201806401-BG and 5.5 before ESXi550-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain a denial-of-service vulnerability due to NULL pointer dereference issue in RPC handler. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-6972"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-25T13:29:00Z",
    "severity": "MODERATE"
  },
  "details": "VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ESXi650-201806401-BG, 6.0 before ESXi600-201806401-BG and 5.5 before ESXi550-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain a denial-of-service vulnerability due to NULL pointer dereference issue in RPC handler. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.",
  "id": "GHSA-xmm5-6qh4-9f74",
  "modified": "2022-05-14T02:57:54Z",
  "published": "2022-05-14T02:57:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6972"
    },
    {
      "type": "WEB",
      "url": "https://www.vmware.com/security/advisories/VMSA-2018-0018.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104884"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041356"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041357"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XMQF-P7F5-83HR

Vulnerability from github – Published: 2022-05-14 03:27 – Updated: 2022-05-14 03:27
VLAI
Details

An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Telephony" component. It allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a Class 0 SMS message.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-4140"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-04-03T06:29:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the \"Telephony\" component. It allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a Class 0 SMS message.",
  "id": "GHSA-xmqf-p7f5-83hr",
  "modified": "2022-05-14T03:27:48Z",
  "published": "2022-05-14T03:27:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4140"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208693"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/103578"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040604"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XMR6-MM5F-8MF2

Vulnerability from github – Published: 2026-02-11 15:30 – Updated: 2026-02-12 18:30
VLAI
Details

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.

We have already fixed the vulnerability in the following version: QuTS hero h5.3.2.3354 build 20251225 and later

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-59386"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-11T13:15:57Z",
    "severity": "LOW"
  },
  "details": "A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following version:\nQuTS hero h5.3.2.3354 build 20251225 and later",
  "id": "GHSA-xmr6-mm5f-8mf2",
  "modified": "2026-02-12T18:30:21Z",
  "published": "2026-02-11T15:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59386"
    },
    {
      "type": "WEB",
      "url": "https://www.qnap.com/en/security-advisory/qsa-26-08"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-XP37-P5RQ-3C53

Vulnerability from github – Published: 2025-07-04 15:31 – Updated: 2025-11-18 18:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

smb: client: add NULL check in automount_fullpath

page is checked for null in __build_path_from_dentry_optional_prefix when tcon->origin_fullpath is not set. However, the check is missing when it is set. Add a check to prevent a potential NULL pointer dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38208"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-04T14:15:28Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: add NULL check in automount_fullpath\n\npage is checked for null in __build_path_from_dentry_optional_prefix\nwhen tcon-\u003eorigin_fullpath is not set. However, the check is missing when\nit is set.\nAdd a check to prevent a potential NULL pointer dereference.",
  "id": "GHSA-xp37-p5rq-3c53",
  "modified": "2025-11-18T18:32:47Z",
  "published": "2025-07-04T15:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38208"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/37166d63e42c34846a16001950ecec96229a8d17"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a9e916fa5c7d0ec2256aa44aa24ddd92f529ce35"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cce8e71ca1f7ad9045707f0d22490c1e9ed1df6c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f1e7a277a1736e12cc4bd6d93b8a5c439b8ca20c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XP6J-2QR8-4336

Vulnerability from github – Published: 2022-03-31 00:00 – Updated: 2022-04-06 00:01
VLAI
Details

Null Pointer Dereference Caused Segmentation Fault in GitHub repository gpac/gpac prior to 2.1.0-DEV.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-1172"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-30T10:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Null Pointer Dereference Caused Segmentation Fault in GitHub repository gpac/gpac prior to 2.1.0-DEV.",
  "id": "GHSA-xp6j-2qr8-4336",
  "modified": "2022-04-06T00:01:56Z",
  "published": "2022-03-31T00:00:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1172"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/commit/55a183e6b8602369c04ea3836e05436a79fbc7f8"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/a26cb79c-9257-4fbf-98c5-a5a331efa264"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.