CWE-476— NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.— MITRE CWE catalog
4,937 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-476page 18 of 99
- CVE-2020-18395HIGHCVSS 7.5EG 7.52021-05-28
A NULL-pointer deference issue was discovered in GNU_gama::set() in ellipsoid.h in Gama 2.04 which can lead to a denial of service (DOS) via segment faults caused by crafted inputs.
- CVE-2020-18730HIGHCVSS 7.5EG 7.52021-08-23
A segmentation violation in the Iec104_Deal_I function of IEC104 v1.0 allows attackers to cause a denial of service (DOS).
- CVE-2020-18731HIGHCVSS 7.5EG 7.52021-08-23
A segmentation violation in the Iec104_Deal_FirmUpdate function of IEC104 v1.0 allows attackers to cause a denial of service (DOS).
- CVE-2020-1939CRITICALCVSS 9.8EG 9.82020-05-12
The Apache NuttX (Incubating) project provides an optional separate "apps" repository which contains various optional components and example programs. One of these, ftpd, had a NULL pointer dereference bug. The NuttX RTOS itself is not aff…
- CVE-2020-19468MEDIUMCVSS 5.5EG 5.52021-07-21
An issue has been found in function EmbedStream::getChar in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to a null pointer derefenrece (invalid read of size 8) .
- CVE-2020-19470MEDIUMCVSS 5.5EG 5.52021-07-21
An issue has been found in function DCTStream::getChar in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to a NULL pointer dereference (invalid read of size 1) .
- CVE-2020-19488MEDIUMCVSS 5.5EG 5.52021-07-21
An issue was discovered in box_code_apple.c:119 in Gpac MP4Box 0.8.0, allows attackers to cause a Denial of Service due to an invalid read on function ilst_item_Read.
- CVE-2020-1967HIGHCVSS 7.5EG 7.52020-04-21
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The …
- CVE-2020-1971MEDIUMCVSS 5.9EG 5.92020-12-08
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to …
- CVE-2020-19717MEDIUMCVSS 6.5EG 6.52021-07-13
An unhandled memory allocation failure in Core/Ap48bdlAtom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS).
- CVE-2020-19718MEDIUMCVSS 6.5EG 6.52021-07-13
An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS).
- CVE-2020-19720MEDIUMCVSS 6.5EG 6.52021-07-13
An unhandled memory allocation failure in Core/AP4IkmsAtom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS).
- CVE-2020-19722MEDIUMCVSS 6.5EG 6.52021-07-13
An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1.5.1-628 causes a direct copy to NULL pointer dereference, leading to a denial of service (DOS).
- CVE-2020-19752HIGHCVSS 7.5EG 7.52021-09-07
The find_color_or_error function in gifsicle 1.92 contains a NULL pointer dereference.
- CVE-2020-1995MEDIUMCVSS 4.9EG 4.92020-05-13
A NULL pointer dereference vulnerability in Palo Alto Networks PAN-OS allows an authenticated administrator to send a request that causes the rasmgr daemon to crash. Repeated attempts to send this request result in denial of service to all…
- CVE-2020-20212MEDIUMCVSS 6.5EG 6.52021-07-07
Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
- CVE-2020-20216MEDIUMCVSS 6.5EG 6.52021-07-07
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/graphing process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
- CVE-2020-20222MEDIUMCVSS 6.5EG 6.52021-05-18
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
- CVE-2020-20231MEDIUMCVSS 6.5EG 6.52021-07-14
Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in the /nova/bin/detnet process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
- CVE-2020-20250MEDIUMCVSS 6.5EG 6.52021-07-13
Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). NOTE: this is differen…
- CVE-2020-20252MEDIUMCVSS 6.5EG 6.52021-07-13
Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
- CVE-2020-20254MEDIUMCVSS 6.5EG 6.52021-05-18
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
- CVE-2020-20266MEDIUMCVSS 6.5EG 6.52021-05-19
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/dot1x process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
- CVE-2020-20450HIGHCVSS 7.5EG 7.52021-05-25
FFmpeg 4.2 is affected by null pointer dereference passed as argument to libavformat/aviobuf.c, which could cause a Denial of Service.
- CVE-2020-20896HIGHCVSS 8.8EG 8.82021-09-20
An issue was discovered in function latm_write_packet in libavformat/latmenc.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a Null pointer dereference.
- CVE-2020-21815MEDIUMCVSS 6.5EG 6.52021-05-17
A null pointer deference issue exists in GNU LibreDWG 0.10.2641 via output_TEXT ../../programs/dwg2SVG.c:114, which causes a denial of service (application crash).
- CVE-2020-21817MEDIUMCVSS 6.5EG 6.52021-05-17
A null pointer dereference issue exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:29. which causes a denial of service (application crash).
- CVE-2020-21834MEDIUMCVSS 6.5EG 6.52021-05-17
A null pointer deference issue exists in GNU LibreDWG 0.10 via get_bmp ../../programs/dwgbmp.c:164.
- CVE-2020-21835MEDIUMCVSS 6.5EG 6.52021-05-17
A null pointer deference issue exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2337.
- CVE-2020-22352MEDIUMCVSS 5.5EG 5.52021-08-04
The gf_dash_segmenter_probe_input function in GPAC v0.8 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
- CVE-2020-22674MEDIUMCVSS 5.5EG 5.52021-10-12
An issue was discovered in gpac 0.8.0. An invalid memory dereference exists in the function FixTrackID located in isom_intern.c, which allows attackers to cause a denial of service (DoS) via a crafted input.
- CVE-2020-23026HIGHCVSS 7.5EG 7.52022-01-03
A NULL pointer dereference in the main() function dhry_1.c of dhrystone 2.1 causes a denial of service (DoS).
- CVE-2020-23259HIGHCVSS 7.5EG 7.52023-04-04
An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the Jsi_Strlen function in the src/jsiChar.c file.
- CVE-2020-23330HIGHCVSS 7.5EG 7.52021-08-17
An issue was discovered in Bento4 version 06c39d9. A NULL pointer dereference exists in the AP4_Stz2Atom::GetSampleSize component located in /Core/Ap4Stz2Atom.cpp. It allows an attacker to cause a denial of service (DOS).
- CVE-2020-23331HIGHCVSS 7.5EG 7.52021-08-17
An issue was discovered in Bento4 version 06c39d9. A NULL pointer dereference exists in the AP4_DescriptorListWriter::Action component located in /Core/Ap4Descriptor.h. It allows an attacker to cause a denial of service (DOS).
- CVE-2020-23539HIGHCVSS 7.5EG 7.52021-04-08
An issue was discovered in Realtek rtl8723de BLE Stack <= 4.1 that allows remote attackers to cause a Denial of Service via the interval field to the CONNECT_REQ message.
- CVE-2020-23872HIGHCVSS 7.5EG 7.52021-11-10
A NULL pointer dereference in the function TextPage::restoreState of pdf2xml v2.0 allows attackers to cause a denial of service (DoS).
- CVE-2020-23879HIGHCVSS 7.5EG 7.52021-11-10
pdf2json v0.71 was discovered to contain a NULL pointer dereference in the component ObjectStream::getObject.
- CVE-2020-23911MEDIUMCVSS 5.5EG 5.52023-07-18
An issue was discovered in asn1c through v0.9.28. A NULL pointer dereference exists in the function _default_error_logger() located in asn1fix.c. It allows an attacker to cause Denial of Service.
- CVE-2020-23912MEDIUMCVSS 5.5EG 5.52021-04-21
An issue was discovered in Bento4 through v1.6.0-637. A NULL pointer dereference exists in the function AP4_StszAtom::GetSampleSize() located in Ap4StszAtom.cpp. It allows an attacker to cause Denial of Service.
- CVE-2020-23914MEDIUMCVSS 5.5EG 5.52021-04-21
An issue was discovered in cpp-peglib through v0.1.12. A NULL pointer dereference exists in the peg::AstOptimizer::optimize() located in peglib.h. It allows an attacker to cause Denial of Service.
- CVE-2020-23930MEDIUMCVSS 5.5EG 5.52021-04-21
An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function nhmldump_send_header located in write_nhml.c. It allows an attacker to cause Denial of Service.
- CVE-2020-23932MEDIUMCVSS 5.5EG 5.52021-04-21
An issue was discovered in gpac before 1.0.1. A NULL pointer dereference exists in the function dump_isom_sdp located in filedump.c. It allows an attacker to cause Denial of Service.
- CVE-2020-24187MEDIUMCVSS 5.5EG 5.52023-08-11
An issue was discovered in ecma-helpers.c in jerryscript version 2.3.0, allows local attackers to cause a denial of service (DoS) (Null Pointer Dereference).
- CVE-2020-24369HIGHCVSS 7.5EG 7.52020-08-17
ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference.
- CVE-2020-24385MEDIUMCVSS 5.5EG 5.52020-09-03
In MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD before 7, a NULL pointer dereference was found in the Linux emulation layer that allows attackers to crash the running kernel. During binary interaction, td->td_emuldata i…
- CVE-2020-24421MEDIUMCVSS 5.5EG 5.52020-10-21
Adobe InDesign version 15.1.2 (and earlier) is affected by a NULL pointer dereference bug that occurs when handling a malformed .indd file. The impact is limited to causing a denial-of-service of the client application. User interaction is…
- CVE-2020-24659HIGHCVSS 7.5EG 7.52020-09-04
An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens…
- CVE-2020-24890MEDIUMCVSS 5.5EG 5.52020-09-16
libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software in a cert…
- CVE-2020-25285MEDIUMCVSS 6.4EG 6.42020-09-13
A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-1774…
Map vulnerabilities like CWE-476 to your infrastructure
EchelonGraph correlates every CVE — across CWE-476 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →