CWE-476— NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.— MITRE CWE catalog
4,937 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-476page 24 of 99
- CVE-2021-32440MEDIUMCVSS 5.5EG 5.52021-08-11
The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
- CVE-2021-32611HIGHCVSS 7.5EG 7.52021-05-12
A NULL pointer dereference vulnerability exists in eXcall_api.c in Antisip eXosip2 through 5.2.0 when handling certain 3xx redirect responses.
- CVE-2021-32843MEDIUMCVSS 6.2EG 5.52023-02-17
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, `virtio.c` has is a call to `vc_cfgread` that does not check for null which when called makes the host crash. This…
- CVE-2021-32844MEDIUMCVSS 6.2EG 5.52023-02-17
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, ` vi_pci_write` has is a call to `vc_cfgwrite` that does not check for null which when called makes the host crash…
- CVE-2021-32963HIGHCVSS 7.5EG 7.52021-09-23
Null pointer dereference in SuiteLink server while processing commands 0x03/0x10
- CVE-2021-32971HIGHCVSS 7.5EG 7.52021-09-23
Null pointer dereference in SuiteLink server while processing command 0x07
- CVE-2021-32979HIGHCVSS 7.5EG 7.52021-09-23
Null pointer dereference in SuiteLink server while processing commands 0x04/0x0a
- CVE-2021-32987HIGHCVSS 7.5EG 7.52021-09-23
Null pointer dereference in SuiteLink server while processing command 0x0b
- CVE-2021-33068MEDIUMCVSS 6.5EG 6.52022-02-09
Null pointer dereference in subsystem for Intel(R) AMT before versions 15.0.35 may allow an authenticated user to potentially enable denial of service via network access.
- CVE-2021-3319MEDIUMCVSS 6.5EG 6.52021-10-05
DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses. Zephyr versions >= > v2.4.0 contain NULL Pointer Dereference (CWE-476), Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see htt…
- CVE-2021-3320MEDIUMCVSS 5.9EG 5.92021-05-25
Type Confusion in 802154 ACK Frames Handling. Zephyr versions >= v2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7
- CVE-2021-3322MEDIUMCVSS 6.5EG 6.52021-10-12
Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr. Zephyr versions >= >=2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHS…
- CVE-2021-33254HIGHCVSS 7.5EG 7.52022-06-02
An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Community Edition 8.2.1, allows attackers to cause a denial of service via the stream paramter to the parseUri function.
- CVE-2021-33317HIGHCVSS 7.5EG 7.52022-05-11
The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from a null pointer dereference vulnerability. This vulnerability exists in its lldp related component. Due to fail to check if ChassisID TLV is contained in the pa…
- CVE-2021-33439MEDIUMCVSS 5.5EG 5.52022-07-26
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is Integer overflow in gc_compact_strings() in mjs.c.
- CVE-2021-33440MEDIUMCVSS 5.5EG 5.52022-07-26
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_bcode_commit() in mjs.c.
- CVE-2021-33441MEDIUMCVSS 5.5EG 5.52022-07-26
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in exec_expr() in mjs.c.
- CVE-2021-33442MEDIUMCVSS 5.5EG 5.52022-07-26
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in json_printf() in mjs.c.
- CVE-2021-33444MEDIUMCVSS 5.5EG 5.52022-07-26
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in getprop_builtin_foreign() in mjs.c.
- CVE-2021-33445MEDIUMCVSS 5.5EG 5.52022-07-26
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_string_char_code_at() in mjs.c.
- CVE-2021-33446MEDIUMCVSS 5.5EG 5.52022-07-26
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_next() in mjs.c.
- CVE-2021-33447MEDIUMCVSS 5.5EG 5.52022-07-26
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_print() in mjs.c.
- CVE-2021-33449MEDIUMCVSS 5.5EG 5.52022-07-26
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_bcode_part_get_by_offset() in mjs.c.
- CVE-2021-33454MEDIUMCVSS 5.5EG 5.52022-07-26
An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr_get_intnum() in libyasm/expr.c.
- CVE-2021-33455MEDIUMCVSS 5.5EG 5.52022-07-26
An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in do_directive() in modules/preprocs/nasm/nasm-pp.c.
- CVE-2021-33456MEDIUMCVSS 5.5EG 5.52022-07-26
An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in hash() in modules/preprocs/nasm/nasm-pp.c.
- CVE-2021-33457MEDIUMCVSS 5.5EG 5.52022-07-26
An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_mmac_params() in modules/preprocs/nasm/nasm-pp.c.
- CVE-2021-33458MEDIUMCVSS 5.5EG 5.52022-07-26
An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in find_cc() in modules/preprocs/nasm/nasm-pp.c.
- CVE-2021-33459MEDIUMCVSS 5.5EG 5.52022-07-26
An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in nasm_parser_directive() in modules/parsers/nasm/nasm-parse.c.
- CVE-2021-33460MEDIUMCVSS 5.5EG 5.52022-07-26
An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in if_condition() in modules/preprocs/nasm/nasm-pp.c.
- CVE-2021-33463MEDIUMCVSS 5.5EG 5.52022-07-26
An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr__copy_except() in libyasm/expr.c.
- CVE-2021-33465MEDIUMCVSS 5.5EG 5.52022-07-26
An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_mmacro() in modules/preprocs/nasm/nasm-pp.c.
- CVE-2021-33466MEDIUMCVSS 5.5EG 5.52022-07-26
An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_smacro() in modules/preprocs/nasm/nasm-pp.c.
- CVE-2021-33572LOWCVSS 3.5EG 3.52021-06-21
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the FSAVD component used in certain F-Secure products can crash while scanning larger packages/fuzzed files. The exploit can be triggered remotely by…
- CVE-2021-33630MEDIUMCVSS 5.5EG 5.52024-01-18
NULL Pointer Dereference vulnerability in openEuler kernel on Linux (network modules) allows Pointer Manipulation. This vulnerability is associated with program files net/sched/sch_cbs.C. This issue affects openEuler kernel: from 4.19.90 …
- CVE-2021-33714MEDIUMCVSS 5.5EG 5.52021-07-13
A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a missing check for the validity of an iterator leads to NULL pointer deference condition, causing the application to …
- CVE-2021-33715MEDIUMCVSS 5.5EG 5.52021-07-13
A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a race condition could cause an object to be released before being operated on, leading to NULL pointer deference cond…
- CVE-2021-33717MEDIUMCVSS 5.5EG 5.52021-08-10
A vulnerability has been identified in JT2Go (All versions < V13.2.0.1), Teamcenter Visualization (All versions < V13.2.0.1). When parsing specially crafted CGM Files, a NULL pointer deference condition could cause the application to crash…
- CVE-2021-33798MEDIUMCVSS 4.7EG 4.72023-07-07
A null pointer dereference was found in libpano13, version libpano13-2.9.20. The flow allows attackers to cause a denial of service and potential code execute via a crafted file.
- CVE-2021-34122MEDIUMCVSS 5.5EG 5.52022-03-10
The function bitstr_tell at bitstr.c in ffjpeg commit 4ab404e has a NULL pointer dereference.
- CVE-2021-34405MEDIUMCVSS 5.5EG 5.52022-01-18
NVIDIA Linux distributions contain a vulnerability in TrustZone’s TEE_Malloc function, where an unchecked return value causing a null pointer dereference may lead to denial of service.
- CVE-2021-34406MEDIUMCVSS 4.7EG 4.72022-01-18
NVIDIA Tegra kernel driver contains a vulnerability in NVHost, where a specific race condition can lead to a null pointer dereference, which may lead to a system reboot.
- CVE-2021-34418MEDIUMCVSS 4.0EG 4.02021-11-11
The login routine of the web console in the Zoom On-Premise Meeting Connector before version 4.6.239.20200613, Zoom On-Premise Meeting Connector MMR before version 4.6.239.20200613, Zoom On-Premise Recording Connector before version 3.8.42…
- CVE-2021-3443MEDIUMCVSS 5.5EG 5.52021-03-25
A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to cras…
- CVE-2021-3449MEDIUMCVSS 5.9EG 5.92021-03-25
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello…
- CVE-2021-34555HIGHCVSS 7.5EG 7.52021-06-10
OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a multi-value From header field.
- CVE-2021-34586HIGHCVSS 7.5EG 7.52021-10-26
In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition.
- CVE-2021-3463MEDIUMCVSS 4.2EG 4.22021-04-13
A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error.
- CVE-2021-3467MEDIUMCVSS 5.5EG 5.52021-03-25
A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper lib…
- CVE-2021-34737MEDIUMCVSS 5.8EG 5.82021-09-09
A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service (DoS) condition. This vulnerab…
Map vulnerabilities like CWE-476 to your infrastructure
EchelonGraph correlates every CVE — across CWE-476 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →