CWE-476— NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.— MITRE CWE catalog
4,955 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-476page 45 of 100
- CVE-2023-1355MEDIUMCVSS 5.5EG 7.52023-03-11
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402.
- CVE-2023-1382MEDIUMCVSS 4.7EG 4.72023-04-19
A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel.
- CVE-2023-1444HIGHCVSS 7.5EG 6.52023-03-17
A vulnerability was found in Filseclab Twister Antivirus 8. It has been rated as critical. This issue affects the function 0x8011206B in the library fildds.sys of the component IoControlCode Handler. The manipulation leads to denial of ser…
- CVE-2023-1446MEDIUMCVSS 5.5EG 5.52023-03-17
A vulnerability classified as problematic was found in Watchdog Anti-Virus 1.4.214.0. Affected by this vulnerability is the function 0x80002004/0x80002008 in the library wsdk-driver.sys of the component IoControlCode Handler. The manipulat…
- CVE-2023-1583MEDIUMCVSS 5.5EG 5.52023-03-24
A NULL pointer dereference was found in io_file_bitmap_get in io_uring/filetable.c in the io_uring sub-component in the Linux Kernel. When fixed files are unregistered, some context information (file_alloc_{start,end} and alloc_hint) is no…
- CVE-2023-1587MEDIUMCVSS 5.8EG 5.82023-04-19
Avast and AVG Antivirus for Windows were susceptible to a NULL pointer dereference issue via RPC-interface. The issue was fixed with Avast and AVG Antivirus version 22.11
- CVE-2023-1628MEDIUMCVSS 5.5EG 5.52023-03-25
A vulnerability classified as problematic has been found in Jianming Antivirus 16.2.2022.418. Affected is an unknown function in the library kvcore.sys of the component IoControlCode Handler. The manipulation leads to null pointer derefere…
- CVE-2023-1631MEDIUMCVSS 5.5EG 5.52023-03-25
A vulnerability, which was classified as problematic, was found in JiangMin Antivirus 16.2.2022.418. This affects the function 0x222010 in the library kvcore.sys of the component IOCTL Handler. The manipulation leads to null pointer derefe…
- CVE-2023-1667MEDIUMCVSS 6.5EG 6.52023-05-26
A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.
- CVE-2023-1994MEDIUMCVSS 6.3EG 6.52023-04-12
GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file
- CVE-2023-20233MEDIUMCVSS 4.3EG 4.32023-09-13
A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to…
- CVE-2023-21547HIGHCVSS 7.5EG 7.52023-01-10
Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability
- CVE-2023-21586MEDIUMCVSS 5.5EG 5.52024-12-19
Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to …
- CVE-2023-21593MEDIUMCVSS 5.5EG 5.52023-02-17
Adobe InDesign versions ID18.1 (and earlier) and ID17.4 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in th…
- CVE-2023-2166MEDIUMCVSS 5.5EG 5.52023-04-19
A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially…
- CVE-2023-21683HIGHCVSS 7.5EG 7.52023-01-10
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
- CVE-2023-21700HIGHCVSS 7.5EG 7.52023-02-14
Windows iSCSI Discovery Service Denial of Service Vulnerability
- CVE-2023-21757HIGHCVSS 7.5EG 7.52023-01-10
Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability
- CVE-2023-21758HIGHCVSS 7.5EG 7.52023-01-10
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
- CVE-2023-2177MEDIUMCVSS 5.5EG 5.52023-04-20
A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel. If stream_in allocation is failed, stream_out is freed which would further be accessed. A local user could use this flaw to…
- CVE-2023-22340HIGHCVSS 7.5EG 7.52023-02-01
On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause TMM to terminate.…
- CVE-2023-22341HIGHCVSS 7.5EG 7.52023-02-01
On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management Microkernel (TMM) to terminate: * An OAuth S…
- CVE-2023-22839HIGHCVSS 7.5EG 7.52023-02-01
On BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all version of 13.1.x, when a DNS profile with the Rapid Response Mode setting enabled is configured on a virtual server…
- CVE-2023-22997MEDIUMCVSS 5.5EG 5.52023-02-28
In the Linux kernel before 6.1.2, kernel/module/decompress.c misinterprets the module_get_next_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer).
- CVE-2023-22999MEDIUMCVSS 5.5EG 5.52023-02-28
In the Linux kernel before 5.16.3, drivers/usb/dwc3/dwc3-qcom.c misinterprets the dwc3_qcom_create_urs_usb_platdev return value (expects it to be NULL in the error case, whereas it is actually an error pointer).
- CVE-2023-23000MEDIUMCVSS 5.5EG 7.82023-03-01
In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error case, but an error pointer is used.
- CVE-2023-23001MEDIUMCVSS 5.5EG 5.52023-03-01
In the Linux kernel before 5.16.3, drivers/scsi/ufs/ufs-mediatek.c misinterprets the regulator_get return value (expects it to be NULL in the error case, whereas it is actually an error pointer).
- CVE-2023-23002MEDIUMCVSS 5.5EG 5.52023-03-01
In the Linux kernel before 5.16.3, drivers/bluetooth/hci_qca.c misinterprets the devm_gpiod_get_index_optional return value (expects it to be NULL in the error case, whereas it is actually an error pointer).
- CVE-2023-23004MEDIUMCVSS 5.5EG 5.52023-03-01
In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer).
- CVE-2023-23005MEDIUMCVSS 5.5EG 5.52023-03-01
In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer). NOTE: this is disputed by third parties because there ar…
- CVE-2023-23006MEDIUMCVSS 5.5EG 5.52023-03-01
In the Linux kernel before 5.15.13, drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c misinterprets the mlx5_get_uars_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer).
- CVE-2023-23087CRITICALCVSS 9.8EG 9.82023-02-03
An issue was found in MojoJson v1.2.3 allows attackers to execute arbitary code via the destroy function.
- CVE-2023-23108HIGHCVSS 7.5EG 7.52023-02-27
In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a NULL pointer dereference in the function Xasc.
- CVE-2023-24465MEDIUMCVSS 5.5EG 5.52023-03-10
Communication Wi-Fi subsystem within OpenHarmony-v3.1.4 and prior versions, OpenHarmony-v3.0.7 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause the current applic…
- CVE-2023-24751MEDIUMCVSS 6.5EG 6.52023-03-01
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the mc_chroma function at motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.
- CVE-2023-24752MEDIUMCVSS 5.5EG 5.52023-03-01
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_hevc_epel_pixels_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.
- CVE-2023-24754MEDIUMCVSS 5.5EG 5.52023-03-01
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.
- CVE-2023-24755MEDIUMCVSS 5.5EG 5.52023-03-01
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_weighted_pred_8_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.
- CVE-2023-24756MEDIUMCVSS 5.5EG 5.52023-03-01
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_unweighted_pred_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.
- CVE-2023-24757MEDIUMCVSS 5.5EG 5.52023-03-01
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_unweighted_pred_16_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.
- CVE-2023-24758MEDIUMCVSS 5.5EG 5.52023-03-01
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.
- CVE-2023-24818HIGHCVSS 7.5EG 7.52023-04-24
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL po…
- CVE-2023-24822HIGHCVSS 7.5EG 7.52023-04-24
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL po…
- CVE-2023-24825HIGHCVSS 7.5EG 7.52023-05-30
RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device to trigger a NULL pointer …
- CVE-2023-24832HIGHCVSS 7.5EG 7.52023-05-18
A null pointer dereference bug in Hermes prior to commit 5cae9f72975cf0e5a62b27fdd8b01f103e198708 could have been used by an attacker to crash an Hermes runtime where the EnableHermesInternal config option was set to true. Note that this i…
- CVE-2023-24847HIGHCVSS 7.5EG 7.52023-10-03
Transient DOS in Modem while allocating DSM items.
- CVE-2023-24859HIGHCVSS 7.5EG 7.52023-03-14
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
- CVE-2023-24910HIGHCVSS 7.8EG 7.82023-03-14
Windows Graphics Component Elevation of Privilege Vulnerability
- CVE-2023-24938MEDIUMCVSS 6.5EG 6.52023-06-14
Windows CryptoAPI Denial of Service Vulnerability
- CVE-2023-24940HIGHCVSS 7.5EG 7.52023-05-09
Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability
Map vulnerabilities like CWE-476 to your infrastructure
EchelonGraph correlates every CVE — across CWE-476 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →