CWE-476— NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.— MITRE CWE catalog
4,955 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-476page 48 of 100
- CVE-2023-37036MEDIUMCVSS 6.5EG 6.52025-01-21
A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `Uplink NAS Tra…
- CVE-2023-37037MEDIUMCVSS 6.5EG 6.52025-01-21
A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `S1Setup Reques…
- CVE-2023-37038MEDIUMCVSS 6.5EG 6.52025-01-21
A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `Uplink NAS Tra…
- CVE-2023-37039MEDIUMCVSS 6.5EG 6.52025-01-22
A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allow network-adjacent attackers to crash the MME via an S1AP `Initial UE Mess…
- CVE-2023-37185HIGHCVSS 7.5EG 7.52023-12-25
C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_prec_decompress at zfp/blosc2-zfp.c.
- CVE-2023-37186HIGHCVSS 7.5EG 7.52023-12-25
C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference in ndlz/ndlz8x8.c via a NULL pointer to memset.
- CVE-2023-37187HIGHCVSS 7.5EG 7.52023-12-25
C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the zfp/blosc2-zfp.c zfp_acc_decompress. function.
- CVE-2023-37188HIGHCVSS 7.5EG 7.52023-12-25
C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_rate_decompress at zfp/blosc2-zfp.c.
- CVE-2023-37368MEDIUMCVSS 5.9EG 5.92023-09-08
An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos Mobile Processor, Automotive Processor, and Modem - Exynos 9810, Exynos 9610, Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100…
- CVE-2023-37456MEDIUMCVSS 6.5EG 6.52023-07-12
The session restore helper crashed whenever there was no parameter sent to the message handler. This vulnerability affects Firefox for iOS < 115.
- CVE-2023-3772MEDIUMCVSS 5.5EG 5.52023-07-25
A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading…
- CVE-2023-37732MEDIUMCVSS 5.5EG 5.52023-07-26
Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c and /elf/elf.c, which allows the attacker to cause a denial of service via a crafted file.
- CVE-2023-38171HIGHCVSS 7.5EG 7.52023-10-10
Microsoft QUIC Denial of Service Vulnerability
- CVE-2023-38313HIGHCVSS 7.5EG 7.52023-11-17
An issue was discovered in OpenNDS Captive Portal before 10.1.2. it has a do_binauth NULL pointer dereference that can be triggered with a crafted GET HTTP request with a missing client redirect query string parameter. Triggering this issu…
- CVE-2023-38314MEDIUMCVSS 6.5EG 6.52023-11-17
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a NULL pointer dereference in preauthenticated() that can be triggered with a crafted GET HTTP request with a missing redirect query string parameter. Triggeri…
- CVE-2023-38315HIGHCVSS 7.5EG 7.52023-11-17
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a try_to_authenticate NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing client token query string parameter. Triggering thi…
- CVE-2023-38320HIGHCVSS 7.5EG 7.52023-11-17
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a show_preauthpage NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing User-Agent header. Triggering this issue results in cr…
- CVE-2023-38321HIGHCVSS 7.5EG 7.52023-12-25
OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference, daemon crash, and Captive Portal outage) via a GET request to /opennds_auth/ tha…
- CVE-2023-38322HIGHCVSS 7.5EG 7.52023-11-17
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a do_binauth NULL pointer dereference that be triggered with a crafted GET HTTP request with a missing User-Agent HTTP header. Triggering this issue results in…
- CVE-2023-38524LOWCVSS 3.3EG 3.32023-08-08
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcent…
- CVE-2023-3866MEDIUMCVSS 5.5EG 5.52025-08-16
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in the compound request This patch validate session id and tree id in compound request. If first operation in the compound is SMB2…
- CVE-2023-38665MEDIUMCVSS 5.5EG 5.52023-08-22
Null pointer dereference in ieee_write_file in nasm 2.16rc0 allows attackers to cause a denial of service (crash).
- CVE-2023-38670MEDIUMCVSS 4.7EG 4.72023-07-26
Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. This resulted in a runtime crash and denial of service.
- CVE-2023-38676MEDIUMCVSS 4.7EG 4.72024-01-03
Nullptr in paddle.dot in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
- CVE-2023-38711MEDIUMCVSS 6.5EG 7.52023-08-25
An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a crash and restart of the pluto da…
- CVE-2023-38712MEDIUMCVSS 6.5EG 7.52023-08-25
An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify…
- CVE-2023-39351MEDIUMCVSS 5.3EG 5.32023-08-31
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of FreeRDP are subject to a Null Pointer Dereference leading a crash in the RemoteFX (rfx) handling. Inside the `r…
- CVE-2023-39397HIGHCVSS 7.5EG 7.52023-08-13
Input parameter verification vulnerability in the communication system. Successful exploitation of this vulnerability may affect availability.
- CVE-2023-39669HIGHCVSS 7.5EG 7.52023-08-18
D-Link DIR-880 A1_FW107WWb08 was discovered to contain a NULL pointer dereference in the function FUN_00010824.
- CVE-2023-40032MEDIUMCVSS 5.5EG 5.52023-09-11
libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed UTF-8 character. Users should upgrade t…
- CVE-2023-40308HIGHCVSS 7.5EG 7.52023-09-12
SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There …
- CVE-2023-40360MEDIUMCVSS 5.5EG 5.52023-08-14
QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Placement is enabled.
- CVE-2023-40459HIGHCVSS 7.5EG 7.52023-12-04
The ACEManager component of ALEOS 4.16 and earlier does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other …
- CVE-2023-40546MEDIUMCVSS 6.2EG 6.22024-01-29
A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doe…
- CVE-2023-41234MEDIUMCVSS 5.0EG 5.02024-05-16
NULL pointer dereference in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2023-41274MEDIUMCVSS 5.5EG 5.52024-02-02
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network.…
- CVE-2023-41358HIGHCVSS 7.5EG 7.52023-08-29
An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.
- CVE-2023-41633MEDIUMCVSS 5.5EG 5.52023-09-01
Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/fileutil.c.
- CVE-2023-41909HIGHCVSS 7.5EG 7.52023-09-05
An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference.
- CVE-2023-42754MEDIUMCVSS 5.5EG 5.52023-10-05
A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs.…
- CVE-2023-42785MEDIUMCVSS 6.5EG 6.52025-01-14
A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request.
- CVE-2023-42786MEDIUMCVSS 6.5EG 6.52025-01-14
A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request.
- CVE-2023-43279MEDIUMCVSS 6.5EG 6.52024-03-12
Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcpreplay 4.4.4 allows attackers to crash the application via crafted tcprewrite command.
- CVE-2023-43522HIGHCVSS 7.5EG 7.52024-02-06
Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL.
- CVE-2023-43541HIGHCVSS 8.4EG 8.42024-03-04
Memory corruption while invoking the SubmitCommands call on Gfx engine during the graphics render.
- CVE-2023-4385MEDIUMCVSS 5.5EG 5.52023-08-16
A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap.c in the journaling file system (JFS) in the Linux Kernel. This issue may allow a local attacker to crash the system due to a missing sanity check.
- CVE-2023-43898MEDIUMCVSS 5.5EG 5.52023-10-03
Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted pic file.
- CVE-2023-44341MEDIUMCVSS 5.5EG 5.52024-02-29
Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in …
- CVE-2023-44347MEDIUMCVSS 5.5EG 5.52024-02-29
Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in …
- CVE-2023-4459MEDIUMCVSS 5.5EG 6.52023-08-21
A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause …
Map vulnerabilities like CWE-476 to your infrastructure
EchelonGraph correlates every CVE — across CWE-476 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →