CWE-476— NULL Pointer Dereference
4,740 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-476page 34 of 95
- CVE-2022-23595MEDIUMCVSS 5.3EG 5.32022-02-04
Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so `flr->confi…
- CVE-2022-24249MEDIUMCVSS 5.5EG 5.52022-02-04
A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 via the xtra_box_write function in /box_code_base.c, which causes a Denial of Service. This vulnerability was fixed in commit 71f9871.
- CVE-2022-24574MEDIUMCVSS 5.5EG 5.52022-03-14
GPAC 1.0.1 is affected by a NULL pointer dereference in gf_dump_vrml_field.isra ().
- CVE-2022-24577HIGHCVSS 7.8EG 7.82022-03-14
GPAC 1.0.1 is affected by a NULL pointer dereference in gf_utf8_wcslen. (gf_utf8_wcslen is a renamed Unicode utf8_wcslen function.)
- CVE-2022-24736LOWCVSS 3.3EG 3.32022-04-27
Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server pr…
- CVE-2022-2476MEDIUMCVSS 5.5EG 5.52022-07-19
A null pointer dereference bug was found in wavpack-5.4.0 The results from the ASAN log: AddressSanitizer:DEADLYSIGNAL ===================================================================84257==ERROR: AddressSanitizer: SEGV on unknown addre…
- CVE-2022-24808MEDIUMCVSS 6.5EG 6.52024-04-16
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a `SET` request to `NET-SNMP-AGENT-MIB::nsLogTable` to cause a NULL p…
- CVE-2022-24809MEDIUMCVSS 6.5EG 6.52024-04-16
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a `GET-NEXT` to the `nsVacmAccessTable` to cause a NULL pointer derefe…
- CVE-2022-24810MEDIUMCVSS 6.5EG 6.52024-04-16
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a SET to the nsVacmAccessTable to cause a NULL pointer dereference. V…
- CVE-2022-25108MEDIUMCVSS 5.5EG 5.52022-03-10
Foxit PDF Reader and Editor before 11.2.1 and PhantomPDF before 10.1.7 allow a NULL pointer dereference during PDF parsing because the pointer is used without proper validation.
- CVE-2022-25258MEDIUMCVSS 4.6EG 4.62022-02-16
An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NUL…
- CVE-2022-25310MEDIUMCVSS 5.5EG 5.52022-09-06
A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash …
- CVE-2022-2547HIGHCVSS 7.5EG 7.52022-08-17
A crafted HTTP packet without a content-type header can create a denial-of-service condition in Softing Secure Integration Server V1.22.
- CVE-2022-2549MEDIUMCVSS 5.5EG 5.52022-07-27
NULL Pointer Dereference in GitHub repository gpac/gpac prior to v2.1.0-DEV.
- CVE-2022-25710HIGHCVSS 7.5EG 7.52022-11-15
Denial of service due to null pointer dereference when GATT is disconnected in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
- CVE-2022-25733HIGHCVSS 7.5EG 7.52023-02-12
Denial of service in modem due to null pointer dereference while processing DNS packets
- CVE-2022-25735HIGHCVSS 7.5EG 7.52023-02-12
Denial of service in modem due to missing null check while processing TCP or UDP packets from server
- CVE-2022-25739HIGHCVSS 7.5EG 7.52023-04-13
Denial of service in modem due to missing null check while processing the ipv6 packet received during ECM call
- CVE-2022-25741HIGHCVSS 7.5EG 7.52022-11-15
Denial of service in WLAN due to potential null pointer dereference while accessing the memory location in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,…
- CVE-2022-25867HIGHCVSS 7.5EG 7.52022-08-02
The package io.socket:socket.io-client before 2.0.1 are vulnerable to NULL Pointer Dereference when parsing a packet with with invalid payload format.
- CVE-2022-26093MEDIUMCVSS 5.9EG 9.82022-04-11
Null pointer dereference vulnerability in parser_irot function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.
- CVE-2022-26094MEDIUMCVSS 5.9EG 9.82022-04-11
Null pointer dereference vulnerability in parser_auxC function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.
- CVE-2022-26095MEDIUMCVSS 5.9EG 9.82022-04-11
Null pointer dereference vulnerability in parser_colr function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.
- CVE-2022-26096MEDIUMCVSS 5.9EG 9.82022-04-11
Null pointer dereference vulnerability in parser_ispe function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.
- CVE-2022-26097MEDIUMCVSS 5.9EG 9.82022-04-11
Null pointer dereference vulnerability in parser_unknown_property function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.
- CVE-2022-26099MEDIUMCVSS 5.9EG 9.12022-04-11
Null pointer dereference vulnerability in parser_infe function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds read by remote attackers.
- CVE-2022-26979HIGHCVSS 7.5EG 7.52022-08-06
Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a NULL pointer dereference when this.Span is used for oState of Collab.addStateModel, because this.Span.text can be NULL.
- CVE-2022-27359MEDIUMCVSS 5.5EG 5.52022-05-05
Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a this.maildoc NULL pointer dereference.
- CVE-2022-27497HIGHCVSS 8.6EG 7.52022-11-11
Null pointer dereference in firmware for Intel(R) AMT before version 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable denial of service via network access.
- CVE-2022-27567MEDIUMCVSS 5.9EG 9.82022-04-11
Null pointer dereference vulnerability in parser_hvcC function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attackers.
- CVE-2022-27944HIGHCVSS 7.5EG 7.52022-08-06
Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow an exportXFAData NULL pointer dereference.
- CVE-2022-28049MEDIUMCVSS 5.5EG 5.52022-04-15
NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c.
- CVE-2022-28070HIGHCVSS 7.5EG 7.52023-08-22
A null pointer deference in __core_anal_fcn function in radare2 5.4.2 and 5.4.0.
- CVE-2022-28189MEDIUMCVSS 5.5EG 5.52022-05-17
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a NULL pointer dereference may lead to a system crash.
- CVE-2022-2832HIGHCVSS 7.5EG 7.52022-08-16
A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity.
- CVE-2022-2850MEDIUMCVSS 6.5EG 6.52022-10-14
A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial o…
- CVE-2022-2874MEDIUMCVSS 5.5EG 5.52022-08-18
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224.
- CVE-2022-29029MEDIUMCVSS 5.5EG 5.52022-05-20
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer …
- CVE-2022-29031MEDIUMCVSS 5.5EG 5.52022-05-20
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer …
- CVE-2022-29201MEDIUMCVSS 5.5EG 5.52022-05-20
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizedConv2D` does not fully validate the input arguments. In this case, references get boun…
- CVE-2022-29205MEDIUMCVSS 5.5EG 5.52022-05-20
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling `tf.compat.v1.*` ops which don't yet have support …
- CVE-2022-29206MEDIUMCVSS 5.5EG 5.52022-05-20
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SparseTensorDenseAdd` does not fully validate the input arguments. In this case, a reference ge…
- CVE-2022-29224MEDIUMCVSS 5.9EG 5.92022-06-09
Envoy is a cloud-native high-performance proxy. Versions of envoy prior to 1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy can perform various types of upstream health checking. One of them uses gRPC. Envoy a…
- CVE-2022-2923MEDIUMCVSS 5.5EG 5.52022-08-22
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240.
- CVE-2022-2928MEDIUMCVSS 6.5EG 7.52022-10-07
In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dere…
- CVE-2022-29340HIGHCVSS 7.5EG 7.52022-05-05
GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to improper return value handling of GF_SKIP_BOX, which causes a Denial of Service. This vulnerability was fixed in …
- CVE-2022-29491HIGHCVSS 7.5EG 7.52022-05-05
On F5 BIG-IP LTM, Advanced WAF, ASM, or APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a virtual server is configured with HTT…
- CVE-2022-29508MEDIUMCVSS 6.3EG 6.32023-05-10
Null pointer dereference in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2022-29694HIGHCVSS 7.5EG 7.52022-06-02
Unicorn Engine v2.0.0-rc7 and below was discovered to contain a NULL pointer dereference via qemu_ram_free.
- CVE-2022-2973HIGHCVSS 8.6EG 7.52022-09-23
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) uses a NULL pointer in certain situations. which could allow an attacker to crash the server.
Map vulnerabilities like CWE-476 to your infrastructure
EchelonGraph correlates every CVE — across CWE-476 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →