CWE-476— NULL Pointer Dereference
4,740 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-476page 48 of 95
- CVE-2023-37039MEDIUMCVSS 6.5EG 6.52025-01-22
A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allow network-adjacent attackers to crash the MME via an S1AP `Initial UE Mess…
- CVE-2023-37185HIGHCVSS 7.5EG 7.52023-12-25
C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_prec_decompress at zfp/blosc2-zfp.c.
- CVE-2023-37186HIGHCVSS 7.5EG 7.52023-12-25
C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference in ndlz/ndlz8x8.c via a NULL pointer to memset.
- CVE-2023-37187HIGHCVSS 7.5EG 7.52023-12-25
C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the zfp/blosc2-zfp.c zfp_acc_decompress. function.
- CVE-2023-37188HIGHCVSS 7.5EG 7.52023-12-25
C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_rate_decompress at zfp/blosc2-zfp.c.
- CVE-2023-37368MEDIUMCVSS 5.9EG 5.92023-09-08
An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos Mobile Processor, Automotive Processor, and Modem - Exynos 9810, Exynos 9610, Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100…
- CVE-2023-37456MEDIUMCVSS 6.5EG 6.52023-07-12
The session restore helper crashed whenever there was no parameter sent to the message handler. This vulnerability affects Firefox for iOS < 115.
- CVE-2023-3772MEDIUMCVSS 5.5EG 5.52023-07-25
A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading…
- CVE-2023-37732MEDIUMCVSS 5.5EG 5.52023-07-26
Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c and /elf/elf.c, which allows the attacker to cause a denial of service via a crafted file.
- CVE-2023-38171HIGHCVSS 7.5EG 7.52023-10-10
Microsoft QUIC Denial of Service Vulnerability
- CVE-2023-38313HIGHCVSS 7.5EG 7.52023-11-17
An issue was discovered in OpenNDS Captive Portal before 10.1.2. it has a do_binauth NULL pointer dereference that can be triggered with a crafted GET HTTP request with a missing client redirect query string parameter. Triggering this issu…
- CVE-2023-38314MEDIUMCVSS 6.5EG 6.52023-11-17
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a NULL pointer dereference in preauthenticated() that can be triggered with a crafted GET HTTP request with a missing redirect query string parameter. Triggeri…
- CVE-2023-38315HIGHCVSS 7.5EG 7.52023-11-17
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a try_to_authenticate NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing client token query string parameter. Triggering thi…
- CVE-2023-38320HIGHCVSS 7.5EG 7.52023-11-17
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a show_preauthpage NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing User-Agent header. Triggering this issue results in cr…
- CVE-2023-38321HIGHCVSS 7.5EG 7.52023-12-25
OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference, daemon crash, and Captive Portal outage) via a GET request to /opennds_auth/ tha…
- CVE-2023-38322HIGHCVSS 7.5EG 7.52023-11-17
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a do_binauth NULL pointer dereference that be triggered with a crafted GET HTTP request with a missing User-Agent HTTP header. Triggering this issue results in…
- CVE-2023-38524LOWCVSS 3.3EG 3.32023-08-08
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcent…
- CVE-2023-3866MEDIUMCVSS 5.5EG 5.52025-08-16
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in the compound request This patch validate session id and tree id in compound request. If first operation in the compound is SMB2…
- CVE-2023-38665MEDIUMCVSS 5.5EG 5.52023-08-22
Null pointer dereference in ieee_write_file in nasm 2.16rc0 allows attackers to cause a denial of service (crash).
- CVE-2023-38670MEDIUMCVSS 4.7EG 4.72023-07-26
Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. This resulted in a runtime crash and denial of service.
- CVE-2023-38676MEDIUMCVSS 4.7EG 4.72024-01-03
Nullptr in paddle.dot in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
- CVE-2023-38711MEDIUMCVSS 6.5EG 7.52023-08-25
An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a crash and restart of the pluto da…
- CVE-2023-38712MEDIUMCVSS 6.5EG 7.52023-08-25
An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify…
- CVE-2023-39351MEDIUMCVSS 5.3EG 5.32023-08-31
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of FreeRDP are subject to a Null Pointer Dereference leading a crash in the RemoteFX (rfx) handling. Inside the `r…
- CVE-2023-39397HIGHCVSS 7.5EG 7.52023-08-13
Input parameter verification vulnerability in the communication system. Successful exploitation of this vulnerability may affect availability.
- CVE-2023-39669HIGHCVSS 7.5EG 7.52023-08-18
D-Link DIR-880 A1_FW107WWb08 was discovered to contain a NULL pointer dereference in the function FUN_00010824.
- CVE-2023-40032MEDIUMCVSS 5.5EG 5.52023-09-11
libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed UTF-8 character. Users should upgrade t…
- CVE-2023-40308HIGHCVSS 7.5EG 7.52023-09-12
SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There …
- CVE-2023-40360MEDIUMCVSS 5.5EG 5.52023-08-14
QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Placement is enabled.
- CVE-2023-40459HIGHCVSS 7.5EG 7.52023-12-04
The ACEManager component of ALEOS 4.16 and earlier does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other …
- CVE-2023-40546MEDIUMCVSS 6.2EG 6.22024-01-29
A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doe…
- CVE-2023-41234MEDIUMCVSS 5.0EG 5.02024-05-16
NULL pointer dereference in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2023-41274MEDIUMCVSS 5.5EG 5.52024-02-02
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network.…
- CVE-2023-41358HIGHCVSS 7.5EG 7.52023-08-29
An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.
- CVE-2023-41633MEDIUMCVSS 5.5EG 5.52023-09-01
Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/fileutil.c.
- CVE-2023-41909HIGHCVSS 7.5EG 7.52023-09-05
An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference.
- CVE-2023-42754MEDIUMCVSS 5.5EG 5.52023-10-05
A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs.…
- CVE-2023-42785MEDIUMCVSS 6.5EG 6.52025-01-14
A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request.
- CVE-2023-42786MEDIUMCVSS 6.5EG 6.52025-01-14
A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request.
- CVE-2023-43279MEDIUMCVSS 6.5EG 6.52024-03-12
Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcpreplay 4.4.4 allows attackers to crash the application via crafted tcprewrite command.
- CVE-2023-43522HIGHCVSS 7.5EG 7.52024-02-06
Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL.
- CVE-2023-43541HIGHCVSS 8.4EG 8.42024-03-04
Memory corruption while invoking the SubmitCommands call on Gfx engine during the graphics render.
- CVE-2023-4385MEDIUMCVSS 5.5EG 5.52023-08-16
A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap.c in the journaling file system (JFS) in the Linux Kernel. This issue may allow a local attacker to crash the system due to a missing sanity check.
- CVE-2023-43898MEDIUMCVSS 5.5EG 5.52023-10-03
Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted pic file.
- CVE-2023-44341MEDIUMCVSS 5.5EG 5.52024-02-29
Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in …
- CVE-2023-44347MEDIUMCVSS 5.5EG 5.52024-02-29
Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in …
- CVE-2023-4459MEDIUMCVSS 5.5EG 6.52023-08-21
A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause …
- CVE-2023-45667MEDIUMCVSS 5.3EG 5.32023-10-21
stb_image is a single file MIT licensed library for processing images. If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the f…
- CVE-2023-45680MEDIUMCVSS 5.3EG 5.32023-10-21
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, the `f->comment_list` is set to `NULL`, but…
- CVE-2023-45913MEDIUMCVSS 6.2EG 6.22024-03-27
Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function dri2GetGlxDrawableFromXDrawableId(). This vulnerability is triggered when the X11 server sends an DRI2_BufferSwapComplete event unexpectedly when the applic…
Map vulnerabilities like CWE-476 to your infrastructure
EchelonGraph correlates every CVE — across CWE-476 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →