Skip to main content

Null Pointer Dereference

memory MEDIUM

A null pointer dereference occurs when a program attempts to access memory through a pointer that has been set to NULL (address 0x0).

How It Works

A null pointer dereference occurs when a program attempts to access memory through a pointer that has been set to NULL (address 0x0). In normal operation, pointers should reference valid memory locations before use. When a pointer is NULL—either uninitialized, explicitly set to NULL, or returned as NULL from a failed allocation—and the program tries to read from, write to, or execute code at that address, the operating system intervenes. On modern systems, accessing address zero triggers a segmentation fault that immediately terminates the process.

Attackers exploit this by manipulating program logic to force null pointer conditions. Common techniques include triggering allocation failures in low-memory conditions, providing malformed input that bypasses initialization checks, or exploiting race conditions where a pointer is checked for NULL but becomes NULL before use. The attacker identifies code paths where null checks are missing or inadequate, then crafts inputs to reach those vulnerable states.

On legacy systems without memory protection, attackers could map their own code at address zero, converting a crash into arbitrary code execution. Modern operating systems prevent this through mmap_min_addr restrictions that prohibit mapping memory below a threshold (typically 64KB). This mitigation has largely relegated null pointer dereferences to denial-of-service attacks rather than remote code execution vectors.

Impact

  • Service disruption: Immediate process crash, taking down the vulnerable application or daemon
  • Availability attacks: Repeated crashes forcing system restarts or service downtime
  • Limited code execution: On unpatched legacy systems (pre-2009 Linux kernels, older embedded devices) where address zero mapping is possible
  • Privilege escalation: In kernel-mode drivers where null dereferences can be exploited to execute attacker code with system privileges

Real-World Examples

The Linux kernel suffered from CVE-2009-2908, where null pointer dereferences in various subsystems could be exploited on systems allowing mmap at address zero. Attackers could map malicious code at NULL and trigger kernel null dereferences to achieve privilege escalation. This prompted the introduction of mmap_min_addr protections.

Microsoft Windows drivers have been frequent targets, including CVE-2020-17087 in the Windows kernel cryptography driver. Attackers triggered null pointer dereferences in kernel mode, which on older Windows versions could be exploited for local privilege escalation by controlling the null page.

Web browsers have experienced denial-of-service through null dereferences when parsing malformed content. Firefox CVE-2019-11707 involved a null pointer dereference in the IonMonkey JIT compiler, allowing attackers to crash the browser with specially crafted JavaScript, though not achieve code execution due to modern protections.

Mitigation

  • Explicit null checks: Validate all pointers before dereferencing, especially after allocation or function calls that may return NULL
  • Static analysis tools: Deploy analyzers like Coverity, Clang Static Analyzer, or PVS-Studio to detect missing null checks during development
  • Address space layout: Enable mmap_min_addr kernel protection (standard on modern Linux, typically 65536 bytes)
  • Fuzzing: Use AFL, libFuzzer, or similar tools to stress-test error handling paths and allocation failures
  • Safe coding practices: Initialize pointers to NULL, use smart pointers in C++, adopt languages with built-in null safety
  • Runtime bounds checking: Enable AddressSanitizer during testing to catch null dereferences immediately

Recent CVEs (4134)

EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Tecnomatix Plant Simulation
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Tecnomatix Plant Simulation
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.251), Parasolid V35.1 (All versions < V35.1.170). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Parasolid
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Envoy is a high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Envoy
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_DescriptorFinder::Test() function. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Bento4
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_StszAtom::GetSampleSize() function. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Bento4
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Vba32 Antivirus v3.36.0 is vulnerable to a Denial of Service vulnerability by triggering the 0x2220A7 IOCTL code of the Vba32m64.sys driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Vba32
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Linux +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service OpenSSL
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM This Month

NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Null Pointer Dereference Denial Of Service Linux +1
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

IObit Malware Fighter v11.0.0.1274 is vulnerable to a Denial of Service vulnerability by triggering the 0x8001E00C IOCTL code of the ImfHpRegFilter.sys driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Malware Fighter
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Qemu +1
NVD
EPSS 0% CVSS 7.5
HIGH This Month

A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS Evolved on ACX7024, ACX7100-32C and ACX7100-48L allows an unauthenticated, network-based attacker to cause a Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Juniper +1
NVD
EPSS 0% CVSS 4.3
MEDIUM POC PATCH Monitor

jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Jwx
NVD GitHub
EPSS 7% CVSS 7.5
HIGH PATCH This Month

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Microsoft +13
NVD
EPSS 0% CVSS 3.3
LOW Monitor

A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12),. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Jt2Go +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Xen
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Paddlepaddle
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Nullptr in paddle.put_along_axis in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Paddlepaddle
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Paddlepaddle
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Nullptr in paddle.dot in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Paddlepaddle
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Month

IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Wireshark
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference 315 5g Iot Modem Firmware +303
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Permanent DOS in Hypervisor while untrusted VM without PSCI support makes a PSCI call. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Aqt1000 Firmware +101
NVD
EPSS 1% CVSS 7.5
HIGH This Week

OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference, daemon crash, and Captive Portal outage). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Aleos
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_rate_decompress at zfp/blosc2-zfp.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference C Blosc2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the zfp/blosc2-zfp.c zfp_acc_decompress. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference C Blosc2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference in ndlz/ndlz8x8.c via a NULL pointer to memset. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference C Blosc2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_prec_decompress at zfp/blosc2-zfp.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference C Blosc2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux +1
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Cjson
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Cjson
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Slurm
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Adobe InDesign versions 19.0 (and earlier) and 17.4.2 (and earlier) are affected by a NULL Pointer Dereference vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Adobe Null Pointer Dereference +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c in the Digital Phase Locked Loop (DPLL) subsystem in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux +3
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

In multiple locations, there is a possible null dereference due to a missing null check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Android
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS when processing a NULL buffer while parsing WLAN vdev. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference 315 5g Iot Modem Firmware +222
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption when processing cmd parameters while parsing vdev. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Null Pointer Dereference +300
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Null Pointer Dereference +2
NVD GitHub
EPSS 2% CVSS 7.5
HIGH This Week

The ACEManager component of ALEOS 4.16 and earlier does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Aleos
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Python Null Pointer Dereference +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A null pointer dereference flaw was found in the nft_inner.c functionality of netfilter in the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Captive Portal
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Captive Portal
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Captive Portal
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Captive Portal
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in OpenNDS Captive Portal before 10.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Captive Portal
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. Rated medium severity (CVSS 4.7).

Denial Of Service Null Pointer Dereference Linux +2
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An issue in RedisGraph v.2.12.10 allows an attacker to execute arbitrary code and cause a denial of service via a crafted string in DataBlock_ItemIsDeleted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Null Pointer Dereference +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS in WLAN Firmware when firmware receives beacon including T2LM IE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Ar8035 Firmware +114
NVD
EPSS 6% CVSS 7.5
HIGH PATCH This Week

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Squid
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a NULL-pointer dereference may lead to denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service Null Pointer Dereference +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a NULL-pointer dereference may lead to denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service Linux +3
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a malicious user in the guest VM can cause a NULL-pointer dereference, which may. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service Null Pointer Dereference +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

NVIDIA GPU Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a NULL-pointer dereference, which may lead to denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service Linux +3
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

In International Color Consortium DemoIccMAX 79ecb74, CIccXformMatrixTRC::GetCurve in IccCmm.cpp in libSampleICC.a has a NULL pointer dereference. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Demoiccmax
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 6.5.9. Rated medium severity (CVSS 4.7). This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/xlsparse.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Catdoc
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM This Month

stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Stb Vorbis C
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

stb_image is a single file MIT licensed library for processing images. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Stb Image H
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

NULL Pointer Dereference in GitHub repository seleniumhq/selenium prior to 4.14.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Selenium
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3.0-DEV. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Gpac
NVD GitHub
EPSS 1% CVSS 4.9
MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Qnap +3
NVD
EPSS 69% CVSS 7.5
HIGH PATCH This Week

Microsoft QUIC Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Microsoft +4
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Microsoft AllJoyn API Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Microsoft +9
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Windows TCP/IP Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Microsoft +7
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Windows TCP/IP Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Microsoft +12
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Vim +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Linux +3
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Stb Image H
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS in Modem while allocating DSM items. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference 315 5g Iot Modem Firmware +254
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Null Pointer Dereference +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

libvips is a demand-driven, horizontally threaded image processing library. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Fedora +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos Mobile Processor, Automotive Processor, and Modem - Exynos 9810, Exynos 9610, Exynos 9820, Exynos. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Samsung +16
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in FRRouting FRR through 9.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Frrouting +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/fileutil.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Catdoc
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Apache +3
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Gpac
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Gpac
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in FRRouting FRR through 9.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Frrouting +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

An issue was discovered in Libreswan 3.x and 4.x before 4.12. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Microsoft +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

An issue was discovered in Libreswan before 4.12. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Libreswan
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

An issue in skalenetwork sgxwallet v.1.9.0 and below allows an attacker to cause a denial of service via the trustedGenerateEcdsaKey component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Sgxwallet
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Null pointer dereference in ieee_write_file in nasm 2.16rc0 allows attackers to cause a denial of service (crash). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Netwide Assembler
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

D-Link DIR-880 A1_FW107WWb08 was discovered to contain a NULL pointer dereference in the function FUN_00010824. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference D-Link +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap.c in the journaling file system (JFS) in the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Qemu
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Input parameter verification vulnerability in the communication system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Emui +1
NVD
Prev Page 28 of 46 Next

Quick Facts

Typical Severity
MEDIUM
Category
memory
Total CVEs
4134

Related CWEs

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy