Skip to main content

Null Pointer Dereference

memory MEDIUM

A null pointer dereference occurs when a program attempts to access memory through a pointer that has been set to NULL (address 0x0).

How It Works

A null pointer dereference occurs when a program attempts to access memory through a pointer that has been set to NULL (address 0x0). In normal operation, pointers should reference valid memory locations before use. When a pointer is NULL—either uninitialized, explicitly set to NULL, or returned as NULL from a failed allocation—and the program tries to read from, write to, or execute code at that address, the operating system intervenes. On modern systems, accessing address zero triggers a segmentation fault that immediately terminates the process.

Attackers exploit this by manipulating program logic to force null pointer conditions. Common techniques include triggering allocation failures in low-memory conditions, providing malformed input that bypasses initialization checks, or exploiting race conditions where a pointer is checked for NULL but becomes NULL before use. The attacker identifies code paths where null checks are missing or inadequate, then crafts inputs to reach those vulnerable states.

On legacy systems without memory protection, attackers could map their own code at address zero, converting a crash into arbitrary code execution. Modern operating systems prevent this through mmap_min_addr restrictions that prohibit mapping memory below a threshold (typically 64KB). This mitigation has largely relegated null pointer dereferences to denial-of-service attacks rather than remote code execution vectors.

Impact

  • Service disruption: Immediate process crash, taking down the vulnerable application or daemon
  • Availability attacks: Repeated crashes forcing system restarts or service downtime
  • Limited code execution: On unpatched legacy systems (pre-2009 Linux kernels, older embedded devices) where address zero mapping is possible
  • Privilege escalation: In kernel-mode drivers where null dereferences can be exploited to execute attacker code with system privileges

Real-World Examples

The Linux kernel suffered from CVE-2009-2908, where null pointer dereferences in various subsystems could be exploited on systems allowing mmap at address zero. Attackers could map malicious code at NULL and trigger kernel null dereferences to achieve privilege escalation. This prompted the introduction of mmap_min_addr protections.

Microsoft Windows drivers have been frequent targets, including CVE-2020-17087 in the Windows kernel cryptography driver. Attackers triggered null pointer dereferences in kernel mode, which on older Windows versions could be exploited for local privilege escalation by controlling the null page.

Web browsers have experienced denial-of-service through null dereferences when parsing malformed content. Firefox CVE-2019-11707 involved a null pointer dereference in the IonMonkey JIT compiler, allowing attackers to crash the browser with specially crafted JavaScript, though not achieve code execution due to modern protections.

Mitigation

  • Explicit null checks: Validate all pointers before dereferencing, especially after allocation or function calls that may return NULL
  • Static analysis tools: Deploy analyzers like Coverity, Clang Static Analyzer, or PVS-Studio to detect missing null checks during development
  • Address space layout: Enable mmap_min_addr kernel protection (standard on modern Linux, typically 65536 bytes)
  • Fuzzing: Use AFL, libFuzzer, or similar tools to stress-test error handling paths and allocation failures
  • Safe coding practices: Initialize pointers to NULL, use smart pointers in C++, adopt languages with built-in null safety
  • Runtime bounds checking: Enable AddressSanitizer during testing to catch null dereferences immediately

Recent CVEs (4134)

EPSS 0% CVSS 2.0
LOW PATCH Monitor

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization. Rated low severity (CVSS 2.0), this vulnerability is no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Parasolid +1
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c and /elf/elf.c, which allows the attacker to cause a denial of service via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Yasm
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Paddlepaddle
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM This Month

A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Linux +6
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux +6
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux +6
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Libssh
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

In NATO Communications and Information Agency anet (aka Advisor Network) through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Advisor Network
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

The session restore helper crashed whenever there was no parameter sent to the message handler. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Null Pointer Dereference +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A NULL pointer dereference vulnerability was found in netlink_dump. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Null Pointer Dereference +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Null pointer dereference vulnerability exists in multiple vendors MFPs and printers which implement Debut web server 1.2 or 1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Docuprint M265 Z Firmware +215
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Windows Peer Name Resolution Protocol Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Microsoft +12
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

HTTP.sys Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Windows 10 1809 +4
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A flaw was found in the QEMU built-in VNC server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Qemu +3
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Vulnerability of incomplete input parameter verification in the communication framework module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Emui +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the nvdisasm binary file, where an attacker may cause a NULL pointer dereference by providing a user with a malformed ELF file. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Nvidia Denial Of Service Null Pointer Dereference +2
NVD
EPSS 8% CVSS 6.5
MEDIUM POC This Month

A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Linux +3
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

A null pointer dereference issue was found in Libtiff's tif_dir.c file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Libtiff
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in the Linux kernel brcm_nvram_parse in drivers/nvmem/brcm_nvram.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A null pointer dereference was found in the Linux kernel's Integrated Sensor Hub (ISH) driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in the Linux kernel AMD Sensor Fusion Hub driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Amd Denial Of Service Null Pointer Dereference +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in the Linux kernel's drivers/gpu/drm/msm/msm_gem_submit.c code in the submit_lookup_cmds function, which fails because it lacks a check of the return value. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux +1
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux +9
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 6.1-rc8. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux +1
NVD
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Libtiff
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A null pointer dereference in Fortinet FortiOS before 7.2.5 and before 7.0.11, FortiProxy before 7.2.3 and before 7.0.9 allows attacker to denial of sslvpn service via specifically crafted request in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Fortinet Null Pointer Dereference +2
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A null pointer dereference in Fortinet FortiOS before 7.2.5, before 7.0.11 and before 6.4.13, FortiProxy before 7.2.4 and before 7.0.10 allows attacker to denial of sslvpn service via specifically. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Fortinet Null Pointer Dereference +2
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service RCE Null Pointer Dereference +11
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Windows CryptoAPI Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Microsoft +7
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10),. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Jt2Go +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Null Pointer Dereference +5
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

iniparser v4.1 is vulnerable to NULL Pointer Dereference in function iniparser_getlongint which misses check NULL for function iniparser_getstring's return. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Iniparser
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Gpac
NVD GitHub
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability was found in openldap. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Openldap +10
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Riot
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. Rated medium severity (CVSS 4.7). This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux +7
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Libssh +3
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in eScan Antivirus 22.0.1400.2443. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Escan Anti Virus
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability classified as problematic has been found in FlexiHub 5.5.14691.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Flexihub
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in FabulaTech USB for Remote Desktop 6.1.0.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Usb For Remote Desktop
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Gpac
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A null pointer dereference bug in Hermes prior to commit 5cae9f72975cf0e5a62b27fdd8b01f103e198708 could have been used by an attacker to crash an Hermes runtime where the EnableHermesInternal config. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Hermes
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Libtiff +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A vulnerability classified as problematic was found in OpenCV wechat_qrcode Module up to 4.7.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Opencv
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Vim +1
NVD GitHub VulDB
EPSS 5% CVSS 7.5
HIGH PATCH This Week

Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Microsoft +13
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

The Contiki-NG operating system versions 4.8 and prior can be triggered to dereference a NULL pointer in the message handling code for IPv6 router solicitiations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Contiki Ng
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

In NanoMQ v0.15.0-0, segment fault with Null Pointer Dereference occurs in the process of decoding subinfo_decode and unsubinfo_decode. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Nanomq
NVD GitHub
EPSS 1% CVSS 4.7
MEDIUM PATCH This Month

A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. Rated medium severity (CVSS 4.7). This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libxml2 +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Riot
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Riot
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

An issue was discovered in drivers/media/test-drivers/vidtv/vidtv_bridge.c in the Linux kernel 6.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Linux +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

NVIDIA CUDA Toolkit SDK for Linux and Windows contains a NULL pointer dereference in cuobjdump, where a local user running the tool against a malformed binary may cause a limited denial of service. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service Null Pointer Dereference +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a NULL pointer dereference may lead to denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service Null Pointer Dereference +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Linux Kernel
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux +2
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Null Pointer Dereference Linux +1
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Avast and AVG Antivirus for Windows were susceptible to a NULL pointer dereference issue via RPC-interface. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Microsoft +2
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ffi_cb_impl_wpwwwww at src/mjs_ffi.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Mjs
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lysp_stmt_validate_value at lys_parse_mem.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libyang
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability has been identified in SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD89 (CP300) (All versions >=. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Siprotec 5 6Md85 Firmware +38
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Libyang +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Apache +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious user in a guest VM can cause a NULL-pointer dereference, which may lead to denial of service. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service Null Pointer Dereference +1
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in JiangMin Antivirus 16.2.2022.418. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Jiangmin Antivirus
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability classified as problematic has been found in Jianming Antivirus 16.2.2022.418. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Jiangmin Antivirus
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

TensorFlow is an open source machine learning platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Tensorflow
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

TensorFlow is an open source machine learning platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Tensorflow
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Tensorflow
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Tensorflow
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Tensorflow
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Tensorflow
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Tensorflow
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A NULL pointer dereference was found in io_file_bitmap_get in io_uring/filetable.c in the io_uring sub-component in the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux +1
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse_list function at the list.c:81 endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Tcpreplay
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the macinstring function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Tcpreplay
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse endpoints function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Tcpreplay
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a denial of service via the read_hexstring function at the utils.c:309 endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Tcpreplay
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). Rated high severity (CVSS 7.0).

Denial Of Service Null Pointer Dereference Linux +7
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Libde265 v1.0.11 was discovered to contain a segmentation violation via the function decoder_context::process_slice_segment_header at decctx.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libde265
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Windows Graphics Component Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Microsoft +15
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Microsoft +12
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

STEPTools v18SP1 ifcmesh library (v18.1) is affected due to a null pointer dereference, which could allow an attacker to deny application usage when reading a specially constructed file, resulting in. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Ifcmesh Library
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Vim
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

radare2 v5.8.3 was discovered to contain a segmentation fault via the component wasm_dis at p/wasm/wasm.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Radare2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference HashiCorp Consul
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Vim +1
NVD GitHub
Prev Page 29 of 46 Next

Quick Facts

Typical Severity
MEDIUM
Category
memory
Total CVEs
4134

Related CWEs

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy