Skip to main content

Null Pointer Dereference

memory MEDIUM

A null pointer dereference occurs when a program attempts to access memory through a pointer that has been set to NULL (address 0x0).

How It Works

A null pointer dereference occurs when a program attempts to access memory through a pointer that has been set to NULL (address 0x0). In normal operation, pointers should reference valid memory locations before use. When a pointer is NULL—either uninitialized, explicitly set to NULL, or returned as NULL from a failed allocation—and the program tries to read from, write to, or execute code at that address, the operating system intervenes. On modern systems, accessing address zero triggers a segmentation fault that immediately terminates the process.

Attackers exploit this by manipulating program logic to force null pointer conditions. Common techniques include triggering allocation failures in low-memory conditions, providing malformed input that bypasses initialization checks, or exploiting race conditions where a pointer is checked for NULL but becomes NULL before use. The attacker identifies code paths where null checks are missing or inadequate, then crafts inputs to reach those vulnerable states.

On legacy systems without memory protection, attackers could map their own code at address zero, converting a crash into arbitrary code execution. Modern operating systems prevent this through mmap_min_addr restrictions that prohibit mapping memory below a threshold (typically 64KB). This mitigation has largely relegated null pointer dereferences to denial-of-service attacks rather than remote code execution vectors.

Impact

  • Service disruption: Immediate process crash, taking down the vulnerable application or daemon
  • Availability attacks: Repeated crashes forcing system restarts or service downtime
  • Limited code execution: On unpatched legacy systems (pre-2009 Linux kernels, older embedded devices) where address zero mapping is possible
  • Privilege escalation: In kernel-mode drivers where null dereferences can be exploited to execute attacker code with system privileges

Real-World Examples

The Linux kernel suffered from CVE-2009-2908, where null pointer dereferences in various subsystems could be exploited on systems allowing mmap at address zero. Attackers could map malicious code at NULL and trigger kernel null dereferences to achieve privilege escalation. This prompted the introduction of mmap_min_addr protections.

Microsoft Windows drivers have been frequent targets, including CVE-2020-17087 in the Windows kernel cryptography driver. Attackers triggered null pointer dereferences in kernel mode, which on older Windows versions could be exploited for local privilege escalation by controlling the null page.

Web browsers have experienced denial-of-service through null dereferences when parsing malformed content. Firefox CVE-2019-11707 involved a null pointer dereference in the IonMonkey JIT compiler, allowing attackers to crash the browser with specially crafted JavaScript, though not achieve code execution due to modern protections.

Mitigation

  • Explicit null checks: Validate all pointers before dereferencing, especially after allocation or function calls that may return NULL
  • Static analysis tools: Deploy analyzers like Coverity, Clang Static Analyzer, or PVS-Studio to detect missing null checks during development
  • Address space layout: Enable mmap_min_addr kernel protection (standard on modern Linux, typically 65536 bytes)
  • Fuzzing: Use AFL, libFuzzer, or similar tools to stress-test error handling paths and allocation failures
  • Safe coding practices: Initialize pointers to NULL, use smart pointers in C++, adopt languages with built-in null safety
  • Runtime bounds checking: Enable AddressSanitizer during testing to catch null dereferences immediately

Recent CVEs (4134)

EPSS 1% CVSS 7.5
HIGH This Week

An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Stormshield Network Security
NVD
EPSS 2% CVSS 5.5
MEDIUM POC PATCH This Month

NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Vim +2
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

liblsquic/lsquic_qenc_hdl.c in LiteSpeed QUIC (aka LSQUIC) before 3.1.0 mishandles MAX_TABLE_CAPACITY. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Lsquic
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg/radare2 in GitHub repository radareorg/radare2 prior to 5.7.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Null Pointer Dereference +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Vim +2
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a this.maildoc NULL pointer dereference. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Pdf Editor +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

On F5 BIG-IP LTM, Advanced WAF, ASM, or APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and all versions of 13.1.x, 12.1.x, and 11.6.x, when. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Big Ip Access Policy Manager +3
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

GPAC 2.1-DEV-rev87-g053aae8-master. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Gpac
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability in the TCP proxy functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Null Pointer Dereference +1
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common.c file. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Pesign
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

Redis is an in-memory database that persists on disk. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Redis Null Pointer Dereference +4
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Chafa +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

An issue was discovered in in bwm-ng v0.6.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Bwm Ng
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.8. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Radare2
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Nginx Null Pointer Dereference +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Null pointer dereference vulnerability in parser_hvcC function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attackers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Null Pointer Dereference +1
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

Null pointer dereference vulnerability in parser_infe function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds read by remote attackers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Null Pointer Dereference +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Null pointer dereference vulnerability in parser_unknown_property function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Null Pointer Dereference +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Null pointer dereference vulnerability in parser_ispe function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Null Pointer Dereference +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Null pointer dereference vulnerability in parser_colr function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Null Pointer Dereference +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Null pointer dereference vulnerability in parser_auxC function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Null Pointer Dereference +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Null pointer dereference vulnerability in parser_irot function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Null Pointer Dereference +1
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Radare2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Control For Beaglebone Sl +19
NVD
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

NULL Pointer Dereference in mrb_vm_exec with super in GitHub repository mruby/mruby prior to 3.2. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Mruby
NVD GitHub
EPSS 1% CVSS 5.0
MEDIUM POC PATCH This Month

Null Pointer Dereference Caused Segmentation Fault in GitHub repository gpac/gpac prior to 2.1.0-DEV. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Gpac
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpac prior to 2.1.0-DEV. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Gpac
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM This Month

A null pointer dereference was addressed with improved validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Apple +6
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

GPAC 1.0.1 is affected by a NULL pointer dereference in gf_utf8_wcslen. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Gpac
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

GPAC 1.0.1 is affected by a NULL pointer dereference in gf_dump_vrml_field.isra (). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Gpac
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Libtiff +3
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

Foxit PDF Reader and Editor before 11.2.1 and PhantomPDF before 10.1.7 allow a NULL pointer dereference during PDF parsing because the pointer is used without proper validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Pdf Editor +1
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

NULL Pointer Dereference in GitHub repository mruby/mruby prior to 3.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Mruby
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.4. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Radare2 +1
NVD GitHub
EPSS 2% CVSS 5.5
MEDIUM POC PATCH This Month

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Vim +3
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

NULL Pointer Dereference in Homebrew mruby prior to 3.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Mruby
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

In Libsixel prior to and including v1.10.3, a NULL pointer dereference in the stb_image.h component of libsixel allows attackers to cause a denial of service (DOS) via a crafted PICT file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libsixel
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Wireshark +1
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

mruby is vulnerable to NULL Pointer Dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Mruby
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

An invalid memory address dereference vulnerability exists in gpac 1.1.0 via the svg_node_start function, which causes a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

A null pointer dereference vulnerability exists in gpac 1.1.0 via the lsr_read_anim_values_ex function, which causes a segmentation fault and application crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

A null pointer dereference vulnerability exists in gpac 1.1.0 in the lsr_read_id.part function, which causes a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

An Invalid pointer reference vulnerability exists in gpac 1.1.0 via the gf_svg_node_del function, which causes a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM This Month

A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via asm/preproc.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Netwide Assembler
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_sg_vrml_mf_append function, which causes a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

A null pointer dereference vulnerability exists in gpac 1.1.0-DEV in the gf_node_get_tag function, which causes a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_svg_get_attribute_name function, which causes a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_dump_vrml_dyn_field.isra function, which causes a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

A null pointer dereference vulnerability exists in gpac 1.1.0 in the BD_CheckSFTimeOffset function, which causes a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_isom_parse_movie_boxes_internal function, which causes a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

A Null Pointer Dereference vulnerability exists in the gf_sg_vrml_mf_alloc function in gpac 1.1.0-DEV, which causes a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

A Null Pointer Dereference vulnerability exists in gpac 1.1.0 in the gf_node_get_field function, which can cause a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

The gf_isom_hint_rtp_read function in GPAC 1.0.1 allows attackers to cause a denial of service (Invalid memory address dereference) via a crafted file in the MP4Box command. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM This Month

Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Null pointer dereference vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Adobe +1
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Null pointer dereference vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Adobe +1
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Null pointer dereference vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Adobe +1
NVD
EPSS 82% CVSS 8.2
HIGH PATCH This Week

A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Apache Denial Of Service +12
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

Null pointer reference in CMS_Conservative_increment_obj in RaRe-Technologies bounter version 1.01 and 1.10, allows attackers to conduct Denial of Service attacks by inputting a huge width of hash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Bounter
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

Null Pointer Dereference vulnerability exists in numpy.sort in NumPy &lt and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Numpy
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

In btif_in_hf_client_generic_evt of btif_hf_client.cc, there is a possible Bluetooth service crash due to a missing null check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Google +1
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

Clementine Music Player through 1.3.1 is vulnerable to a User Mode Write Access Violation, affecting the MP3 file parsing functionality at clementine+0x3aa207. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Microsoft Denial Of Service +2
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

mruby is vulnerable to NULL Pointer Dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Mruby
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

There is a NULL Pointer Dereference vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Denial of Service Attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Huawei Denial Of Service +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

There is a NULL Pointer Dereference vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to kernel crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Huawei Denial Of Service +1
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference via out_dxfb.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libredwg
NVD GitHub
EPSS 2% CVSS 5.5
MEDIUM PATCH This Month

Adobe InCopy version 16.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Adobe +1
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Adobe Bridge version 11.1.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Adobe +1
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Adobe Prelude version 10.1 (and earlier) is affected by a null pointer dereference vulnerability when parsing a specially crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Adobe +1
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Adobe Prelude version 10.1 (and earlier) is affected by a null pointer dereference vulnerability when parsing a specially crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Adobe +1
NVD
EPSS 3% CVSS 7.5
HIGH POC This Week

NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Wireshark +2
NVD
EPSS 6% CVSS 7.5
HIGH POC This Week

NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Wireshark +2
NVD
EPSS 3% CVSS 7.5
HIGH POC This Week

NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Wireshark +1
NVD
EPSS 2% CVSS 5.5
MEDIUM This Month

Adobe Animate version 21.0.9 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted FLA file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Adobe +1
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Adobe After Effects version 18.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Adobe +1
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Adobe After Effects version 18.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Adobe +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Go-Ethereum 1.10.9 nodes crash (denial of service) after receiving a serial of messages and cannot be recovered. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Go Ethereum
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Fabric
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Busybox +11
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Busybox +11
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

The login routine of the web console in the Zoom On-Premise Meeting Connector before version 4.6.239.20200613, Zoom On-Premise Meeting Connector MMR before version 4.6.239.20200613, Zoom On-Premise. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Zoom On Premise Meeting Connector Controller +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Tensorflow
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Tensorflow
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Tensorflow
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

An issue was discoverered in in function xls_getWorkSheet in xls.c in libxls 1.6.2, allows attackers to cause a denial of service, via a crafted XLS file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Libxls +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a NULL pointer, which may lead to denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Nvidia +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Harmonyos
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Harmonyos
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Harmonyos
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a NULL pointer dereference in the kernel, created within user mode code, may lead to a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Microsoft Denial Of Service +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs, where an attacker with local unprivileged system access may cause a. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Microsoft Denial Of Service +2
NVD
Prev Page 32 of 46 Next

Quick Facts

Typical Severity
MEDIUM
Category
memory
Total CVEs
4134

Related CWEs

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy