Skip to main content

Null Pointer Dereference

memory MEDIUM

A null pointer dereference occurs when a program attempts to access memory through a pointer that has been set to NULL (address 0x0).

How It Works

A null pointer dereference occurs when a program attempts to access memory through a pointer that has been set to NULL (address 0x0). In normal operation, pointers should reference valid memory locations before use. When a pointer is NULL—either uninitialized, explicitly set to NULL, or returned as NULL from a failed allocation—and the program tries to read from, write to, or execute code at that address, the operating system intervenes. On modern systems, accessing address zero triggers a segmentation fault that immediately terminates the process.

Attackers exploit this by manipulating program logic to force null pointer conditions. Common techniques include triggering allocation failures in low-memory conditions, providing malformed input that bypasses initialization checks, or exploiting race conditions where a pointer is checked for NULL but becomes NULL before use. The attacker identifies code paths where null checks are missing or inadequate, then crafts inputs to reach those vulnerable states.

On legacy systems without memory protection, attackers could map their own code at address zero, converting a crash into arbitrary code execution. Modern operating systems prevent this through mmap_min_addr restrictions that prohibit mapping memory below a threshold (typically 64KB). This mitigation has largely relegated null pointer dereferences to denial-of-service attacks rather than remote code execution vectors.

Impact

  • Service disruption: Immediate process crash, taking down the vulnerable application or daemon
  • Availability attacks: Repeated crashes forcing system restarts or service downtime
  • Limited code execution: On unpatched legacy systems (pre-2009 Linux kernels, older embedded devices) where address zero mapping is possible
  • Privilege escalation: In kernel-mode drivers where null dereferences can be exploited to execute attacker code with system privileges

Real-World Examples

The Linux kernel suffered from CVE-2009-2908, where null pointer dereferences in various subsystems could be exploited on systems allowing mmap at address zero. Attackers could map malicious code at NULL and trigger kernel null dereferences to achieve privilege escalation. This prompted the introduction of mmap_min_addr protections.

Microsoft Windows drivers have been frequent targets, including CVE-2020-17087 in the Windows kernel cryptography driver. Attackers triggered null pointer dereferences in kernel mode, which on older Windows versions could be exploited for local privilege escalation by controlling the null page.

Web browsers have experienced denial-of-service through null dereferences when parsing malformed content. Firefox CVE-2019-11707 involved a null pointer dereference in the IonMonkey JIT compiler, allowing attackers to crash the browser with specially crafted JavaScript, though not achieve code execution due to modern protections.

Mitigation

  • Explicit null checks: Validate all pointers before dereferencing, especially after allocation or function calls that may return NULL
  • Static analysis tools: Deploy analyzers like Coverity, Clang Static Analyzer, or PVS-Studio to detect missing null checks during development
  • Address space layout: Enable mmap_min_addr kernel protection (standard on modern Linux, typically 65536 bytes)
  • Fuzzing: Use AFL, libFuzzer, or similar tools to stress-test error handling paths and allocation failures
  • Safe coding practices: Initialize pointers to NULL, use smart pointers in C++, adopt languages with built-in null safety
  • Runtime bounds checking: Enable AddressSanitizer during testing to catch null dereferences immediately

Recent CVEs (4134)

EPSS 0%
PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: char: applicom: fix NULL pointer dereference in ac_ioctl Discovered by Atuin - Automated Vulnerability Discovery Engine. In ac_ioctl, the validation of IndexCard and the check for a valid RamIO pointer are skipped when cmd is 6.

Linux Null Pointer Dereference Linux Kernel
NVD VulDB
EPSS 0%
PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() prp_get_untagged_frame() calls __pskb_copy() to create frame->skb_std but doesn't check if the allocation failed.

Linux Debian Null Pointer Dereference +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

NULL Pointer Dereference vulnerability in Apache Nimble. Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference. [CVSS 7.5 HIGH]

Apache Null Pointer Dereference Nimble
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

HarfBuzz text shaping engine versions prior to 12.3.0 crash when the SubtableUnicodesCache::create function attempts to dereference a null pointer returned by failed memory allocation, enabling denial of service in applications processing untrusted font data. Public exploit code exists for this vulnerability. A patch is available in version 12.3.0 and later.

Null Pointer Dereference Harfbuzz Red Hat +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer dereference in fluid_synth_monopoly.c, that can be triggered when loading an invalid midi file. [CVSS 7.5 HIGH]

Null Pointer Dereference Fluidsynth Suse
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A null pointer dereference in TOTOLINK WA1200 5.9c.2914's HTTP request handler (cstecgi.cgi) allows remote unauthenticated attackers to trigger a denial of service condition. Public exploit code is available for this vulnerability, increasing the risk of active exploitation. A patch is not currently available, leaving affected devices vulnerable until an update is released.

Null Pointer Dereference Wa1200 Poe Wa1200 Poe Firmware
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM POC This Month

iccDEV versions prior to 2.3.1.2 contain a null pointer dereference vulnerability in ICC color profile processing that causes denial of service when malicious or malformed profiles are processed. Public exploit code exists for this vulnerability, and no patched version is currently available. Users of the iccDEV library who handle untrusted color profiles are at risk of application crashes.

Null Pointer Dereference Iccdev
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

iccDEV versions prior to 2.3.1.2 are susceptible to denial of service through a null pointer dereference in the CIccProfileXml::ParseBasic() function, which can be triggered by local users with minimal privileges through user interaction. Public exploit code exists for this vulnerability, allowing attackers to crash the application and disrupt ICC color profile processing. A patch is available in version 2.3.1.2 and should be applied to affected systems.

Null Pointer Dereference Denial Of Service Iccdev
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC PATCH This Month

iccDEV versions before 2.3.1.2 are vulnerable to a null pointer dereference in the CIccTagSparseMatrixArray function when processing ICC color profiles, allowing local attackers with user interaction to cause denial of service or data corruption. Public exploit code exists for this vulnerability. Users should upgrade to version 2.3.1.2 or later to remediate the issue.

Null Pointer Dereference Iccdev
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

iccDEV versions prior to 2.3.1.2 are vulnerable to denial of service through a null pointer dereference in the XML tag parser, allowing local attackers with user interaction to crash the application. Public exploit code exists for this vulnerability, and a patch is available in version 2.3.1.2.

Null Pointer Dereference Iccdev
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

iccDEV versions prior to 2.3.1.2 are susceptible to denial of service through a null pointer dereference in the XML parser, allowing local attackers with user interaction to crash the application. Public exploit code exists for this vulnerability, and a patch is available in version 2.3.1.2 and later.

Null Pointer Dereference Iccdev
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

iccDEV versions prior to 2.3.1.2 suffer from a null pointer dereference in the XML calculator parser that allows local attackers to crash the application and cause a denial of service. Public exploit code exists for this vulnerability. A patch is available in version 2.3.1.2 and later.

Null Pointer Dereference Iccdev
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

iccDEV versions before 2.3.1.2 crash when processing specially crafted ICC color profile tags due to improper null pointer validation, causing denial of service on systems using the library. Local attackers with user interaction can trigger this crash through a malicious color profile file. Public exploit code exists for this vulnerability.

Null Pointer Dereference Iccdev
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

iccDEV versions prior to 2.3.1.2 suffer from a null pointer dereference in the signature parser that allows local attackers to trigger a denial of service condition. Public exploit code exists for this vulnerability, and the issue affects all users of iccDEV's ICC color profile manipulation libraries and tools. A patch is available in version 2.3.1.2 and should be applied immediately.

Null Pointer Dereference Iccdev
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

A NULL Pointer Dereference vulnerability in TP-Link Archer BE400 V1(802.11 modules) allows  an adjacent attacker to cause a denial-of-service (DoS) by triggering a device reboot. This issue affects Archer BE400: xi 1.1.0 Build 20250710 rel.14914. [CVSS 6.5 MEDIUM]

TP-Link Null Pointer Dereference Archer Be400 Firmware
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Local denial of service in iccDEV versions prior to 2.3.1.2 allows an unauthenticated user with local access to crash applications processing ICC color profiles through a null pointer dereference. Public exploit code exists for this vulnerability. Users should upgrade to version 2.3.1.2 or later, as no workarounds are available.

Null Pointer Dereference Iccdev
NVD GitHub
EPSS 0%
PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: backlight: led-bl: Add devlink to supplier LEDs LED Backlight is a consumer of one or multiple LED class devices, but devlink is currently unable to create correct supplier-producer links when the supplier is a class device.

Linux Null Pointer Dereference Linux Kernel
NVD
EPSS 0%
PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: staging: most: remove broken i2c driver The MOST I2C driver has been completely broken for five years without anyone noticing so remove the driver from staging.

Linux Null Pointer Dereference Linux Kernel
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Qts +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 6.5 MEDIUM]

Qnap Null Pointer Dereference Qts +1
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Quts Hero +1
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Qts +1
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Qts +1
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Quts Hero +1
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Qts +1
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Quts Hero +1
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Quts Hero +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 6.5 MEDIUM]

Qnap Null Pointer Dereference Qts +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Release of Invalid Pointer or Reference vulnerability was discovered in fs/inode/fs_inoderemove code of the Apache NuttX RTOS that allowed root filesystem inode removal leading to a debug assert trigger (that is disabled by default), NULL pointer dereference (handled differently depending on the target architecture), or in general, a Denial of Service. [CVSS 6.5 MEDIUM]

Apache Null Pointer Dereference Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.

Null Pointer Dereference Python Denial Of Service +5
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: devlink: rate: Unset parent pointer in devl_rate_nodes_destroy The function devl_rate_nodes_destroy is documented to "Unset parent for all rate objects". However, it was only calling the driver-specific `rate_leaf_parent_set` or `rate_node_parent_set` ops and decrementing the parent's refcount, without actually setting the `devlink_rate->parent` pointer to NULL. This leaves a dangling pointer in the `devlink_rate` struct, which cause refcount error in netdevsim[1] and mlx5[2]. In addition, this is inconsistent with the behavior of `devlink_nl_rate_parent_node_set`, where the parent pointer is correctly cleared. This patch fixes the issue by explicitly setting `devlink_rate->parent` to NULL after notifying the driver, thus fulfilling the function's documented behavior for all rate objects. [1] repro steps: echo 1 > /sys/bus/netdevsim/new_device devlink dev eswitch set netdevsim/netdevsim1 mode switchdev echo 1 > /sys/bus/netdevsim/devices/netdevsim1/sriov_numvfs devlink port function rate add netdevsim/netdevsim1/test_node devlink port function rate set netdevsim/netdevsim1/128 parent test_node echo 1 > /sys/bus/netdevsim/del_device dmesg: refcount_t: decrement hit 0; leaking memory. WARNING: CPU: 8 PID: 1530 at lib/refcount.c:31 refcount_warn_saturate+0x42/0xe0 CPU: 8 UID: 0 PID: 1530 Comm: bash Not tainted 6.18.0-rc4+ #1 NONE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 RIP: 0010:refcount_warn_saturate+0x42/0xe0 Call Trace: <TASK> devl_rate_leaf_destroy+0x8d/0x90 __nsim_dev_port_del+0x6c/0x70 [netdevsim] nsim_dev_reload_destroy+0x11c/0x140 [netdevsim] nsim_drv_remove+0x2b/0xb0 [netdevsim] device_release_driver_internal+0x194/0x1f0 bus_remove_device+0xc6/0x130 device_del+0x159/0x3c0 device_unregister+0x1a/0x60 del_device_store+0x111/0x170 [netdevsim] kernfs_fop_write_iter+0x12e/0x1e0 vfs_write+0x215/0x3d0 ksys_write+0x5f/0xd0 do_syscall_64+0x55/0x10f0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 [2] devlink dev eswitch set pci/0000:08:00.0 mode switchdev devlink port add pci/0000:08:00.0 flavour pcisf pfnum 0 sfnum 1000 devlink port function rate add pci/0000:08:00.0/group1 devlink port function rate set pci/0000:08:00.0/32768 parent group1 modprobe -r mlx5_ib mlx5_fwctl mlx5_core dmesg: refcount_t: decrement hit 0; leaking memory. WARNING: CPU: 7 PID: 16151 at lib/refcount.c:31 refcount_warn_saturate+0x42/0xe0 CPU: 7 UID: 0 PID: 16151 Comm: bash Not tainted 6.17.0-rc7_for_upstream_min_debug_2025_10_02_12_44 #1 NONE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 RIP: 0010:refcount_warn_saturate+0x42/0xe0 Call Trace: <TASK> devl_rate_leaf_destroy+0x8d/0x90 mlx5_esw_offloads_devlink_port_unregister+0x33/0x60 [mlx5_core] mlx5_esw_offloads_unload_rep+0x3f/0x50 [mlx5_core] mlx5_eswitch_unload_sf_vport+0x40/0x90 [mlx5_core] mlx5_sf_esw_event+0xc4/0x120 [mlx5_core] notifier_call_chain+0x33/0xa0 blocking_notifier_call_chain+0x3b/0x50 mlx5_eswitch_disable_locked+0x50/0x110 [mlx5_core] mlx5_eswitch_disable+0x63/0x90 [mlx5_core] mlx5_unload+0x1d/0x170 [mlx5_core] mlx5_uninit_one+0xa2/0x130 [mlx5_core] remove_one+0x78/0xd0 [mlx5_core] pci_device_remove+0x39/0xa0 device_release_driver_internal+0x194/0x1f0 unbind_store+0x99/0xa0 kernfs_fop_write_iter+0x12e/0x1e0 vfs_write+0x215/0x3d0 ksys_write+0x5f/0xd0 do_syscall_64+0x53/0x1f0 entry_SYSCALL_64_after_hwframe+0x4b/0x53

Null Pointer Dereference Linux Denial Of Service
NVD
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy crashes when JWT authentication is configured with the remote JWKS fetching, allow_missing_or_failed is enabled, multiple JWT tokens are present in the request headers and the JWKS fetch fails. This is caused by a re-entry bug in the JwksFetcherImpl. When the first token's JWKS fetch fails, onJwksError() callback triggers processing of the second token, which calls fetch() again on the same fetcher object. The original callback's reset() then clears the second fetch's state (receiver_ and request_) which causes a crash when the async HTTP response arrives.

Null Pointer Dereference Denial Of Service Debian +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

An issue was discovered in Camera in Samsung Mobile Processor Exynos 1280 and 2200. Unnecessary registration of a hardware IP address in the Camera device driver can lead to a NULL pointer dereference, resulting in a denial of service.

Null Pointer Dereference Samsung Denial Of Service +2
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01677581; Issue ID: MSV-4701.

Denial Of Service Null Pointer Dereference Nr15
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

In Modem, there is a possible application crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00628396; Issue ID: MSV-4775.

Denial Of Service Null Pointer Dereference Nr15
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01661199; Issue ID: MSV-4296.

Denial Of Service Null Pointer Dereference Nr15
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

NULL Pointer Dereference vulnerability in Avast Antivirus on MacOS, Avast Anitvirus on Linux when scanning a malformed Windows PE file causes the antivirus process to crash.This issue affects Antivirus: 16.0.0; Anitvirus: 3.0.3.

Microsoft Denial Of Service Null Pointer Dereference +3
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

A NULL pointer dereference in the ADTSAudioFileServerMediaSubsession::createNewRTPSink() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS file.

Denial Of Service Null Pointer Dereference Ubuntu +3
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM This Month

Netskope was notified about a potential gap in its agent (NS Client) on Windows systems. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Microsoft +1
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Suricata +1
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a NULL pointer dereference. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Nvidia +1
NVD
EPSS 0% CVSS 4.3
MEDIUM POC PATCH Monitor

Null pointer dereference in add_ca_certs() in Cesanta Mongoose before 7.2 allows remote attackers to cause a denial of service via TLS initialization where SSL_CTX_get_cert_store() returns NULL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Mongoose
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH Monitor

Null pointer dereference in coap_dtls_info_callback() in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSL_get_app_data() returns NULL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Libcoap +1
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH Monitor

NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Libcoap +1
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH Monitor

NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Libcoap +1
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH Monitor

NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Libcoap +1
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH Monitor

NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Libcoap +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Month

NULL pointer dereference in get_san_or_cn_from_cert() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted X.509 certificate that causes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Libcoap +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Month

NULL pointer dereference in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS/TLS connection that triggers BIO_get_data() to return NULL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Libcoap +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

MLX is an array framework for machine learning on Apple silicon. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Apple +2
NVD GitHub
EPSS 0% CVSS 1.9
LOW PATCH Monitor

A bug in the filesystem traversal fallback path causes fs/diriterate/diriterate.go:Next() to overindex an empty slice when ReadDir returns nil for an empty directory, resulting in a panic (index out. Rated low severity (CVSS 1.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the info() function of bin_ne.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Radare2 +1
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH Monitor

A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the load() function of bin_dyldcache.c. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Radare2 +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Month

A null pointer dereference vulnerability exists in airpig2011 IEC104 thru Commit be6d841 (2019-07-08). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Iec104
NVD GitHub
EPSS 0%
Monitor

Linux kernel block I/O throttling subsystem crashes with a NULL pointer dereference when I/O operations are submitted during early initialization before throttle policy is fully activated, causing denial of service on affected systems. The vulnerability affects the block layer's throttle policy initialization sequence and is triggered sporadically on cold boots when blk_should_throtl() accesses uninitialized throttle group state. With an EPSS score of 0.03% (10th percentile) and no public exploit identified, this is a low-probability but high-impact local crash condition requiring a kernel patch to fully resolve.

Linux Linux Kernel Null Pointer Dereference +2
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Null pointer dereference for some Intel(R) QAT Windows software before version 2.6.0. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Microsoft +3
NVD
EPSS 0% CVSS 8.7
HIGH PATCH This Month

NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Libmicrohttpd +2
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference
NVD GitHub
EPSS 0% CVSS 0.6
LOW Monitor

A NULL pointer dereference vulnerability has been reported to affect File Station 5. Rated low severity (CVSS 0.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference File Station
NVD
EPSS 0% CVSS 1.3
LOW Monitor

A NULL pointer dereference vulnerability has been reported to affect File Station 5. Rated low severity (CVSS 1.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference File Station
NVD
EPSS 0% CVSS 1.3
LOW Monitor

A NULL pointer dereference vulnerability has been reported to affect File Station 5. Rated low severity (CVSS 1.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference File Station
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several product versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference File Station
NVD
EPSS 1% CVSS 7.5
HIGH POC This Month

An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Google Apple +8
NVD
EPSS 0% CVSS 7.5
HIGH POC PATCH This Month

A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr&#39;ouvert Lasso 2.5.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Lasso +2
NVD
EPSS 0% CVSS 7.5
HIGH This Month

An issue was discovered in the NPU driver in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, 2500. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Samsung +7
NVD
EPSS 0% CVSS 7.5
HIGH This Month

An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Samsung +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A null pointer dereference vulnerability exists in the Linux kernel's AMD display driver (drm/amd/display) within the dm_resume() function, where the aconnector->dc_link pointer is dereferenced without proper null checks. An unprivileged local attacker with user-level access can trigger a kernel panic and cause a denial of service by inducing a display resume operation. While the CVSS score is moderate (5.5) and EPSS exploitation probability is very low (0.01%), this vulnerability is straightforward to trigger given local access and affects all Linux kernel versions with the vulnerable AMD display driver code.

Linux Denial Of Service Null Pointer Dereference +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A null pointer dereference vulnerability exists in the Linux kernel's WiFi mac80211 MLME (MAC Layer Management Entity) implementation that crashes the kernel during WiFi association tracing when an AP connection without link 0 fails. The vulnerability affects all Linux kernel versions with the vulnerable code path in the mac80211 wireless driver subsystem, allowing a local authenticated attacker to trigger a denial of service condition. The EPSS score of 0.01% indicates this is rarely exploited in practice, though patches are publicly available from kernel.org.

Linux Denial Of Service Null Pointer Dereference +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A null pointer dereference vulnerability exists in the Linux kernel's block layer (blk-mq) memory allocation path that can be triggered by a local, low-privileged user to cause a denial of service. The vulnerability affects Linux kernel versions including 6.1-rc1 and potentially other versions where a failed memory allocation during block queue tag initialization leaves a dangling pointer that is later dereferenced during cleanup. While the EPSS score is low (0.02%, percentile 4%), the vulnerability is straightforward to trigger under memory pressure conditions, requires only local access with minimal privileges, and has vendor patches available.

Linux Null Pointer Dereference Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A null pointer dereference vulnerability exists in the Linux kernel's AMD GPU (amdgpu) driver in the amdgpu_bo_validate_size() function. When validating buffer object sizes for non-exclusive memory domains, the function fails to verify that the TTM (Translation Table Maps) domain manager exists before dereferencing it, leading to a kernel oops and denial of service. Local attackers with unprivileged user privileges can trigger this vulnerability to crash the system. While patches are available from the vendor, the EPSS score of 0.01% and very low exploitation probability suggest this is a low-priority issue in practice despite the denial-of-service impact.

Linux Denial Of Service Null Pointer Dereference +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A null pointer dereference vulnerability exists in the Linux kernel's MediaTek IOMMU driver where the platform_get_resource() function may return a NULL pointer without proper validation, leading to a crash when resource_size() attempts to dereference it. This affects all versions of the Linux kernel with the vulnerable MediaTek IOMMU code. A local attacker with low privileges can trigger a denial of service by causing a kernel panic, though the vulnerability is unlikely to be actively exploited in the wild given the low EPSS score of 0.01%.

Linux Null Pointer Dereference Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A denial of service vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Linux Denial Of Service Null Pointer Dereference +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A null pointer dereference vulnerability exists in the Linux kernel's Coda media driver due to missing validation of kmalloc return values. An unprivileged local attacker can trigger a denial of service condition by causing the kernel to dereference a null pointer, resulting in a system crash or hang. The vulnerability affects multiple Linux kernel versions across stable branches, though exploitation likelihood is low (EPSS 0.01%) and patches are readily available from vendors.

Linux Null Pointer Dereference Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: hwmon: (coretemp) Simplify platform device handling Coretemp's platform driver is unconventional.

Denial Of Service Null Pointer Dereference Linux +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Avoid fcport pointer dereference Klocwork reported warning of NULL pointer may be dereferenced.

Denial Of Service Null Pointer Dereference Linux +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Fix missing initialisation affecting gcm-aes-s390 Fix af_alg_alloc_areq() to initialise areq->first_rsgl.sgl.sgt.sgl to point to the scatterlist array in...

Denial Of Service Null Pointer Dereference Linux +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: mcs: Fix NULL pointer dereferences When system is rebooted after creating macsec interface below NULL pointer dereference crashes occurred.

Denial Of Service Null Pointer Dereference Linux +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds Fix a stack-out-of-bounds read in brcmfmac that occurs when 'buf' that is not null-terminated...

Buffer Overflow Denial Of Service Null Pointer Dereference +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: null_blk: Always check queue mode setting from configfs Make sure to check device queue mode in the null_validate_conf() and return error for NULL_Q_RQ as we don't allow legacy...

Denial Of Service Null Pointer Dereference Linux +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: fix null deref on element insertion There is no guarantee that rb_prev() will not return NULL in nft_rbtree_gc_elem(): general protection fault,...

Denial Of Service Null Pointer Dereference Linux +4
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Check for probe() id argument being NULL The probe() id argument may be NULL in 2 scenarios: 1. brcmf_pcie_pm_leave_D3() calling brcmf_pcie_probe() to reprobe ...

Denial Of Service Null Pointer Dereference Linux +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: fix NULL pointer dereference when removing device In suspend and resume cycle, the removal and rescan of device ends up in NULL pointer dereference.

Denial Of Service Null Pointer Dereference Linux +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_serial: Add null pointer check in gserial_resume Consider a case where gserial_disconnect has already cleared gser->ioport.

Denial Of Service Null Pointer Dereference Linux +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: btrfs: insert tree mod log move in push_node_left There is a fairly unlikely race condition in tree mod log rewind that can result in a kernel panic which has the following...

Denial Of Service Null Pointer Dereference Linux +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc As the devm_kcalloc may return NULL, the return value needs to be checked to avoid NULL poineter dereference.

Denial Of Service Null Pointer Dereference Linux +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drbd: only clone bio if we have a backing device Commit c347a787e34cb (drbd: set ->bi_bdev in drbd_req_new) moved a bio_set_dev call (which has since been removed) to "earlier",...

Denial Of Service Null Pointer Dereference Linux +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mtd: lpddr2_nvm: Fix possible null-ptr-deref It will cause null-ptr-deref when resource_size(add_range) invoked, if platform_get_resource() returns NULL.

Denial Of Service Null Pointer Dereference Linux +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: media: coda: Add check for dcoda_iram_alloc As the coda_iram_alloc may return NULL pointer, it should be better to check the return value in order to avoid NULL poineter dereference, same as the others.

Denial Of Service Null Pointer Dereference Linux +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter() If device_register() fails in cxl_register_afu|adapter(), the device is not added, device_unregister() can not be called in the error path, otherwise it will cause a null-ptr-deref because of removing not added device. As comment of device_register() says, it should use put_device() to give up the reference in the error path. So split device_unregister() into device_del() and put_device(), then goes to put dev when register fails.

Denial Of Service Null Pointer Dereference Linux +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Make sure "ib_port" is valid when access sysfs node The "ib_port" structure must be set before adding the sysfs kobject, and reset after removing it, otherwise it may crash when accessing the sysfs node: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000050 Mem abort info: ESR = 0x96000006 Exception class = DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 Data abort info: ISV = 0, ISS = 0x00000006 CM = 0, WnR = 0 user pgtable: 4k pages, 48-bit VAs, pgdp = 00000000e85f5ba5 [0000000000000050] pgd=0000000848fd9003, pud=000000085b387003, pmd=0000000000000000 Internal error: Oops: 96000006 [#2] PREEMPT SMP Modules linked in: ib_umad(O) mlx5_ib(O) nfnetlink_cttimeout(E) nfnetlink(E) act_gact(E) cls_flower(E) sch_ingress(E) openvswitch(E) nsh(E) nf_nat_ipv6(E) nf_nat_ipv4(E) nf_conncount(E) nf_nat(E) nf_conntrack(E) nf_defrag_ipv6(E) nf_defrag_ipv4(E) mst_pciconf(O) ipmi_devintf(E) ipmi_msghandler(E) ipmb_dev_int(OE) mlx5_core(O) mlxfw(O) mlxdevm(O) auxiliary(O) ib_uverbs(O) ib_core(O) mlx_compat(O) psample(E) sbsa_gwdt(E) uio_pdrv_genirq(E) uio(E) mlxbf_pmc(OE) mlxbf_gige(OE) mlxbf_tmfifo(OE) gpio_mlxbf2(OE) pwr_mlxbf(OE) mlx_trio(OE) i2c_mlxbf(OE) mlx_bootctl(OE) bluefield_edac(OE) knem(O) ip_tables(E) ipv6(E) crc_ccitt(E) [last unloaded: mst_pci] Process grep (pid: 3372, stack limit = 0x0000000022055c92) CPU: 5 PID: 3372 Comm: grep Tainted: G D OE 4.19.161-mlnx.47.gadcd9e3 #1 Hardware name: https://www.mellanox.com BlueField SoC/BlueField SoC, BIOS BlueField:3.9.2-15-ga2403ab Sep 8 2022 pstate: 40000005 (nZcv daif -PAN -UAO) pc : hw_stat_port_show+0x4c/0x80 [ib_core] lr : port_attr_show+0x40/0x58 [ib_core] sp : ffff000029f43b50 x29: ffff000029f43b50 x28: 0000000019375000 x27: ffff8007b821a540 x26: ffff000029f43e30 x25: 0000000000008000 x24: ffff000000eaa958 x23: 0000000000001000 x22: ffff8007a4ce3000 x21: ffff8007baff8000 x20: ffff8007b9066ac0 x19: ffff8007bae97578 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 x8 : ffff8007a4ce4000 x7 : 0000000000000000 x6 : 000000000000003f x5 : ffff000000e6a280 x4 : ffff8007a4ce3000 x3 : 0000000000000000 x2 : aaaaaaaaaaaaaaab x1 : ffff8007b9066a10 x0 : ffff8007baff8000 Call trace: hw_stat_port_show+0x4c/0x80 [ib_core] port_attr_show+0x40/0x58 [ib_core] sysfs_kf_seq_show+0x8c/0x150 kernfs_seq_show+0x44/0x50 seq_read+0x1b4/0x45c kernfs_fop_read+0x148/0x1d8 __vfs_read+0x58/0x180 vfs_read+0x94/0x154 ksys_read+0x68/0xd8 __arm64_sys_read+0x28/0x34 el0_svc_common+0x88/0x18c el0_svc_handler+0x78/0x94 el0_svc+0x8/0xe8 Code: f2955562 aa1603e4 aa1503e0 f9405683 (f9402861)

Denial Of Service Null Pointer Dereference Linux +3
NVD
Prev Page 8 of 46 Next

Quick Facts

Typical Severity
MEDIUM
Category
memory
Total CVEs
4134

Related CWEs

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy