logo

CWE-476 - NULL Pointer Dereference

CWE-476 Medium

  • Abstraction:
  • Base
  • Structure:
  • Simple
  • Status:
  • Stable
Weakness Name

NULL Pointer Dereference

Description

The product dereferences a pointer that it expects to be valid but is NULL.

Common Consequences

Scope: Availability

Impact: DoS: Crash, Exit, or Restart

Notes: NULL pointer dereferences usually result in the failure of the process unless exception handling (on some platforms) is available and implemented. Even when exception handling is being used, it can still be very difficult to return the software to a safe state of operation.

Scope: Integrity, Confidentiality

Impact: Execute Unauthorized Code or Commands, Read Memory, Modify Memory

Notes: In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution.

Related Weaknesses
  • Release Date:
  • 2006-07-19
  • Latest Modification Date:
  • 2024-07-16

Free security scan for your website