CWE-690 - Unchecked Return Value to NULL Pointer Dereference
- Abstraction:Compound
- Structure:Chain
- Status:Draft
- Release Date:2008-04-11
- Latest Modification Date:2023-06-29
Weakness Name
Unchecked Return Value to NULL Pointer Dereference
Description
The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference.
While unchecked return value weaknesses are not limited to returns of NULL pointers (see the examples in CWE-252), functions often return NULL to indicate an error status. When this error condition is not checked, a NULL pointer dereference can occur.
Common Consequences
Scope: Availability
Impact: DoS: Crash, Exit, or Restart
Scope: Integrity, Confidentiality, Availability
Impact: Execute Unauthorized Code or Commands, Read Memory, Modify Memory
Notes: In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution.
