CWE-690 - Unchecked Return Value to NULL Pointer Dereference
CWE-690
- Abstraction:
- Compound
- Structure:
- Chain
- Status:
- Draft
- Weakness Name
Unchecked Return Value to NULL Pointer Dereference
- Description
The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference.
While unchecked return value weaknesses are not limited to returns of NULL pointers (see the examples in CWE-252), functions often return NULL to indicate an error status. When this error condition is not checked, a NULL pointer dereference can occur.
- Common Consequences
Scope: Availability
Impact: DoS: Crash, Exit, or Restart
Scope: Integrity, Confidentiality, Availability
Impact: Execute Unauthorized Code or Commands, Read Memory, Modify Memory
Notes: In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution.
- Related Weaknesses
- Release Date:
- 2008-04-11
- Latest Modification Date:
- 2023-06-29
Free security scan for your website