CWE-476

MITRE Rank: #12

Overtime trend (NVD)

CVSS severity (NVD, All Time)

Per technology (GHSA, All time)

88%-Pip
5%-Go
3%-Rust
2%-Others

Short description

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Extended description

NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.

Best practices to prevent this CWE

Phase: Implementation

If all pointers that could have been modified are sanity-checked previous to use, nearly all NULL pointer dereferences can be prevented.

Phase: Requirements

The choice could be made to use a language that is not susceptible to these issues.

Phase: Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Effectiveness: Moderate

Phase: Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Phase: Implementation

Explicitly initialize all your variables and other data stores, either during declaration or just before the first usage.

Phase: Testing

Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible.

Recently published CVEs

CVE-2024-6063
CVE-2024-6062
CVE-2024-37890
CVE-2024-0086
CVE-2024-30285

Recently published GHSA

GHSA-q445-7m23-qrmw
GHSA-3h5v-q93c-6h6q
GHSA-vjhf-6xfr-5p9g
GHSA-pvcr-v8j8-j5q3
GHSA-qppw-c37g-xwcc

Prioritize and Uncover Reachable Vulnerabilities in Your Application Code

Identify externally reachable data flows and vulnerabilities for effective risk mitigation

Get a Demo