CWE-476βNULL Pointer Dereference
PUBLISHEDweakness recordMedium
released 2006-07-19 Β· last modified 2025-12-11
Metadata
- CWE ID:
- CWE-476
- Abstraction:
- Base
- Structure:
- Simple
- Status:
- Stable
- Release Date:
- 2006-07-19
- Latest Modification Date:
- 2025-12-11
Weakness Name
NULL Pointer Dereference
Description
The product dereferences a pointer that it expects to be valid but is NULL.
Common Consequences
- Scope:
- Availability
- Impact:
- DoS: Crash, Exit, or Restart
- Notes:
- NULL pointer dereferences usually result in the failure of the process unless exception handling (on some platforms) is available and implemented. Even when exception handling is being used, it can still be very difficult to return the software to a safe state of operation.
- Scope:
- Integrity, Confidentiality
- Impact:
- Execute Unauthorized Code or Commands, Read Memory, Modify Memory
- Notes:
- In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution.