CWE-476β€”NULL Pointer Dereference

PUBLISHEDweakness recordMedium
released 2006-07-19 Β· last modified 2025-12-11
CWE-476 - NULL Pointer Dereference - Diagram

Metadata

CWE ID:
CWE-476
Abstraction:
Base
Structure:
Simple
Status:
Stable
Release Date:
2006-07-19
Latest Modification Date:
2025-12-11

Weakness Name

NULL Pointer Dereference

Description

The product dereferences a pointer that it expects to be valid but is NULL.

Common Consequences

Scope:
Availability
Impact:
DoS: Crash, Exit, or Restart
Notes:
NULL pointer dereferences usually result in the failure of the process unless exception handling (on some platforms) is available and implemented. Even when exception handling is being used, it can still be very difficult to return the software to a safe state of operation.
Scope:
Integrity, Confidentiality
Impact:
Execute Unauthorized Code or Commands, Read Memory, Modify Memory
Notes:
In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution.

Related Weaknesses