CWE-476 - NULL Pointer Dereference

  • 摘要:Base
  • 结构:Simple
  • 状态:Stable
  • 发布日期:2006-07-19
  • 更新日期:2025-12-11

名称

NULL Pointer Dereference

描述

The product dereferences a pointer that it expects to be valid but is NULL.

常见后果

范围:Availability

影响:DoS: Crash, Exit, or Restart

注释:NULL pointer dereferences usually result in the failure of the process unless exception handling (on some platforms) is available and implemented. Even when exception handling is being used, it can still be very difficult to return the software to a safe state of operation.

范围:Integrity, Confidentiality

影响:Execute Unauthorized Code or Commands, Read Memory, Modify Memory

注释:In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution.

相关 CWE

CWE-710Improper Adherence to Coding Standards

CWE-754Improper Check for Unusual or Exceptional ConditionsMedium