CWE-690 - Unchecked Return Value to NULL Pointer Dereference
- 摘要:Compound
- 结构:Chain
- 状态:Draft
- 发布日期:2008-04-11
- 更新日期:2025-12-11
名称
Unchecked Return Value to NULL Pointer Dereference
描述
The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference.
While unchecked return value weaknesses are not limited to returns of NULL pointers (see the examples in CWE-252), functions often return NULL to indicate an error status. When this error condition is not checked, a NULL pointer dereference can occur.
常见后果
范围:Availability
影响:DoS: Crash, Exit, or Restart
范围:Integrity, Confidentiality, Availability
影响:Execute Unauthorized Code or Commands, Read Memory, Modify Memory
注释:In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution.