CWE-476
NULL Pointer Dereference
AI Translation Available
The product dereferences a pointer that it expects to be valid but is NULL.
Status
stable
Abstraction
base
Likelihood
medium
Affected Platforms
C
C#
C++
Go
Java
Technical Details
AI Translation
Common Consequences
availability
integrity
confidentiality
Impacts
dos: crash, exit, or restart
execute unauthorized code or commands
read memory
modify memory
Detection Methods
automated dynamic analysis
manual dynamic analysis
automated static analysis
Potential Mitigations
Phases:
implementation
requirements
architecture and design
Descriptions:
•
Select a programming language that is not susceptible to these issues.
•
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
•
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
•
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
•
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.