CWE-476NULL Pointer Dereference

Description

Common consequences· 2

• Availability — DoS: Crash, Exit, or Restart
  NULL pointer dereferences usually result in the failure of the process unless exception handling (on some platforms) is available and implemented. Even when exception handling is being used, it can still be very difficult to return the software to a safe state of operation.
• Integrity / Confidentiality — Execute Unauthorized Code or Commands, Read Memory, Modify Memory
  In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution.

Potential mitigations· 5

• [Implementation]For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
• [Requirements]Select a programming language that is not susceptible to these issues.
• [Implementation]Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
• [Architecture and Design]Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
• [Implementation]Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

(incoming)15

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.