CVEbaza.plSłownik CWECWE-395
Common Weakness Enumeration

CWE-395

Use of NullPointerException Catch to Detect NULL Pointer Dereference

Kategoria: BaseCVE: 19
Opis

Łapanie wyjątku NullPointerException nie powinno być używane jako alternatywa dla programistycznych kontroli zapobiegających dereferencji wskaźnika null. Zamiast tego należy stosować jawne sprawdzenia przed dostępem do potencjalnie nullowych referencji.

Description (EN)

Catching NullPointerException should not be used as an alternative to programmatic checks to prevent dereferencing a null pointer.

Podatności CVE z CWE-395 (19)
9.8
CVSS
CRITICAL
CVE-2025-27466

Podatność CVE-2025-27466 dotyczy hiperwizora Xen i polega na wyłuskaniu wskaźnika NULL podczas aktualizacji obszaru referencyjnego TSC (Time Stamp Counter) w kodzie obsługi gości viridian. Błąd może zostać wywołany przez niepoprawnie działającą lub złośliwą maszynę wirtualną, co prowadzi do destabilizacji całego hosta.

pub. 2025-09-11
9.8
CVSS
CRITICAL
CVE-2025-58142

Podatność CVE-2025-58142 w hiperwizorze Xen polega na wyłuskaniu wskaźnika NULL w kodzie viridian podczas dostarczania wiadomości syntetycznego timera, gdy strona SIM nie jest zmapowana. Błąd o ocenie CVSS 9.8 może zostać wykorzystany przez gościa do destabilizacji systemu hosta.

pub. 2025-09-11
8.7
CVSS
HIGH
CVE-2025-15514

Ollama 0.11.5-rc0 through current version 0.13.5 contain a null pointer dereference vulnerability in the multi-modal model image processing functionality. When processing base64-encoded image data via the /api/chat endpoint, the application fails to validate that the decoded data represents valid media before passing it to the mtmd_helper_bitmap_init_from_buf function. This function can return NULL for malformed input, but the code does not check this return value before dereferencing the pointer in subsequent operations. A remote attacker can exploit this by sending specially crafted base64 image data that decodes to invalid media, causing a segmentation fault and crashing the runner process. This results in a denial of service condition where the model becomes unavailable to all users until the service is restarted.

pub. 2026-01-12
7.5
CVSS
HIGH
CVE-2022-2832

A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity.

pub. 2022-08-16
6.9
CVSS
MEDIUM
CVE-2023-23904

NULL pointer dereference in the UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

pub. 2024-09-16
6.5
CVSS
MEDIUM
CVE-2024-27658

D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

pub. 2024-02-29
6.5
CVSS
MEDIUM
CVE-2024-27659

D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_42AF30(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

pub. 2024-02-29
6.5
CVSS
MEDIUM
CVE-2024-27661

D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

pub. 2024-02-29
6.5
CVSS
MEDIUM
CVE-2024-27662

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_4110f4(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

pub. 2024-02-29
6.3
CVSS
MEDIUM
CVE-2022-29508

Null pointer dereference in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access.

pub. 2023-05-10
6.1
CVSS
MEDIUM
CVE-2022-42879

NULL pointer dereference in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable denial of service via local access.

pub. 2023-11-14
5.8
CVSS
MEDIUM
CVE-2024-36275

NULL pointer dereference in some Intel(R) Optane(TM) PMem Management software versions before CR_MGMT_02.00.00.4040, CR_MGMT_03.00.00.0499 may allow a authenticated user to potentially enable denial of service via local access.

pub. 2024-11-13
5.6
CVSS
MEDIUM
CVE-2023-25071

NULL pointer dereference in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows Drviers before version 31.0.101.4255 may allow authenticated user to potentially enable denial of service via local access.

pub. 2023-11-14
4.4
CVSS
MEDIUM
CVE-2023-41082

Null pointer dereference for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable denial of service via local access.

pub. 2024-05-16
3.3
CVSS
LOW
CVE-2023-48727

NULL pointer dereference in some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable information disclosure via local access.

pub. 2024-05-16
2.8
CVSS
LOW
CVE-2022-42878

Null pointer dereference for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable information disclosure via local access.

pub. 2023-05-10
1.0
CVSS
LOW
CVE-2024-28030

NULL pointer dereference in some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable denial of service via local access.

pub. 2024-11-13
Informacje
ID: CWE-395
Typ: Base
Podatności: 19
MITRE CWE ↗
← Słownik CWE
CWE-395 — Użycie wyjątku NullPointerException do wykrywania dereferencji wskaźnika NULL | Słownik CWE | CVEbaza.pl