CWE-690: Unchecked Return Value to NULL Pointer Dereference
low-riskThe product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference.
Abstraction: Compound
Common Consequences
Availability
→
DoS: Crash, Exit, or Restart
Integrity
→
Execute Unauthorized Code or Commands
Detection Methods
Black Box
This typically occurs in rarely-triggered error conditions, reducing the chances of detection during black box testing.
White Box
Code analysis can require knowledge of API behaviors for library functions that might return NULL, reducing the chances of detection when unknown libraries are used.
Automated Dynamic Analysis
Use tools that are integrated during compilation to insert runtime error-checking mechanisms related to memory safety errors, such as AddressSanitizer (ASan) for C/C++ [REF-1518].
Real-World Examples (10)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2020-13582 | 7.5 | 4.9% | — |
| CVE-2022-20682 | 8.6 | 1.0% | — |
| CVE-2020-6095 | 7.5 | 0.5% | — |
| CVE-2022-22231 | 7.5 | 0.4% | — |
| CVE-2020-1648 | 7.5 | 0.4% | — |
| CVE-2022-41957 | 7.5 | 0.3% | — |
| CVE-2022-39381 | 7.5 | 0.2% | — |
| CVE-2024-31196 | 5.3 | 0.2% | — |
| CVE-2024-31185 | 5.3 | 0.2% | — |
| CVE-2024-31182 | 5.3 | 0.2% | — |
0
/ 100
low-risk
Active Threat
0/50 · Minimal
Exploit Availability
0/50 · Minimal