CWE-476 — NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

Availability→DoS: Crash, Exit, or Restart
NULL pointer dereferences usually result in the failure of the process unless exception handling (on some platforms) is available and implemented. Even when exception handling is being used, it can still be very difficult to return the soft
Integrity,Confidentiality→Execute Unauthorized Code or Commands,Read Memory,Modify Memory
In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution.

Implementation
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Requirements
Select a programming language that is not susceptible to these issues.
Implementation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Architecture and Design
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Implementation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

CWE-476NULL Pointer Dereference