Unchecked Return Value to NULL Pointer DereferenceID: 690 | Date: (C)2012-05-14 (M)2022-10-10 |
Type: compound element | Status: DRAFT |
Abstraction Type: Base |
Description
The product does not check for an error after calling a
function that can return with a NULL pointer if the function fails, which leads
to a resultant NULL pointer dereference.
Applicable PlatformsLanguage: CLanguage: C++
Common Consequences
Scope | Technical Impact | Notes |
---|
Availability | DoS: crash / exit /
restart | |
Detection Methods
Name | Description | Effectiveness | Notes |
---|
Black Box | This typically occurs in rarely-triggered error conditions, reducing
the chances of detection during black box testing. | | |
White Box | Code analysis can require knowledge of API behaviors for library
functions that might return NULL, reducing the chances of detection when
unknown libraries are used. | | |
Potential MitigationsNone
Relationships
Related CWE | Type | View | Chain |
---|
CWE-690 ChildOf CWE-876 | Category | CWE-868 | |
Demonstrative Examples (Details)
- The code below makes a call to the getUserName() function but
doesn't check the return value before dereferencing (which may cause a
NullPointerException).
- This example takes an IP address from a user, verifies that it is
well formed and then looks up the hostname and copies it into a
buffer. (Demonstrative Example Id DX-1)
Observed Examples
- CVE-2008-1052 : Large Content-Length value leads to NULL pointer dereference when malloc fails.
- CVE-2006-6227 : Large message length field leads to NULL pointer dereference when malloc fails.
- CVE-2006-2555 : Parsing routine encounters NULL dereference when input is missing a colon separator.
- CVE-2003-1054 : URI parsing API sets argument to NULL when a parsing failure occurs, such as when the Referer header is missing a hostname, leading to NULL dereference.
- CVE-2008-5183 : chain: unchecked return value can lead to NULL dereference
For more examples, refer to CVE relations in the bottom box.
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
Taxynomy | Id | Name | Fit |
---|
CERT Java Secure Coding | ERR08-J | Do not catch NullPointerException or any of its
ancestors | |
CERT C++ Secure Coding | MEM32-CPP | Detect and handle memory allocation errors | |
References:None