Null Pointer Dereference
What is Null Pointer Dereference?
Null Pointer DereferenceA bug in which a program reads or writes through a pointer whose value is null (or otherwise invalid), typically causing a crash and sometimes enabling exploitation.
Null pointer dereferences (CWE-476) occur when code dereferences a pointer that was never initialised, was set to NULL after free, or whose returning function failed silently. On most modern systems this causes a segmentation fault and the process dies, which becomes a denial-of-service issue. In some constrained environments — older kernels where address zero is mappable, embedded MMU-less systems, certain JIT compilers — null dereferences can be turned into memory-corruption primitives. Defences include strict null checking, language features (Optional/Maybe types, non-nullable references), static analysis, sanitizer-based testing, and operating-system controls such as mmap_min_addr that forbid mapping low addresses.
● Examples
- 01
A web server that crashes when an optional header is missing.
- 02
Historical Linux kernel null-deref bugs exploitable when mmap_min_addr was 0.
● Frequently asked questions
What is Null Pointer Dereference?
A bug in which a program reads or writes through a pointer whose value is null (or otherwise invalid), typically causing a crash and sometimes enabling exploitation. It belongs to the Vulnerabilities category of cybersecurity.
What does Null Pointer Dereference mean?
A bug in which a program reads or writes through a pointer whose value is null (or otherwise invalid), typically causing a crash and sometimes enabling exploitation.
How do you defend against Null Pointer Dereference?
Defences for Null Pointer Dereference typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Null Pointer Dereference?
Common alternative names include: Null deref.