Compound weakness

Chain

Draft

CWE-690: Unchecked Return Value to NULL Pointer Dereference

The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Compound

Abstraction

MITRE classification

Overview

While unchecked return value weaknesses are not limited to returns of NULL pointers (see the examples in CWE-252), functions often return NULL to indicate an error status. When this error condition is not checked, a NULL pointer dereference can occur.

CWE-690: Unchecked Return Value to NULL Pointer Dereference

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to detect it

Black Box

White Box

Automated Dynamic Analysis

Code examples

Illustrative examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-690?

What CVEs are caused by CWE-690?

How is CWE-690 detected?

What are the consequences of CWE-690?

Is CWE-690 actively exploited?

References

Stay ahead of CWE-690

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to detect it

Black Box

White Box

Automated Dynamic Analysis

Code examples

Illustrative examples

Related weaknesses

Parent

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-690?

What CVEs are caused by CWE-690?

How is CWE-690 detected?

What are the consequences of CWE-690?

Is CWE-690 actively exploited?

References

Stay ahead of CWE-690