NULL Pointer Dereference [CWE-476] — The Hacktivists

1. Description
………………………………

NULL pointer dereferences errors are common in C/C++ languages. The pointer is a programming language data type that references a location in memory. Once the value of the location is obtained by the pointer, this pointer is considered dereferenced.

// NULL Pointer Dereference [CWE-476] vulnerable code example
// (c) HTB Research
#include <stdio.h>
int *ptr = NULL;
int _tmain(int argc, _TINT* argv[])
{
*ptr = 17;
return 0;
}
    // NULL Pointer Dereference [CWE-476] vulnerable code example
// (c) HTB Research
#undef UNICODE
#include "StdAfx.h"
#include <winsock2.h>
#include <ws2tcpip.h>
#include <stdio.h>
#pragma comment (lib, "Ws2_32.lib")

int __cdecl main(int argc, char **argv)
{
WSADATA wsaData;
int iResult;
INT iRetval;

DWORD dwRetval;
int i = 1;
struct addrinfo *result = NULL;
struct addrinfo *ptr = NULL;
struct addrinfo hints;

if(argc<2){
printf("usage: %s <proto> <hostname> <servicename>\n", argv[0]);
return 1;
}

iResult = WSAStartup(MAKEWORD(2, 2), &wsaData);
if (iResult != 0) {
printf("WSAStartup failed: %d\n", iResult);
return 1;
}
ZeroMemory( &hints, sizeof(hints) );
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = IPPROTO_TCP;
dwRetval = getaddrinfo(argv[2], argv[3], &hints, &result);

if ( dwRetval != 0 ) {
printf("getaddrinfo failed with error: %d\n", dwRetval);
WSACleanup();
return 1;
}
printf("getaddrinfo returned success\n");
return 0;
}

2. Potential impact
………………………………

In most cases, NULL pointer dereferences errors result in the crash of the application however, code execution is possible under certain circumstances.

3. Attack software
………………………………

Software written in C/C++, Assembly or any other language that makes usage of pointers is potentially vulnerable to this type of weakness.

4. Severity and CVSS Scoring
……………………………………..

Since NULL pointer dereferences errors mostly result in application crash, they are usually scored with availability impact only.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store