CWE - CWE-690: Unchecked Return Value to NULL Pointer Dereference (Draft 9)

Home > CWE List > CWE-690 Individual Dictionary Definition (Draft 9)

CWE List
Full Dictionary View
Classification Tree
Reports

About
Sources
Process
Documents

Community
Related Activities
Discussion List
Research

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Declarations
Make a Declaration

Contact Us
Search the Site

Section Contents
CWE List
Full Dictionary View
Classification Tree
Reports
Other Items of Interest
Sources

Key
- Weakness
- Base
- Variant
- Class
- Chain
- Composite
- Category
- View
- Deprecated

CWE-690 Individual Dictionary Definition (Draft 9)

Compound Element ID

Status: Draft

690 (Compound Element Base: Chain)

Description

Summary

The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference.

Extended Description

While unchecked return value weaknesses are not limited to returns of NULL pointers (see the examples in CWE-252), functions often return NULL to indicate an error status. When this error condition is not checked, a NULL pointer dereference can occur.

Detection Factor

Black box: This typically occurs in rarely-triggered error conditions, reducing the chances of detection during black box testing. White box: Code analysis can require knowledge of API behaviors for library functions that might return NULL, reducing the chances of detection when unknown libraries are used.

Observed Examples

Reference	Description
CVE-2008-1052	Large Content-Length value leads to NULL pointer dereference when malloc fails.
CVE-2006-6227	Large message length field leads to NULL pointer dereference when malloc fails.
CVE-2006-2555	Parsing routine encounters NULL dereference when input is missing a colon separator.
CVE-2003-1054	URI parsing API sets argument to NULL when a parsing failure occurs, such as when the Referer header is missing a hostname, leading to NULL dereference.

Context Notes

A typical occurrence of this weakness occurs when an application includes user-controlled input to a malloc() call. The related code might be correct with respect to preventing buffer overflows, but if a large value is provided, the malloc() will fail due to insufficient memory. This problem also frequently occurs when a parsing routine expects that certain elements will always be present. If malformed input is provided, the parser might return NULL. For example, strtok() can return NULL.

Relationships

Nature	Type	ID	Name
ChildOf	Weakness Class	20	Insufficient Input Validation
CanFollow	Weakness Base	476	NULL Pointer Dereference

Applicable Platforms

C++

Page Last Updated: April 22, 2008


	CWE is sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is hosted by The MITRE Corporation. Copyright 2008, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us