CWE · MITRE source
CWE-690Unchecked Return Value to NULL Pointer Dereference
The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference.
While unchecked return value weaknesses are not limited to returns of NULL pointers (see the examples in CWE-252), functions often return NULL to indicate an error status. When this error condition is not checked, a NULL pointer dereference can occur.
Last updated: 04 July 2026 08:17 UTC
Cumulative inbound coverage
How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.
Collective: partial · 2 mapping(s) from 1 framework(s): ATT&CK 2 (partial)
NIST 800-53 r5 controls that address this weakness (0)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
| No NIST controls proposed yet. | |||
MITRE ATT&CK techniques this weakness enables
Our own two-way CWE↔ATT&CK cross-walk — a direct mapping with no public source (the CWE→CAPEC→ATT&CK chain leaves most top weaknesses, incl. XSS and SQLi, mapped to nothing). Drafted by Grok and spot-checked by Claude Opus 4.8.
Direction: ← other covers this;
→ this covers other (F/M/P = full / mostly /
partial).
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2020-6095 | 5.5 | 7.5 | 0.0287 | 2020-03-27 |
CVE-2020-1648 | 5.5 | 7.5 | 0.0128 | 2020-07-17 |
CVE-2020-13582 | 5.5 | 7.5 | 0.0261 | 2021-01-26 |
CVE-2022-20682 | 5.5 | 8.6 | 0.0129 | 2022-04-15 |
CVE-2022-22231 | 5.5 | 7.5 | 0.0062 | 2022-10-18 |
CVE-2022-39381 | 5.5 | 7.5 | 0.0065 | 2022-11-02 |
CVE-2022-41957 | 5.5 | 7.5 | 0.0093 | 2022-11-28 |
CVE-2024-23085 UPD | 5.5 | 7.5 | 0.0062 | 2024-04-08 |
CVE-2026-24404 | 5.5 | 7.1 | 0.0040 | 2026-01-24 |
CVE-2026-24409 | 5.5 | 7.1 | 0.0031 | 2026-01-24 |
CVE-2026-24410 | 5.5 | 7.1 | 0.0031 | 2026-01-24 |
CVE-2026-24411 | 5.5 | 7.1 | 0.0031 | 2026-01-24 |
CVE-2022-22233 | 3.5 | 5.5 | 0.0017 | 2022-10-18 |
CVE-2020-36646 | 3.5 | 3.5 | 0.0118 | 2023-01-07 |
CVE-2024-23915 | 3.5 | 5.3 | 0.0055 | 2024-09-18 |
CVE-2024-23916 | 3.5 | 5.3 | 0.0055 | 2024-09-18 |
CVE-2024-31164 | 3.5 | 5.3 | 0.0055 | 2024-09-18 |
CVE-2024-31165 | 3.5 | 5.3 | 0.0055 | 2024-09-18 |
CVE-2024-31167 | 3.5 | 5.3 | 0.0055 | 2024-09-18 |
CVE-2024-31175 | 3.5 | 5.3 | 0.0055 | 2024-09-18 |
CVE-2024-31182 | 3.5 | 5.3 | 0.0044 | 2024-09-18 |
CVE-2024-31185 | 3.5 | 5.3 | 0.0044 | 2024-09-18 |
CVE-2024-31196 | 3.5 | 5.3 | 0.0042 | 2024-09-18 |
CVE-2025-33192 | 3.5 | 5.7 | 0.0012 | 2025-11-25 |
CVE-2026-21496 | 3.5 | 5.5 | 0.0015 | 2026-01-07 |