When an application dereferences a pointer that it considers valid but is NULL, it usually crashes or exits.
Several faults, including race situations and simple programming blunders, can cause NULL pointer to dereference concerns. In C/C++ languages, NULL pointer dereferences mistakes are widespread. A pointer is a data type in programming languages that refers to a memory location. The pointer is considered dereferenced once it has gotten the value of the location. When an application dereferences a pointer that should be a valid address but returns NULL, this is known as the NULL pointer dereference vulnerability.
This type of vulnerability could affect software written in C/C++, Assembly, or any other language that uses pointers.
The programmer assumes that the system has a property named "cmd" specified at all times. When an attacker takes control of the application's environment and removes "cmd," the software throws a NULL pointer exception when trying to invoke the trim() method.
In most cases, NULL pointer dereferences errors cause the application to crash, but in some cases, code execution is possible. This flaw can result in a denial of service attack against the entire system or be exploited to take complete control over it, depending on the application's privileges.
When the null is equivalent to the 0x0 memory address and the secret code has access, it can write or read memory, leading to the code execution.
Unless exception handling (on some systems) is available and implemented, NULL pointer differences usually result in the process of failing. Even when exception handling is utilized, returning software to a safe operation can be pretty challenging.
Before utilizing a value, check the function's return value outputs to ensure it isn't NULL.
Nearly all NULL pointer dereferences can be avoided if all pointers that could be updated are sanity-checked before usage.
Validate input to variables and data stores that may accept input from a third party.
Use automated static analysis techniques to look for this type of flaw. Several recent methods employ data flow analysis to reduce the number of false positives. ( This isn't a perfect solution because it's impossible to achieve 100% accuracy and coverage)